Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

DARPA Sponsors a Hunt For Malware In Microchips

timothy posted more than 6 years ago | from the double-barreled-microscope-loaded-for-vermin dept.

Security 106

Phurge links to an IEEE Spectrum story on an interesting DARPA project with some scary implications about just what it is we don't know about what chips are doing under the surface. It's a difficult problem to find invasive or otherwise malicious capabilities built into a CPU; this project's goal is to see whether vendors can find such hardware-level spyware in chips like those used in military hardware. Phurge excerpts: "Recognizing this enormous vulnerability, the DOD recently launched its most ambitious program yet to verify the integrity of the electronics that will underpin future additions to its arsenal. ... In January, the Trust program started its prequalifying rounds by sending to three contractors four identical versions of a chip that contained unspecified malicious circuitry. The teams have until the end of this month to ferret out as many of the devious insertions as they can."

cancel ×

106 comments

Sorry! There are no comments related to the filter you selected.

All about China (4, Insightful)

elrous0 (869638) | more than 6 years ago | (#23262300)

It cracks me up how the U.S. government is always taking ludicrous steps to "protect national security," fighting off hacker attacks with billions of dollars in specialized firewalls and security, using NSA backdoors into windows, etc. And all the while they're lecturing us on all these heavy-handed precautions, they're doing EVERYTHING, classified and not, on computers built largely of Taiwanese and Chinese manufactured chips and motherboards.

Looks like someone finally clued these geniuses of national security in on the obvious Archilles' heel in their web of protection.

I just hope our clueless protectors have at least had the common sense to slip in some spys at that new big "Fab 68" [forbes.com] Intel plant they're building in China.

Re:All about China (1)

jamesh (87723) | more than 6 years ago | (#23262522)

I've wondered this too, although more along the lines of what if 'war were declared'? Really cloak and dagger cold war stuff where we're never sure who is friend and who is foe, and even if we are sure it changes on a daily basis anyway. Suddenly the only people you can really trust to build your stuff are the people born and bred inside your borders. It would change _everything_, even if a shot were never fired or a bomb was never dropped...

Re:All about China (1)

maxume (22995) | more than 6 years ago | (#23262644)

It's worse than that, the only people you can trust are your neighbors.

No wait, it's worse than that, the only people you can trust are your relatives.

No wait, it's worse than that, they only people you can trust are your direct family.

No wait, it's worse than that, the only people you can trust are direct family who haven't betrayed you yet.

No wait, it's worse than that, the only person you can trust is yourself.

Nationalism is a powerful force, but it's just tribalism writ large.

worse than that -- (1)

reiisi (1211052) | more than 6 years ago | (#23262724)

Can you trust yourself?

Re:worse than that -- (1)

Yvan256 (722131) | more than 6 years ago | (#23263256)

Nope. Remember what Fox Mulder said: trust no one. AFAIK that includes yourself.

Re:All about China (1)

Chrisq (894406) | more than 6 years ago | (#23262780)

No wait, it's worse than that, the only person you can trust is yourself.

That's what I thought before I came to love Big Brother. (If you're thinking the TV show you haven't got a clue)

Re:All about China (1)

davester666 (731373) | more than 6 years ago | (#23265642)

Think of this program in reverse. The DoD/NSA would like this functionality in chips everywhere. They would like to know if it can be detected.

Re:All about China (0)

Anonymous Coward | more than 6 years ago | (#23269760)


Possibly but they'd not want it on our chips jic someone leaked the backdoor. I might call them malign to the world but not stupid to their country.

We sell crippled military hardware to other countries and I don't doubt they'd love put such chips into foreign hardware.

Now consider this. They howled about Cisco routers being compromised. What if they know they are compromised because they sold the data to build them pretending to have stolen if from Cisco.

And the crap finds its way back here. ;)

Now you know why conspiriakii trubelivers are nuts.

A state of the art problem (3, Interesting)

btarval (874919) | more than 6 years ago | (#23262546)

Well, considering that the current wave in high-tech is to outsource the hardware development, it's a very valid concern.

