Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

FBI Concerned About Implications of Counterfeit Cisco Gear

timothy posted more than 6 years ago | from the now-watch-these-chickens-well dept.

Security 273

SpicyBrownMustard writes "An FBI PowerPoint presentation provides details about a criminal investigation into counterfeit CISCO hardware originating from China, and sold by Gold/Silver partners to numerous US government, military, and intelligence agencies. The concern of the article's author and the FBI is that the counterfeit equipment may be state-sponsored to aid in accessing otherwise secure systems (slides 46+47). Says the article author: 'The threat is real. Compromised hardware of potentially hostile foreign origin sits within secure networks of the US government, military, and intelligence services. And as you now see, the FBI has been concerned about it.'" We've mentioned the seizure of some of this equipment before, but this presentation adds quite a bit of detail, and highlights the FBI's concern of Chinese government involvement.

Sorry! There are no comments related to the filter you selected.

Ha Ha! (-1, Troll)

Trigun (685027) | more than 6 years ago | (#23157772)

Now you know how it feels, fuckers!

No More Secrets.

They should have known it all along. (5, Insightful)

gnutoo (1154137) | more than 6 years ago | (#23157846)

They should be afraid of the genuine article too. Only free software can be audited, modified and trusted.

Re:They should have known it all along. (5, Informative)

evanbd (210358) | more than 6 years ago | (#23158432)

If you're a government customer with national security concerns, you can audit the source to commercial products as well. It's frequently a requirement, and the government is too large a customer. Of course, the code stays closed to the general public.

Re:They should have known it all along. (5, Insightful)

sjames (1099) | more than 6 years ago | (#23158604)

The thing is, if they are auditing the hardware and software, they can as easily validate the fake Ciscos as the real ones. They're made in the same factory by the same people.

If they cannot validate the fake ones, then they should be just as afraid of the real ones.

That's not good enough. (2, Insightful)

gnutoo (1154137) | more than 6 years ago | (#23158632)

Even the Federal Government is not as big as the free software community. If they are not free to modify the source for any purpose and share those modifications with everyone else in a free way, they lose the benefits of freedom and become an unpaid bug fixer for Cisco. Malice can slip through in obfuscated form, they can't make it do what they want and they will have a hard time being sure what they audit is what they run.

Not true. The new FIPS regulations change that. (2, Informative)

CFD339 (795926) | more than 6 years ago | (#23158888)

Under FIPS, not only must the vendor use specific encryption standards -- those standards must be implemented using specific approved code libraries which have gone through an audited security certification process.

In at least one major application that I'm aware of, if you set the system to be "FIPS" compliant, users who have the newest client can't send encrypted data to users who have older versions because even though they can read it just fine because they do support the standard of encryption -- the libraries used on the older client versions wasn't FIPS compliant. Its a nightmare in terms of implementation and transition from version to version.

Re:Ha Ha! (-1, Flamebait)

DaveV1.0 (203135) | more than 6 years ago | (#23158208)

You want no more secrets?

Why don't you start by putting up your name, address, social security number, bank account information, credit card numbers, etc.

Re:Ha Ha! (4, Insightful)

iminplaya (723125) | more than 6 years ago | (#23158306)

Nice red herring there. We need to put those who want authority over us under a different, much more strict set of rules. It's our only way of protecting ourselves from the all too frequent abuses.

And yet, this is obviously headed towards war (0, Flamebait)

Anonymous Coward | more than 6 years ago | (#23158458)

For starters, more information will be forthcoming. Some of the CPUs from China have different designs then what they should (hello intel). In addition, extra circuitry has been found in bioses flash ram. The scary part is that China is not gearing up to improve their economy or even for defense [marshall.org] . They are using this to plan an attack. [k2climb.net] For you naysayers, think of the articles that have shown up here about the laser trying to blind one of our sats; Another that blew out our sats. What use is that? It is only of use if you wish to deny the opposition the ability to attack BACK. It does not help you if the attack is underway. IOW, if we launch first, by the time that China could react, our missiles would already know what, where, when, etc. The current Chinese leaders are STILL the same that they were 50 years ago; they believe that power is done via a gun. Mao once said that he would acquire the nuke even if it killed 1/2 of china. But what is china doing now with all the pollution? Killing them in the interest of moving fast enough to build up a military capable of taking on USA. In addition, they are trying hard to appease EU in hopes that they will stay out of this. Hopefully, EU learned their lessons about appeasing such leaders. It will never work.

Someone had to say it (0)

Anonymous Coward | more than 6 years ago | (#23157780)

hacked by chinese ^_^

Re:Someone had to say it (1)

Missing_dc (1074809) | more than 6 years ago | (#23158584)

I know this sounds un-PC and insensitive, but would not -_- be a little more accurate?

Well that's a change (1)

aleph42 (1082389) | more than 6 years ago | (#23157796)

Well that's a change. For once a counterfeited items seems a little bit dangerous.

That's a much better job as scaring us to support the anticounterfeit capains than the previous stuff.

I mean, I've seen those ads saying "counterfeited items can kill" with a teddy bear ready to burn a child alive because he's not fireproof, and I must say it felt a little bit too much.

The fact that the financial loss they claim is mostly due to fake Rolexes, Channel stuff and the like doesn't help. I mean, how many people who buy a fake Rolex could afford a real one?