Here's a classic example. Startups in Silicon Valley prefer not to bring in a hardware team to develop a new box from scratch, especially when they can just buy a COTS box elsewhere for the first round. The Imaginary Property resides in the Software Apps that they can develop to run on these boxes.

Consequently, they contract out with companies that used to be known for their motherboards, but who have moved up and will sell you a complete cutting edge system, and customize it to meet your needs. No hardware development time is required, and it's a lot cheaper.

The catch is that, in order to support these boxes, the Startup or the customer MUST NEVER OPEN THEM. If you do, you void the warranty. At $10,000-$20,000 per box (in the storage biz) that's a very strong incentive to never ever peek inside.

Add to that proprietary IPMI [wikipedia.org] cards.

In short, these boxes are the best backdoor into an Organizations' IT infrastructure. You'd be surprised at the big, well-known names currently deploying them.

The beauty of this approach is that most of these companies are based in Taiwan. Simply put, with little effort, Taiwan gets to own both China and the U.S. at the same time. That would be amusing if it weren't so sad.

Re:All about China (1)

TheGratefulNet (143330) | more than 6 years ago | (#23262568)

having JUST replaced about 6 capacitors in an older motherboard (due to bad chinese caps, infamous story from about 5 yrs ago) - I concur!

trusting ALL our electronics to the chinese is a fool's decision!

then again, we have had a good amount of fools running this country, so I'm not all that surprised.

if I was president (yeah right..) I would create a program to ENSURE that all chips, transistors, parts (etc) are ALSO made here (at least for security related equipment and sensitive gear). we NEED to have manufacturing return to the US. we can't count on foreign countries to continue to supply us with parts and even building know-how.

we are risking A LOT by trusting (!) all our parts suppliers and in the case of the chinese caps, that really bit us badly! we'll be paying for THAT mistake of theirs for decades (parts are still in the supply chain and even the military has to weed out the bad chinese caps from THEIR parts bins).

have we learned nothing from this?

(answer: yup. it appears so.)

but how I wish we would get someone clueful who could see this and help restore not only manufacturing (key industries) but also the pride of having something say 'made in USA'.

btw, here's a photo [flickr.com] of the mobo that I just repaired. you can see the 'plus signs' on the top of the capacitors have blown! the parts were all of $5 (total) and some time to unsolder and replace; but imagine if really important equipment was using these kinds of cheap parts. scary, isn't it?

here [flickr.com] is another photo but this one is of a netgear gig-e switch. this one is well known (search for it, gs-108) and also has the blown-cap problem (the 2 small caps on their side were the bad ones). the caps didn't fully blow up (like my motherboard's caps did) but they still failed causing 'blinking lights of death' to the netgear switch. I replaced the bad caps with much larger newer ones and all is well again. but still, few people have the time and patience and know-how to do this. and if its in the field and something fails, you're screwed until you can replace the whole unit or if you have time to fix a pc board, but its rarely economical to do that.

Re:All about China (2, Insightful)

elrous0 (869638) | more than 6 years ago | (#23262626)

Not only that, but what if China ever decided to embargo us? It would (for a time at least) cripple most of our tech industry.

Re:All about China (1)

TheGratefulNet (143330) | more than 6 years ago | (#23262820)

Not only that, but what if China ever decided to embargo us? It would (for a time at least) cripple most of our tech industry.

its true and could be a very real possibility in the future.

its dangerous, I think, to put so much trust in foreign manufacturing. for economic as well as security and 'peace of mind' reasons, it would be really good if this could be addressed. imagine taking even just 1 month's worth of 'iraq money' and creating (funding) local manuf in the US for essential things (not just electronics). actually investing in ourselves. wow, what a concept. but I don't expect it to happen. I'm too cynical, I guess.

Re:All about China (0)

Anonymous Coward | more than 6 years ago | (#23266432)

It's funny that you mention Iraq costs. Think about it this way, the more we trade with China, the less incentive there is for *either* of us to go to war with the other. Not only do we gain from trade itself but we also gain from better relations which could prevent war in the first place.

Re:All about China (1)

DAldredge (2353) | more than 6 years ago | (#23269670)

Trade didn't stop Germany in WW1 or WW2.

Re:All about China (2, Informative)

quanticle (843097) | more than 6 years ago | (#23262900)

The thing with embargoes is that they work both ways. Currently, China is so dependent on the US consumer market to absorb its production that an embargo would hurt them as much as it hurts us.

The other thing is that, despite what you've been hearing, China is not the be-all-end-all for electronics. Korea still holds the crown for manufacturing memory, Taiwan is still the leader for TFT LCDs, Israel is still manufacturing networking equipment, etc. If China embargoes the US, these other countries will ramp up production and diversify their offerings to meet the redirected demand from the US market.

On the other hand, China's only large customer is the US. If they slap an embargo on the US, the US can go to other suppliers, whereas China has few other customers rich enough to buy the massive quantities of goods they are producing.

The Chinese know that, at least in the near future, an embargo will hurt them at least as much as it hurts us. This is why they've been actively growing their trade surplus vis a vis the US. Having a massive amount of dollar reserves gives them the option of manipulating our currency (and, by proxy, our economy) without resorting to something as blunt as an embargo.

Re:All about China (0)

Anonymous Coward | more than 6 years ago | (#23263590)

There are 650 million people in Europe. Does this not count as a 'large customer'?

Re:All about China (0)

Anonymous Coward | more than 6 years ago | (#23263916)

There's only one problem with your view: You assume that China wants US$.

Be honest now, what's the value of all that crap you keep in the garage? Well, China's US$ stockpile is the crap in their garage. Thanks to the trade imbalance (that everyone insists is "perfectly fine" and "not a problem") as their stockpile grows bigger, it becomes less and less useful to them. Right now, the only thing they use US$ for is oil and what little they import from the US.

As soon as oil switches to the euro, kiss your ass goodbye, because that enormous stockpile will be worthless, and so will the rest of America's money.

Re:All about China (2, Funny)

megaditto (982598) | more than 6 years ago | (#23266030)

Well, at least we had a good run for the last 50 years.

It amazes me sometimes how clueless a lot of Americans are WRT how fortunate/lucky we have been lately.

Re:All about China (1)

turing_m (1030530) | more than 6 years ago | (#23270168)

As soon as oil switches to the euro, kiss your ass goodbye, because that enormous stockpile will be worthless, and so will the rest of America's money.
I don't believe that transition will happen without wars and conscription as necessary.

Re:All about China (1)

mgblst (80109) | more than 6 years ago | (#23264950)

The Euro zone is a pretty big importer of China tech as well. Then you have Japan, and the rest of the world.

Of course, the US is still too big a market for them to do this. One of the reasons that the US dollar hasn't fallen further, is that it is in Chinas interested to keep it high, or they would lose a lot of money.

Re:All about China (1)

Lumpy (12016) | more than 6 years ago | (#23270198)

On the other hand, China's only large customer is the US. If they slap an embargo on the US, the US can go to other suppliers, whereas China has few other customers rich enough to buy the massive quantities of goods they are producing.

no we cant. companies like Apple and Dell would go out of business overnight as their products shoot up in price 300%. that new Macbook Air is no longer salable at $4500.00. not to mention the myriad of smaller companies that would go out of business overnight as sourcing It parts would become near impossible.

People and business not only has become accustomed to cheap IT, but they rely on it. Also if they timed it now they could cause significant damage to our economy, it would collapse consumer IT almost overnight. Consumers already are NOT buying electronic goods, and low end brands like walmart, bestbuy and costco house brands outsell Big name quality brands like toshiba, jvc, sony and Panasonic 10 to 1 because consumers have less money and are bying the cheap stuff. Take away the cheap stuff and it all falls down.

Re:All about China (1)

quanticle (843097) | more than 6 years ago | (#23270466)

That may be true, but you also have to look at the impact on China. Think of the thousands of factories that are dedicated almost exclusively to supplying companies like Dell, Wal*Mart, Apple, etc. If our companies go out of business, then, guess what? Those factories go out of business too. And, given that China is a totalitarian country, its more afraid of unemployment and economic hardship than we are. Historically, dictatorships have been more vulnerable to political discontent fueled by economic hardship than democracies.