Still, I don't see how those Cisco conterfeits could be that bad; I mean, if it's critical equipement, of course you'll have to know where it comes from (and I don't see how real Cisco servers made in China would be a lot less of a risk).

Lost sales aren't the issue for brands. (5, Insightful)

Kadin2048 (468275) | more than 6 years ago | (#23157970)

> The fact that the financial loss they claim is mostly due to fake Rolexes, Channel stuff and the like doesn't help. I mean, how many people who buy a fake Rolex could afford a real one?

That's not the point. The reason the brand owners get their panties in so much of a bunch over the counterfeits isn't because the plebes buying the fakes could actually afford to buy a real one, if they weren't wearing a fake ... it's exactly the opposite. When the flunky working the counter at Blockbuster is wearing a good-as-real Rolex, suddenly the brand isn't worth quite as much, and if you're some hotshot looking to make a statement about exactly how much disposable income you have, maybe you'll go buy something else -- something more difficult to fake, something with more intrinsic value -- instead. That's the real worry for high-end brands. It's not the lost sales, it's the damage to the brand that inevitably occurs when average folks get their grubby little McDonalds-covered paws on them.

Which really just makes those "counterfeits kill" ads all the more ironic; the people those ads are being marketed to are essentially the high-end marketer's enemy. They're the ones who must be denied access to the high-end brands; who must be made to covet without actually being able to possess.

Re:Lost sales aren't the issue for brands. (2, Interesting)

Anonymous Coward | more than 6 years ago | (#23158074)

There was an interesting article in Science News a couple of weeks ago about fake drugs from China - apparently up to 40% of the malaria and other drugs sold in Asia are fakes. The article talked about how they traced some to a factory in China that they shut down. But "fakes kill" could be a real message here if these drugs either do nothing or are just contaminated.

Re:Well that's a change (1)

QMO (836285) | more than 6 years ago | (#23157992)

how many people who buy a fake Rolex could afford a real one?
[tongue-in-cheek]Just the ones that actually work for their money.[/tongue-in-cheek]

Re:Well that's a change (5, Insightful)

jorghis (1000092) | more than 6 years ago | (#23158716)

The counterfeit thing is nonsense. The chinese could just as easily modify a non-counterfeit router as a counterfeit one.

The counterfeit hardware isnt really counterfeit, instances like this are usually just the guy who runs the factory keeping it open an hour later than he is telling Cisco and producing a bunch of extra routers that he can sell on the cheap. The counterfeit item itself is typically exactly the same when we are talking about electronics. Its not like they are using completely different designs and slapping the Cisco brand name on it. (I am sure there are exceptions to this that someone will point out but I am speaking in general terms here, this rule applies for most counterfeit electronics)

Sure, we should be concerned because American companies are having their IP that they put a big investment into stolen, but its no less secure to buy a counterfeit router than a non-counterfeit.

Re:Well that's a change (4, Interesting)

rbanzai (596355) | more than 6 years ago | (#23158786)

I think you have not heard of counterfeit brake-pads. Counterfeits are a significant danger when they move beyond the more visible realm of watches and bags. I would not be surprised if at least 50% of all manufactured items are subject to counterfeiting and it goes all the way down to mundane but important things like o-rings, cotter pins, bolts, cables, etc.

The problem remains the same whether it is a simple or sophisticated item: something has been compromised. But what exactly? Finish, fit, function? Do you want to gamble your life on it? Your property? Your data?

I don't care about watches and bag. The rest has me concerned.

Twofo Goatse'd (-1, Troll)

Anonymous Coward | more than 6 years ago | (#23157806)

Re:Twofo Goatse'd (-1, Troll)

Anonymous Coward | more than 6 years ago | (#23158648)

not having clicked the link, I am slightly curious...

what is the point of "goatse-ing" your penis?

are you into inserting things there, or are you just wishing you had a pussy?

The FBI Followed Up With (4, Funny)

neoform (551705) | more than 6 years ago | (#23157808)

It's not fair, if people are using the Chineese pre-wiretapped routers, we can't get people to use OUR specially pre-wiretapped routers!

Re:The FBI Followed Up With (1)

aeskdar (1136689) | more than 6 years ago | (#23158276)

You should be looking at these as features you are getting for free! Its about time the government got something more for its money.

Re:The FBI Followed Up With (5, Insightful)

TheRaven64 (641858) | more than 6 years ago | (#23158526)

Don't Cisco make the routers used in the Great Firewall of China? There's probably just a flag somewhere in IOS saying which government to send the logs to...

Re:The FBI Followed Up With (2, Informative)

zappepcs (820751) | more than 6 years ago | (#23158864)

Your joke is exactly why I'm starting to play with Vyatta http://www.vyatta.com/ [vyatta.com] and http://en.wikipedia.org/wiki/Vyatta [wikipedia.org] to get away from the alphabet soup of groups that want to know what happens inside my home without my knowledge. Performance is pretty good for small office/home networks and leaves you quite a few options if playing with computers is your hobby.

Nightmare (4, Insightful)

chrome (3506) | more than 6 years ago | (#23157820)

This is a complete and utter nightmare, for so many reasons. You start to mistrust the routers in your network, then you should also distrust most of the tools in your arsenal. Can you trust that laptop? What about the chipset in that laptop? Can you trust the copy of GCC you have?