Re:All about China - Manufacturing Return (1)

JavaManJim (946878) | more than 6 years ago | (#23271366)

Regarding Manufacturing Return.

Yes indeed! We should keep of all critical parts, components, and materials about 30% production here (USA or within the EU, etc). These companies should focus on top quality manufacturing - not "good enough". Then these companies should be subsidized a little to make up for cheaper parts offshore.

We already do this in the USA for some items. Take farming for example. Many crops are subsidized for the same reasons we need other vital manufacturing elements supported. Take the petroleum reserve and use this concept for creating stockpiles of vital minerals and like goods.

Great thoughts by everyone here - thanks,
Jim Burke

Re:All about China - appreciate your ingeunity (1)

JavaManJim (946878) | more than 6 years ago | (#23271302)

Your skill set, intelligence behind this, etc.

I replace a few things from time to time and I am rank beginner kit type guy (i.e. Nixie Clock kit, with WWV update). Kudos to you for finding and doing this. Most people today, 99.999%, would shrug and replace the whole board.

So how about some details. In addition to your great pictures.
1. A capacitor failure is always plainly visible like this?
2. What are the three most common failures in electronics? How to find and fix them? Perhaps this answer is on a blog somewhere (So where?).
3. Are there subtle capacitor failures? How are such subtle failures found? Lots of Fluke Multimeter poking around or oscilloscope? Do you usually have an identical working board you can get comparative values from?
4. Soldering station? What kind do you use? Something for the field? Silver Solder or something else? Flux?
5. Any problems ever with smoke alarms?
6. How often do you repair like in your post vs "buy a replacement"?
7. General background that prepared you for this. Education, experience, hobbies, etc.

I am asking this so that if someone else wants to attempt a repair of some old part, that they might learn a little here.

Thanks,
Jim Burke

Re:All about China (0)

Anonymous Coward | more than 6 years ago | (#23262640)

There is a reason the NSA have their own fab. Although they still don't fab everything they use.

Cynical about China (1)

conureman (748753) | more than 6 years ago | (#23262700)

I for one have always assumed that the hardware was an active vector for security failure. Why ANYONE who has not personally audited all the circuitry in all their chips would ever assume any different is beyond me. Actually I was always mostly worried about those Isreali ethernet chips. I have absolutely nothing to hide, but I still refuse to carry a GPS phone, and my private files are on an offline node with no WiFi, &c. Nothing wrong with being paranoid, as far as I'm concerned, I think we are all just temporarily out on our own recognizance.

Re:All about China (1)

sm62704 (957197) | more than 6 years ago | (#23262888)

It cracks me up how the U.S. government is always taking ludicrous steps to "protect national security,"

"National Security" means protecting cowardly politicians. How many US politicians take a train? None? Do you have metal detectors ate the train station? No? But try to get on an airplane!

Are there metal detectors at Walmart or JC Penny or the grocery store? Nope. But they're at the place you get license plates and in the courthouses and city halls.

They don't worry about YOUR securiuty and safety, they worry about THEIR security and safety. In this case, it's about protecting their cushy jobs.

Re:All about China (1)

KingAdrock (115014) | more than 6 years ago | (#23264432)

Mike Bloomberg, mayor of New York City, takes the NYC subway to city hall most days.

Re:All about China (1)

swrona (594974) | more than 6 years ago | (#23263094)

It comes down to this: When SkyNet attacks, do you want the Terminators to speak with a Chinese accent?

Re:All about China (1)

defwheezer (1282646) | more than 6 years ago | (#23266256)

Well, we don't want SkyNet to be controlled by Chinese malware do we? It's bad enough that it will eventually mutate into the ultimate MalWare on it's own...

Well, the teams may as well quit now... (2, Funny)

imyy4u2 (1275398) | more than 6 years ago | (#23262336)

I already found the hidden "porn" circuitry.