This is going to keep a lot of people awake at night.

Re:Nightmare (3, Insightful)

Arccot (1115809) | more than 6 years ago | (#23157922)

This is a complete and utter nightmare, for so many reasons. You start to mistrust the routers in your network, then you should also distrust most of the tools in your arsenal. Can you trust that laptop? What about the chipset in that laptop? Can you trust the copy of GCC you have? This is going to keep a lot of people awake at night.
Indeed. Even if you tried to flash the firmware on your routers to clean them, who is to say the "bad" firmware isn't designed to look like it was flashed, but really do nothing to get rid of any backdoors?

If you can't trust the hardware, you can't trust anything. Scary stuff.

Re:Nightmare (1)

jandrese (485) | more than 6 years ago | (#23158588)

I think the concerns run deeper. What if the modifications are in the ASICs instead of in the flash?

Luckily, while there is a theoretical possibility of an attack using that vector, it seems unlikely to me once I consider the difficulty of adding a full speed packet sniffer on a Cisco that doesn't impact performance noticeably and has some way to get data out of a network you don't know. It's not like the government says "I'm buying this router to install in classified network X", rather they buy from a big lot in a warehouse and install them where needed.

A bigger concern might be a hacked PIX that (for instance) allows an IP address through if it sends a series of carefully crafted packets. The bad guys could then spam the internet with these packets looking for suddenly vulnerable networks. They wouldn't even have to be government related, there are plenty of private sector networks that would be a treasure trove for some malicious party.

Of course if someone was going to this amount of trouble, they could probably get the same vulnerabilities in official Cisco gear (especially stuff that is manufactured in China or Southeast Asia, which is almost all of it I think). The only major stumbling block is that if it ever is discovered, then there will be hell to pay.

Re:Nightmare (1)

Megane (129182) | more than 6 years ago | (#23158828)

allows an IP address through

Or maybe a back-doored packet forwarding ASIC which ignores all ACLs to filter a particular netblock, like say 203/8 or 202/7, of which large chunks are in China? (or something more specific if you prefer)

As for the parent post, you should be able to tell that your firmware got flashed by loading a different feature set. The trouble is, what if it's the hardware that is subtly subverted, regardless of the firmware, as in my example?

Re:Nightmare (1)

sjames (1099) | more than 6 years ago | (#23158690)

Who says the real Cisco made in the same factory by the same people isn't just as thoroughly hacked?

Perhaps it's time to INSIST that those jobs come back to the U.S.

Re:Nightmare (2, Insightful)

samkass (174571) | more than 6 years ago | (#23158770)

It doesn't even have to be a sniffer or anything. They could simply have put something in the power supplies such that some sort of signal (maybe from a satellite?) would trigger all the routers to turn off, or something in any of the ASIC that would fry them on command. Just as our carriers are rushing to Taiwan's defense, *poof* all C2, logistics, and situational awareness capabilities revert to the early 20th century.

Re:Nightmare (2, Funny)

neoform (551705) | more than 6 years ago | (#23157960)

The solution: Buy a router from every major router maker, then use them all chain-linked together. That way you get super-ultra firewall protection.. and unless the Chinese AND the NSA are working together, you can't be hacked! FLAWLESS VICTORY!

Re:Nightmare (3, Insightful)

sm62704 (957197) | more than 6 years ago | (#23157978)

You can only trust software that you have examined the code and compiled yourself, and people you trust who have examined and compiled the code themselves.

I trust neither Cisco nor the FBI.

Re:Nightmare (4, Insightful)

sconeu (64226) | more than 6 years ago | (#23158170)

But can you trust the compiler [cmu.edu] ?

Re:Nightmare (4, Funny)

neoform (551705) | more than 6 years ago | (#23158222)

I trust neither Cisco nor the FBI.


On an unrelated note, ever since the NSA started giving me free Cisco routers, I can't help but think they're just honest guys trying to help out regular Joes like me.

Re:Nightmare (1)

kcelery (410487) | more than 6 years ago | (#23158654)

How could you leave out the M$ ?

Re:Nightmare (1)

sm62704 (957197) | more than 6 years ago | (#23158932)

Talk of trusting MS is like talk of trusting Sony-BMG, or trusting Hannibal Lecter [wikipedia.org] not to eat you.

For those who don't trust Wikipedia, Here [uncyclopedia.org] is another cannibal.

"How can a guy with that much money not afford contacts?" ~ Linus Torvalds on Bill Gates' coke bottle glasses

Re:Nightmare (1)

adonoman (624929) | more than 6 years ago | (#23158930)

Except as noted below, you can't necessarily trust the compiler. So you're stuck with either trusting that, or hand-coding a compiler bootstrapper in machine code, and going from there.

Of course then you're trusting that Intel or AMD don't have some hidden back doors in their microcode, so really you should be soldering transistors onto a circuit board (assuming that you checked that they are real transistors and not a microchip planted in a transistor case that usually acts like a transistor...

It's all about whom you're willing to trust.