Re:Well, the teams may as well quit now... (1)

UnknowingFool (672806) | more than 6 years ago | (#23263602)

You mean the "Hot Coffee" circuit isn't what I thought it was?

Speaking from a military perspective (3, Interesting)

Erie Ed (1254426) | more than 6 years ago | (#23262380)

This is going to be a huge issue in the future. Another reason why buying anything not made in the US is a bad idea. We have MIL-Spec products for almost everything, yet most of our comm equpiment is simply COTS with slight modifications to the software/hardware. I'd really like to see intel/amd move operations back to the states just for this reason, also it would be a benifit to the government and the american people. The government gets what they want secure, malware free chips, and americans get good paying jobs back.

Re:Speaking from a military perspective (3, Insightful)

Applekid (993327) | more than 6 years ago | (#23262406)

Although I do agree from a military perspective the less reliance on others is probably for the best, "Made in the USA" is not an alternate spelling of "exploit-free".

Re:Speaking from a military perspective (1)

Reality Master 201 (578873) | more than 6 years ago | (#23262480)

That sounds great.

Are you willing to pay the extra money for microchips? Do you think the market is willing to pay the extra money?

If the answer to either of those questions is NO, then it to be a heavily (government) subsidized effort or you can expect to pay at a lot more for computers than you do now. There's building Fabs here, there's the cost of labor, better environmental enforcement, taxation, etc, etc. That's a lot of setup cost and the companies aren't going to eat it.

That's not to say there's not a good reason to do it. There's the national security aspect, sure, but there's also economic reasons - that's more jobs here in the US and less knowledge transfer to current and future competition in the tech sector. And we're not just talking CPUs - drive controllers, GPUs, motherboard chipsets, network equipment, etc. etc. That's a lot of financial commitment.

Re:Speaking from a military perspective (0)

Anonymous Coward | more than 6 years ago | (#23262558)

We have FABs here. Several in Austin. But the are being shut down and outsourced to the Far East. Why? So they can make a little bit extra money.

It's always cheaper to build in countries that employ what amounts to Slave Labor.

Re:Speaking from a military perspective (1)

Reality Master 201 (578873) | more than 6 years ago | (#23262594)

Yeah, I know. We don't have enough chip fabs to handle all the demand of moving ALL production for US computer components on-shore, however.

Re:Speaking from a military perspective (2, Interesting)

quanticle (843097) | more than 6 years ago | (#23262942)

It's always cheaper to build in countries that employ what amounts to Slave Labor.

You do realize that most third world factory workers want to be working in a factory, since its much better than the alternative, which is usually subsistence farming, right?

Re:Speaking from a military perspective (0)

Anonymous Coward | more than 6 years ago | (#23265042)

One can argue market forces are at work. They are willing to work a factory in lousy conditions because it is better than starving to death.

I guess you could say the same about being a prostitute...hey, it puts food on the table doesn't it?

That being said I bet that a chip factory is a better place to work than a shoe factory as far as cleanliness goes. But there are still many opportunities to be harmed from toxic chemicals, etc. which you can be sure are near as controlled as they are in the U.S.

Re:Speaking from a military perspective (0)

Anonymous Coward | more than 6 years ago | (#23270228)

Chinese workers want the same thing American workers want... Can't argue with that.

The real problem in the U.S. is that those running things from the top have economic astigmatism so bad, it's suprising they haven't tripped over their own feet yet. (Unfortunately, it'll probably be us "Average Joes" they land on when they fall.) The biggest problem is that those running companies stateside only see infrastructure as a liability. In other parts of the world, they know damn well that any production capability can be turned into an asset. (And this includes even having to idle it on occasions where demand is low.)

The U.S. (western?) government is also being counterproductive in regards to this too. I'm not sure if it's too much bending over to the WTO, or if they suffer the same awful nearsightedness as the corporate side because of the revolving door problem. At least China has the sense to keep some things nationalized or heavily regulated where needed, this is because they understand that capitalism just as well as any other tool can be leveraged as a weapon.