Re:Nightmare (3, Insightful)

jdunn14 (455930) | more than 6 years ago | (#23158004)

It's really nothing new, and there is no real solution other than you have to trust someone at some point. For an entertaining paper about this exact problem in the software world, check out "Reflections on Trusting Trust" by Ken Thompson [cmu.edu]

Re:Nightmare (1)

chrome (3506) | more than 6 years ago | (#23158334)

yeah, i've read a lot of Ken's work. I'm as old enough that I'm getting grey hairs. Naturally, not through stress. Though I do wonder about that C compiler I user at work a lot ...

Re:Nightmare (2, Funny)

TheLink (130905) | more than 6 years ago | (#23158762)

The grey hairs are because even your very DNA is being subverted and counterfeited.

That's what you get with cheap clones.

Just wait till Monsanto and friends catch up with you. Unauthorized reproduction and all that.

Re:Nightmare (0)

Anonymous Coward | more than 6 years ago | (#23158008)

"Can you trust the copy of GCC you have?"
Yes, you can, if you can read - and understand - the source code.

Re:Nightmare (1)

evanbd (210358) | more than 6 years ago | (#23158232)

Oh really [bell-labs.com] ?

Re:Nightmare (0)

Anonymous Coward | more than 6 years ago | (#23158254)

If you compiled it by hand you can yes, but that's going to take a fair amount of time... And of course if you then examined all the library code and compiled it with a gcc compiler built with your hand compiled version of gcc. Of course if you can't trust the hardware that's irrelevant anyway since you can't run it anywhere and trust the output.

If you used a compiler, then you've hit Ken Thompson's point that's already been posted.

Re:Nightmare (1)

chrome (3506) | more than 6 years ago | (#23158350)

Thats a lot of lines of code.

I think I'm just going to trust those other guys over there that I've never met, but everyone else seems to trust...

Re:Nightmare (5, Insightful)

demachina (71715) | more than 6 years ago | (#23158068)

I think you are just getting a dose of turn about is fair play. The CIA and NSA have tampered with electronics being sold to America's adversaries for years. Countries like China and Brazil have zero confidence in Windows because of the possibility of back doors allowing the NSA and CIA access, which is why Linux is so popular in these countries, especially for government use.

I'm not exactly sure why counterfeit Cisco routers are considered more of a security threat than real Cisco routers since Cisco, like a lot of American companies, are outsourcing so much of their hardware manufacture and software development to China. The Chinese government can just as easily put an agent in to any of these companies and slip back doors in to the real products.

All in all this is just the price you pay for exploiting cheap labor in a country that has been a bitter adversary for the last 60 years.

Re:Nightmare (5, Interesting)

Kadin2048 (468275) | more than 6 years ago | (#23158186)

> This is going to keep a lot of people awake at night.

As well it should, because they never should have allowed the production of critical national-security infrastructure components to be outsourced in the first place. Now that they've dug themselves into an impossibly deep hole, they're going to start complaining that the view sucks.

I think the first thing that needs to happen, is that some agency (the NSA seems the most suited) needs to create and bootstrap 'reference platforms' for various architectures. Create a secure compiler chain from the ground up, auditing code the whole way. There's no other way to be sure that you're not just compiling in backdoors, otherwise.

Then with that accomplished -- and it would need to be done for every architecture that needs to be secured -- they'd at least have a secure toolset and compiler chain to vet COTS code with. (It goes without saying that any product that doesn't come with source code, and which can't be compiled on a secure compiler and then have that object code loaded in and run, should be immediately removed from the secure infrastructure. It's beyond broken.)

It would be a major effort, and probably a large shift in scope for the agency put in charge of it, but I think the problem is too important to do anything less. The economic, political, and military security of nations is going to rest firmly on electronic infrastructure, and we need to make the trustworthiness of that infrastructure a national priority.

Re:Nightmare (3, Insightful)

chrome (3506) | more than 6 years ago | (#23158262)

Yeah, I agree 100% here. It will never happen of course, because real, serious threats like this get brushed under the rug while other, spurious ones get an inordinate amount of attention, almost as if to say, he look! we're doing something.

Re:Nightmare (2, Interesting)

evanbd (210358) | more than 6 years ago | (#23158814)

How much more tax money are you willing to spend? 10x? 100x? What about for the stuff that's important, but not national security important? Are you willing to live with the fact that the results will cost 100x as much and be 1/10th the speed? The government has been there and done that, at least for some sorts of components, and decided it couldn't afford to. Now, they might be wrong, but they might not be. It might be cheaper and easier to attempt to make the commercial gear secure, realize that won't completely work, and deal with the occasional problem -- even at a national security level. After all, there are national security implications to being unable to afford as much equipment as you can make use of... and it's entirely possible it's better to have the occasional huge security problem than to have nothing worth securing.

The right solution is defense in depth, multiple vendors, and a whole host of other, more mundane techniques. As long as one security hole, even widespread, can cause only limited damage, it's possible to contemplate dealing with it when it appears.

Re:Nightmare (2, Interesting)

wprowe (754923) | more than 6 years ago | (#23158880)

Are we sure this isn't already being done in some way? Perhaps not in the exact manner you describe. Why assume they are not already working with these hardware and software manufacturers?

Re:Nightmare (1)

LWATCDR (28044) | more than 6 years ago | (#23158514)

Maybe somethings shouldn't be COTS?
Maybe Cisco should open a factory in the US and sell a line of super secure routers. You can only buy them from Cisco and they are shipped right from Cisco to the buyer.
Or maybe some other company should do that.

I am just waiting for some group to slip some bot code into all those linksys/netgear home routers. Now that would be a bot net that would be hard to even detect. Who runs malware detection on their router?

Re:Nightmare (1)

bluelip (123578) | more than 6 years ago | (#23158518)

Isn't Shenzen the province that the Governor Corzine from NJ signed a trade agreement with? They have to be trustworthy for him to deal with them, no?

and they laughed when I bought a linksys router (1)

genner (694963) | more than 6 years ago | (#23157842)

Laughed they did.

Concern? (1)

OpenSourced (323149) | more than 6 years ago | (#23157860)

How is it, concern? Is there any evidence of shadow access to the cloned hardware or not? At the very least it should be rather easy to know if the cloned firmware is an exact copy of the Cisco firmware or not. I can understand the concern of cloned equipment in general, but to speak about a particular case and be so vague means for me that there is in fact no evidence of any type of backdoor.

Re:Concern? (3, Informative)

Trigun (685027) | more than 6 years ago | (#23158064)

IIRC, the gear was not counterfeit, but merely not licensed by Cisco. The same factories made X units, Cisco bought X units, everything else made it to the black market, and was considered counterfeit, due to the fake Cisco packaging, etc.

Re:Concern? (1)

Trigun (685027) | more than 6 years ago | (#23158586)

Dammit That should read The same factories made X units, Cisco bought less than X units

Not really (0)

Anonymous Coward | more than 6 years ago | (#23158620)

THe real issue is that Cisco ships AND CONTROLS chips, etc. If these companies are producing more systems, then they are doing it with their own uncontrolled chips. The real problem is that CPUs have been found to be modified.

Re:Concern? (1)

sjames (1099) | more than 6 years ago | (#23158840)

How is it, concern? Is there any evidence of shadow access to the cloned hardware or not? At the very least it should be rather easy to know if the cloned firmware is an exact copy of the Cisco firmware or not. I can understand the concern of cloned equipment in general, but to speak about a particular case and be so vague means for me that there is in fact no evidence of any type of backdoor.

OK, I give up, how? How do they know the flash chip package doesn't have 2 banks. One that is normally presented as being the whole thing and a shadow copy that is presented when it recieves a particular access sequence?

The only tests they have can tell them it WAS a clean router before the destructive tests.

Solution (1, Funny)

Anonymous Coward | more than 6 years ago | (#23157870)

Only use network gear that was built in the US. *snicker*

the real concern (1)

tankadin (1175113) | more than 6 years ago | (#23157876)

Probably the real concern is that they can't install their own backdoors into these routers.

Anonymous Coward. (0)

Anonymous Coward | more than 6 years ago | (#23157878)

Can we say, like DUHHHHHH!!!!!
It took them this long to figure that out?
How many of you saw that the second the first link was posted last month?

Really (2, Insightful)

TheRealMindChild (743925) | more than 6 years ago | (#23157882)

Really, if it is *that much* of a concern, quit buying from a third party vendor. License a spec, rent a manufacturing facility, put some people to work, and create your own Cisco Certified Uber Network Gear eXtreme, Uncle Sam Edition

Re:Really (1)

macklin01 (760841) | more than 6 years ago | (#23158166)

Really, if it is *that much* of a concern, quit buying from a third party vendor. License a spec, rent a manufacturing facility, put some people to work, and create your own Cisco Certified Uber Network Gear eXtreme, Uncle Sam Edition

By the article, Cisco has no direct sales--only gold/silver partners who they claim to train train themselves. However, some of the counterfeit equipment was purchases through gold/silver partners. -- Paul

Re:Really (1)

tuxgeek (872962) | more than 6 years ago | (#23158376)

I was also thinking along these lines. This story is a good example of the ramifications of outsourcing jobs and manufacture of products. The chinese are just being creative with corporate America's mentality to let cheap labor manufacture certain products we should be doing here.

All's fair in love and war, and if China can get away with brute force hacks to infiltrate sensitive networks, great. When the networks become more difficult to hack, sell them trojan hardware.

FUD (2, Interesting)

conan1989 (1142827) | more than 6 years ago | (#23157888)

presume FUD until given proof. and check the source of any "proof" too, never trust those who stand to gain

Re:FUD (2, Funny)

TheVelvetFlamebait (986083) | more than 6 years ago | (#23158340)

Yeah? And I think you're a CHINESE SPY!
 
;)

Re:FUD (1)

ScentCone (795499) | more than 6 years ago | (#23158556)

never trust those who stand to gain

So, what do YOU stand to gain by portraying the feds' concerns about prospective threats to government infrastructure and everything that rides on it as bogus? How does your characterization (implied) that counterfeit routing equipment used to protect systems on which lives depend is just fine, and not a concern, benefit you? You seem to have a vested interest in devaluing the concerns of the people that are asked to protect national interests in this respect - possibly because you conflate that issue with, say, also having less maneuvering room to rip off movies, or something else tangental, like that. You're right: I don't trust you.

Re:FUD (1)

kcelery (410487) | more than 6 years ago | (#23158916)

After your GM stocks fell, the Bear Stearns shrunk to almost nothing, son of your neighborhood got shot in Iraq .... one couldn't help casting some doubt over our position.