And for them, the idea is as old as the
Art of War itself. One of Sun Tzu's main concepts was that the best way to win a war was to get the enemy to concede defeat in some manner with out ever resorting to arms. So if you can get your opponent economically by the balls through trade, that's much better victory than ever winning by having your troops marching through the smoldering rubble of razed cities. (And there's some interesting arguments about why this is so, worth a read even if some things are lost in translation.)

Re:Speaking from a military perspective (1)

boris111 (837756) | more than 6 years ago | (#23264652)

then it to be a heavily (government) subsidized effort

Maybe it would move into software so I can get paid not to code.

Re:Speaking from a military perspective (0)

Anonymous Coward | more than 6 years ago | (#23262548)

Buying things made in US just mean the US company/US government controll you with their stuff. So you can choose which government you want to be checked by.

Btw, think of the economy of what you suggest. It really means that no country will by stuff from other countries. Not sure that's good for the US.

Re:Speaking from a military perspective (1)

sm62704 (957197) | more than 6 years ago | (#23262934)

Another reason why buying anything not made in the US is a bad idea

I would posit that it's not where it's made, but who made it. If it's made by a multinational corporation like Sony or Erricson, it's safe for the US military, because the US Government has been bought and paid for by those corporations.

To the American government, you don't matter. Sony and BP and Shell matter. Sony contributes wads of money to "campaign contributions", all you do is vote for one paid off fool or another.

Re:Speaking from a military perspective (0)

Anonymous Coward | more than 6 years ago | (#23263288)

I just changed jobs from the company that is quickly becoming the military's chief telecom equipment provider and we made everything in-house. We use older Motorolla series chips (8080, etc) and program our own FPGA's; they're complaint though is that we're much more expensive than the competitors (who do a lot of overseas production). So it all boils down to how much the gov is willing to spend for security

Re:Speaking from a military perspective (1)

rickb928 (945187) | more than 6 years ago | (#23263812)

"I'd really like to see intel/amd move operations back to the states just for this reason"

You mean like this [intel.com] or this [intel.com] or their sites in

Folsom, CA
Santa Clara, CA
Hudson, MA
Rio Rancho, NM
Hillsboro, OR
Dupont, WA
Irvine, CA
Fort Collins, CO
Raleigh, NC
Parsippany, NJ
Columbia, SC
Austin, TX
Riverton, UT
Chantilly, VA

AMD uses Fabs in Germany, which is much friendlier to us than China. Ireland ditto, which has at least one Intel fab, and Israel, whose Intel facility you can thank for the Core Duo revolution and the death of NetBurst.

I live in Arizona, and there are plenty of fabs down here, not just Intel. Microchip and Freescale for instance.

And frankly, I prefer Taiwan and Japan as manufacturers to Singapore, Malaysia, or of course China. Inda I consider more neutral but genuinely friendlier than the Chinese.

If we don't move to build some manufacturing in the U.S. for PC components, we need to choose our strategic partners more carefully. Taiwan, South Korea, Japan are better choices than China or most of the of the Pacific Rim.

The article points out something hopeful to me - that DARPA is looking at this and preparing to prove to the military that they are in peril. Not a moment too soon. Consider counterfeit Cisco gear as a warning.

Right out of the fiction section (2, Informative)

HW_Hack (1031622) | more than 6 years ago | (#23262552)

This issue is a main element in Richard Clarke's latest book - Breakpoint. Clarke is the terrorist guru from the late '90s in the Clinton administration ... and the guy the Bush administration chose to ignore. Bottom line is if you let your key silicon + hardware be exclusively built in forgien countries ( i.e. China) you're at risk of hardware level "back doors". Published in '06 - Clarke again signals a warning for the US .....

Re:Right out of the fiction section (1)

Reality Master 201 (578873) | more than 6 years ago | (#23262936)

Oh, you mean the guy who had that fixation on some crazy Islamic fundamentalist group attacking on US soil?

Pffft. Crazy alarmists.