Time for state-sponsored fablabs (4, Insightful)

Yvanhoe (564877) | more than 6 years ago | (#23157934)

I can think and think over it, there seems to be but one solution:
Now is time for US Department of Sensitive Things to stop buying hardware and start buying blueprints. Buy VHDL and CAD files from CISCO, scrutinize them for threats then produce it yourselves.

China is great for cheap production but there is a reason why military approved stuff are more expensive : among other resons, you can't let anyone build them.
And if you want certified and cheap stuff, it is time to begin building robotic factories.

Re:Time for state-sponsored fablabs (4, Funny)

Lonedar (897073) | more than 6 years ago | (#23158022)

Ah, yes. A robotic factory would be a great solution to this problem indeed.
In order to cut the costs to a bare minimum I recommend we order the robots from China.

Re:Time for state-sponsored fablabs (0)

Anonymous Coward | more than 6 years ago | (#23158042)

why not just buy the hardware directly from the source instead of trying to use contractors looking to save a few bucks by using grey market? All they do is look for a vendor that can offer the hardware cheaper than what Cisco charges, then still charge the Gov't full price and they keep the difference.

Re:Time for state-sponsored fablabs (2, Informative)

Pascoea (968200) | more than 6 years ago | (#23158456)

Sorry, not going to happen. I've personally built and troubleshot their competitors (Juniper) equipment and we didn't even have access to the VHDL, Boot Prom, OS, or any other software documentation. There is now way in hell that they are going to hand this information over to the government.

Besides, the issue is not within the design itself. (I know, this point is arguable... but that is a different thread) the issue is non-trustworthy people building unauthorized reproductions of Cisco equipment.

As far as I know, high end products like Cisco are still manufactured in the United States. So if you want to ensure that you are getting domestically produced product you need to take over the delivery chain, not the production chain.

Leave the production to the experts, thats what they do. it is time to begin building robotic factories What do you think builds them? The only thing hand built is the high level assembly and inspection.

Uhhh... (2, Funny)

Kingrames (858416) | more than 6 years ago | (#23157972)

Who cares about counterfeit Disco gear?

Re:Uhhh... (1)

neoform (551705) | more than 6 years ago | (#23158096)

Sure, say that now, just wait till you play a record on a chinese turn table that turns out to be playing at 78rpm, next thing you know everyone on the dance floor will be dancing like their on speed or something.

Re:Uhhh... (0)

Anonymous Coward | more than 6 years ago | (#23158298)

Actually, in discos/nightclubs, safety is very important. Drunken revellers mixed with high voltage ac to run the light and sound equipment.

Now, I've nothing against cheap gear. Counterfeit gear is another matter - I'm fine with the chinese selling "huawei" routers that are like cisco only cheap and with lower security guarantees, I'd be fine with them selling "CopperScan" disco lights that are like decent lights only cheap and with lower safety margins - I'd know the risks, and know that unlike light A, I'd e.g. just have to hang light C higher and/or fit a 3rd-party safety guard (might still be cheaper than european-built light A), because light C isn't beer-proof like light A.

Re:Uhhh... (2, Funny)

everphilski (877346) | more than 6 years ago | (#23158362)

Disco Stu only buys the genuine article. Oh yea, baby...

if you export jobs/manufacturing/industry (1)

night_flyer (453866) | more than 6 years ago | (#23158040)

you cant expect it to be secure...

Not a good decision (3, Insightful)

hyades1 (1149581) | more than 6 years ago | (#23158086)

The economic integration between North America and Communist China is putting us in a very dangerous position. The Chinese government has a well-documented history of utter ruthlessness, and will happily steal and duplicate every technological edge it can get. Does anybody believe even for a moment that the same people who have committed and facilitated cold-blooded mass murder on a scale we find difficult to imagine will draw the line at a little industrial espionage?

Corporations that are forcing us into closer and closer economic contact with China are making huge profits, and doing a good job of ensuring that our governments obediently facilitate economic integration. For the rest of us, this means stagnant wages and limited opportunities...all in return for access to cheap headphones, lead-poisoned toys and other gimcrackery.

The Chinese government is not our friend, and the argument that exposing them to the joy of capitalism will make their society free is exactly backwards.

Why do you hate hard-working Americans? (0, Flamebait)

FatSean (18753) | more than 6 years ago | (#23158230)

Americans who deserve to work 40-50 hour weeks, own their own car house and TV and as many kids as they want subsidized by taxpayers? If you take away cheap Chinese goods in the name of 'security', these Americans might have to give up their house or a car or have less children. Besides, the only security we need to worry about is security from Arab terrorists who hate our freedom, don't worry about economic imbalances and lost opportunity in the job market. You're just being negative and bringing America down!

Re:Why do you hate hard-working Americans? (1)

jedidiah (1196) | more than 6 years ago | (#23158768)

No, we will just be buying less crap from Walmart.

Crap from Walmart is not as critical to the American Way of Live
as many people believe.

Re:Not a good decision (1)

Ice Tiger (10883) | more than 6 years ago | (#23158490)

The 1st world is increasingly giving up the ability to self sustain in the possibility of a cold or conventional war with the 2nd or 3rd world.

For example a conflict with china over Taiwan needs only a boycott from China to the USA and a few undersea data cable severances to wreck the US economy. With manufacturing and back office functionality moved overseas the ability of a large military to protect borders becomes irrelevant when economic vulnerable points lie outside of those borders.

Oh No! (3, Funny)

UncleWilly (1128141) | more than 6 years ago | (#23158102)

I also suspect my Lenovo/Thinkpad..whenever I'm in the room it seems to be...watching me.

Really? ebay? (2, Insightful)

esocid (946821) | more than 6 years ago | (#23158164)

...originating from China, and sold by Gold/Silver partners to numerous US government, military, and intelligence agencies
Are our government agencies seriously buying anything from ebay? I'm not even sure how legal, much less smart, it is to buy equipment that will be used in a federal agency from joe blow, or even kim lee (equivalent of jow blow) in china. An average user probably wouldn't have to worry, if in fact the stuff worked, but the Pentagon may have a problem.
To any federal agency monitoring this (NSA), please stop buying your network and computing gear from yard sales and ebay.

Re:Really? ebay? (1)

oodaloop (1229816) | more than 6 years ago | (#23158794)

The people buying routers for DoD et al are not generals or other senior IT-clueless individuals. They are the systems geeks, many of them probably /.ers, or should be. I am a former Marine, currently a defense contractor, and being a geek myself I've met many IT people within DoD. Typically, there's a young super-smart geek who effectively runs the IT dep't, and whatever he wants to buy, the leadership will go along with. I don't think anyone outside the geeks who put together the network really have a clue where all the equipment comes from. Also, within DoD at least, having a router coming from China doesn't seem like too much of a threat to me. Most of our systems are not connected to the internet at all. If a Chinese router were installed in SIPRNet (Secure Internet Protocol Router Network), for instance, there's no way information would make it back or come from China. Everything is encrypted and separated from the internet. Aside from the few that would used on NIPRNet (Non-secure Internet Protocol Router Network: the lan we use to connect to the internet), I don't see the threat, but maybe I'm missing something. I didn't RTFA after all.

Re:Really? ebay? (0)

Anonymous Coward | more than 6 years ago | (#23158928)

This is the real story here. Is there anything that we don't buy from China anymore? Cisco is an American company FFS. Yet another notch in the "our government is a bunch of morans" belt.

In other news... (1)

LM741N (258038) | more than 6 years ago | (#23158204)

the USA issues counterfeit money. "Why it will hardly buy you anything these days, says octogenarian Edna Pumpernickle. But I hear they have great money in Europe."

New bumper sticker (1)

foobarbaz (21227) | more than 6 years ago | (#23158220)

"Don't steal data; the government hates competition!"

Closed Systems and Black Boxes (4, Insightful)

hackus (159037) | more than 6 years ago | (#23158244)

Security cannot be achieved with closed source or closed hardware. The problem of security is too difficult, so it is best to create a "culture" of security based around a simple set of rules:

1) All software implemented in Network Systems must be open and source code must be peer reviewed on a regular basis.

2)Hardware should be as generic as possible and should be built upon agreed standards so you can mix and match components.

3) Cultural security is laid at the foundations of software and hardware. Once everyone knows the foundations any single individual or group will find it very hard to con an entire community.

Even if they succeed it will not take long for the culture to detect the deception.

Personally, I am glad the Chinese are screwing Cisco. Remember folks, we are talking about the same company that sold the Chinese government a ton of security products to hunt down and kill/torture or imprison political dissidents.

Last year I got rid of the final pieces of Cisco gear in my network and everything is working just fine with Open Source equivalents.

I peer review my own patch updates, and follow the lists carefully as the comminity as a whole deals with coding the upgrades.

I really do know what my routers are doing.

How many here can say that?

-Hack

Re:Closed Systems and Black Boxes (0)

Anonymous Coward | more than 6 years ago | (#23158468)

How many would ever have the time or ability? Excellent for you, but some of us--especially government workers just need to get the day's work done.

Re:Closed Systems and Black Boxes (0)

Anonymous Coward | more than 6 years ago | (#23158816)

Sometimes you pay for a solution with money, sometimes with time. Some of us don't have that kind of time.

Re:Closed Systems and Black Boxes (0)

Anonymous Coward | more than 6 years ago | (#23158900)

Works for you right? You have ultimate job security since you're the only one that knows how all your gear works.

Of course it sucks for your employer if you get hit by a bus but hey, not your problem right?

Nobody ever got fired for buying top brand (1)

RAMMS+EIN (578166) | more than 6 years ago | (#23158270)

I reckon the job of the spies has been a whole lot easier because they could rely on the US gov't buying Cisco-branded equipment. More diversity in the network equipment landscape would have made things more difficult.

How long are we going to let China pull this crap? (1)

LockeOnLogic (723968) | more than 6 years ago | (#23158428)

I understand that the market (and by extension politicians) salivate at the thought of so many new consumers, but how long are we going to let this utterly flagrant counterfeiting continue? There are no profits to be made if China makes and sells our own damned products to us.

Great! let's class everything as a weapon. (1)

petes_PoV (912422) | more than 6 years ago | (#23158472)

Ahh, that old military paranoia strikes again.