(note: sarcasm)

Re:Right out of the fiction section (1)

sm62704 (957197) | more than 6 years ago | (#23262968)

Clarke is the terrorist guru from the late '90s in the Clinton administration ... and the guy the Bush administration chose to ignore

Well, look, if he hadn't ignored Clarke then 9-11 might not have happened. 9-11 was not only an Orwellian dream come true for a power-hungry politician, the Afghanistan war got Americans in a war mood which led to Iraq, which further destabilized the region which cause oil prices to skyrocket, which directly affected the coffers of oil men Bush and Cheney.

And people call Bush stupid. Yeah, "don't throw me in the briar patch Brer Fox!"

I paid $1.05 a gallon here when Bush took office. Yesterday it was $3.65. My paycheck hasn't tripled, but Bush and Cheney's have.

Re:Right out of the fiction section (1)

not_hylas( ) (703994) | more than 6 years ago | (#23263526)

I admire the man (Richard Clarke), but have never read his books through and through, I think it's a commentary on these United States when you have to write the truth disguised as fiction to clue people in.
I have been subject to hardware attacks, twice - suspected firmware and chip crowding techniques, 10 years apart, on Macintoshes. The result was a lot of name calling and personal attacks by people who would not even investigate past their reputations.
It's a sad commentary.
This DARPA initiative is a real step in the right direction - this is a true problem, and the sooner they begin uncovering it, the better.
All my best to the teams.

Dear DARPA (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#23262566)



By clicking on this post, you agree to pay the author, Kilgore Trout, the sum of Euro 1,000,000,000,000. in one
payment via electronic deposit into the bank account of my choice within 24 hours of your reading this post.

Use ACL2 [utexas.edu] .

Cordially,
Kilgore Trout

Dear Modd Clodd: (0)

Anonymous Coward | more than 6 years ago | (#23262924)



You obviously HAVEN'T read about ACL2 for formal verification of microcode.

Thanks for nothing,
K. Trout

once we 'accept' just one lie as even partly true (0)

Anonymous Coward | more than 6 years ago | (#23262580)

the rest is just a matter of juggling the 'gray' area around a little more until there's no black or white.

Speaking as a chip designer... (4, Informative)

stevew (4845) | more than 6 years ago | (#23262628)

I find this intersting.

I deal with foreign fab houses on every project. The odd things is that most of the backend software used by these fab houses are sold by American companies (much of which is written in India).

There is a step in the process where a point tool (one not written by the fab house - but again an American company) is used to re-extract the design out from the polygons that describe the silicon to be fabbed. This is compared to the source gate level design I originally supplied using formal verification methods. This is done by me.

So I suppose someone could surreptitiously change the gates I'm getting back to hide what is being inserted in there (not an easy thing to do all by itself at this level) There are places where it could be done in the process.

At the same time - to add additional logic to a design you are not well versed in is REALLY difficult.

Speaking to a chip designer... (1)

mmell (832646) | more than 6 years ago | (#23263108)

Diffucult != impossible.

Many hacks are difficult - until you figure out how to do it. Then, it becomes documented procedure for the black-hats of the world. I.e., all a malicious designer needs to do is figure out exactly how to integrate extra logic into a chip design without getting caught once and they will then be able to do it forever, or at least until the design -> production procedures are changed to close whatever hole he may have found to exploit. Granted, in this case the logic to be added will require an intimate understanding of the chip's original design, but the manufacturing plant does have all the tools needed to gain such an understanding. The design itself is furnished to them to let them make the chips to begin with, and the only limiting factor is the intelligence to reverse engineer the chip, given the litho's and design spec's.

Finally... (1)

TapeCutter (624760) | more than 6 years ago | (#23264216)

IANACD or from the US. I had to scroll past pages and pages of nationalistic and economic drivel before finding someone who knew what the hell they were talking about.

Posters who don't know what they're talking about? (1)

joebob2000 (840395) | more than 6 years ago | (#23266982)

Welcome aboard, Sir!