We didn't make it, we don't know what it does. It must be a threat.

The wonderful thing about this (apart from the certainty that it will involve giving the security organisations more money) is that you don't have to prove anything. Just say "it's possible" (not even probable), or that they're "concerned" or that there "might be a threat" and suddenly everyone is running around as if the sky is falling.

Time to stop watching the James Bond movies guys. Go back to worrying about monsters under the bed.

Supposed to Be the Other Way Around (3, Insightful)

Doc Ruby (173196) | more than 6 years ago | (#23158478)

Clinton and the Republican 1990s Congress sold us Most Favored Nation and "Fast Track" status for China on the appeal that the US would be manufacturing high-tech gear like Cisco routers and selling it into the emerging Chinese market. Making China dependent on US manufacturing and retailers so we could dictate political terms to them, like not torturing Tibetan monks.

They got it. Then they flipped the script. Now the US is dependent on Chinese manufacturing. Stepping up the game, Bush and the Republican 2000s Congress sent us $9 TRILLION into Federal debt (after a Clinton left him with a surplus), making $400 BILLION in debt bought by China necessary to keep the illusion that our economy hasn't collapsed - an illusion rapidly vaporizing, even before China applies much pressure to force us to comply with their Communist mafia government's global expansion plans. Meanwhile the Chinese are not just torturing monks (or stopping us from torturing around the world), they're also sending weapons, including machetes, to fuel a slaughter in Zimbabwe [independent.co.uk] .

They baited and switched us. And by "they", I mean a lot of Americans with Washington addresses, and now obviously Chinese bank accounts.

It gets worse (3, Interesting)

WindBourne (631190) | more than 6 years ago | (#23158730)

China in return agreed to allow their money to float free, but created "the basket" that they then control to an unknown formula. Considering that yuan has gone up a whopping 17% against the dollar over 5 years, while most other moneies have gone up more than 100%, it says a lot. In addition, they were required to drop their tariffs over 2 years ago (they asked for 5-7 years). We are now pushing 8 and they are asking for another 3-5 years of them.

The good news is that EU has seen what has happened to us and is pushing several issues; 1) the chinese firewall and the tariffs 2) the money issue 3) the carbon issue. As such, they are about to slap a major carbon tax on everything based on their Point of origin as well as a tariff against chinese good because of the firewall and tariffs.

The FBI damn well better be concerned. (1)

ClintJCL (264898) | more than 6 years ago | (#23158484)

I hate to embrace such technologies, but secure networking equipment probably need some sort of firmware DRM / Trusted Computing / game-console-like protection against modification.

Trusting "trust." (1)

mlwmohawk (801821) | more than 6 years ago | (#23158670)

There is no way to "trust" software, unless you've hand-assembled an assembler, used that assembler to create a better assembler, used that assembler to create a basic C compiler, and use that C compiler to build your real C compiler. And, additionally, audited all the code.

Then, you have to look at ever line of every tool source as well as all the source of everything. Even then, you need to verify hardware, BIOS, etc.

It is a hard job. Maybe impossible.

The first step, however, is to STOP buying aggregate devices based on software. A Cisco router may be cheap, comparatively speaking, but an audited and verified version of Linux/FreeBSD running on a commodity P.C. with tested hardware would be a lot more trustworthy.

I mean, there is a lot of sci-fi threat out there, bogus CPUs that run their own programs, hacked network cards, hacked hard disks, etc. These things can be checked and while possible are implausible at the moment. A hacked Router? Come on, I can't believe it DOESN'T send information someplace. It would be just a few lines of code. With even more code, it could analyze the packets and be more selective, and possibly even encrypt and compress data sent.

Don't forget Huawei (3, Interesting)

HockeyPuck (141947) | more than 6 years ago | (#23158710)

http://www.theregister.co.uk/2004/07/29/cisco_huawei_case_ends/ [theregister.co.uk]

While Cisco dropped this lawsuit claiming "a victory for the protection of intellectual property rights."

This was after Huawai photocopied IOS Configuration guides and "portions of its IOS source code found its way into Huawei's operating system for its Quidway routers and switches. Cisco claimed the Huawei OS included text strings, files names and bugs that were identical with Cisco's IOS source code. The suit alleges that Huawei is infringing at least five Cisco patents."

*RING BELL* Round 2

Interesting contradiction (1)

Bullfish (858648) | more than 6 years ago | (#23158714)

That they are hostile foreigners who hold favoured nation trading status...

Buy American, if you can (1)

slugmass (1215630) | more than 6 years ago | (#23158866)

The United States was once a major manufacturer of all things high-tech. I can remember being within an hour drive of Digital Equipment, Data General, Apollo Computer, IMC Magnetics (computer fan maker), Clarostat (precision resistors), and many others. But the most relevent to this story is Cabletron (See wikipedia for a short description). This Rochester New Hampshire based compnay made ALL of it's products in Rochester New Hampshire. Soldered and assembled by Americans, designed by Americans, and built to last. Some of this gear still survives in the field. There is a legendary story out of Chicago of a bank that was flooded at the lower levels. All of teh Cabletron networking gear was assumed to be dead. After a few days of drying out, it was perfectly functional and resumed service. So teh lesson is, pay more to an American company with American designed and produced product and your security concerns will drop.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?