Re:Speaking as a chip designer... (1)

wfstanle (1188751) | more than 6 years ago | (#23264500)

At the same time - to add additional logic to a design you are not well versed in is REALLY difficult.
As you said, its real difficult but its not impossible, right? This is a good reason why it is in the national interest to preserve our industries. We need both old industries such as steel making and the new industries such as software writing and chip manufacture. If we get into a war with our primary supplier, is that nation going to sell us what we need to defeat them? Don't get me wrong, I'm really against almost all wars. As the song said "War is only good for the undertaker".

Re:Speaking as a chip designer... (1)

TheLink (130905) | more than 6 years ago | (#23264992)

I am not a chip designer.

In some cases I don't think they need to add additional logic. They may just need certain stuff to fail when a particular sequence of radio frequencies, or pulses are detected.

Sounds like an interesting task. (0)

Anonymous Coward | more than 6 years ago | (#23262660)

In the case of ICs, it might even be possible to automate to some extent. You know the I/O specs of the chip -- what voltages to feed where, for example -- so maybe you feed it into some type of machine that can cut it into very tiny wafers, examine them, and reconstruct the chip in a virtual environment.

Then I suppose it becomes a matter of proving the functions within the chip, and piecing together vulnerabilities that are composed of more than one chip working in tandem.

Things get trickier with "tamper-proof" EEPROM or similar technologies like soft-core microprocessors, I suppose. Part of testing would necessarily involve beating the tamper-proof system.

Pragmatically speaking, however, unless you test every chip you plan to use (destructively in this case) how do you know you're not getting slipped the silver thermal paste that doesn't actually have any silver in it?

A new commercial for Windows (0)

Anonymous Coward | more than 6 years ago | (#23262718)

Summary and a few observations (1)

quo_vadis (889902) | more than 6 years ago | (#23262750)

Ok heres a quick summary for those who dont have the patience to read the 3 pages :

Portions of a chip design cycle are untrusted - eg. the fab stage because its not DARPA certified etc. A malicious entity could embed small, functionally irrelevant circuits that when activated could disable(kill switch)/give unauthorized access (back door)/reveal chip secrets (reveal crypto secret key). In order to prevent it, DARPA is looking for proposals that will mitigate this, while not requiring exhaustive testing.

A few important points :
1. It doesnt matter that the fabs are in China. Even non certified fabs in the US could potentially be compromised. Currently DARPA procures chips (especially crypto chips) from secure fabs in the US, but these are very expensive as the fabs are run pretty much exclusively for defense use.

2. The idea is to know, ideally via non destructive means, if the final design and the initial design are functionally and electrically identical. This is harder than it sounds, as trap doors in the chips cannot be detected without either exhaustive testing (which takes too long) or by exhaustive examination (wearing out each layer of the chip physically and comparing against a known good mask)

3. The fact that Intel and AMD have offshore fabs does not matter. Yes, MIL spec versions of their chips are used in various applications, however it is economically unfeasable for all Intel and AMD fabs to be certified. In fact, I would not be surprised if both Intel and AMD hand over their design specs for chips they want MIL certified to a small certified fab onshore. This seems like a much more logical way to do things.

4. This will, very likely, bleed over to the commercial sector. Most likely, the first customers for something like this would be the banking sector. However, a big difference in the commercial sector is that the national card doesnt come into play. A company in China (for eg) once certified, could become the largest provider of crypto chips to all banks worldwide. In fact in such a case, standardization would help. This is different from military applications, where, one country will not trust what the other says is certified.

Easy with JTAG test vectors (0)

Anonymous Coward | more than 6 years ago | (#23262836)

This is trivial to do with access to JTAG ports and test vectors. Another reason for open source!

Read: DARPA Begins Fishing For How-to Ideas (0)

Anonymous Coward | more than 6 years ago | (#23262842)

"DARPA Sponsors a Hunt For Malware In Microchips" is government-speak for "we're looking for the best ways to do this ourselves." Anyone here knows hardwired is faster and more efficient than software and/or microcode execution (read: easier to hide, universally available for use anytime anywhere to spy on you). Ever wonder what that hidden cpu with ROM is doing on the same chip as as the main CPU(s)?

logically impossible (2, Funny)

Ralph Spoilsport (673134) | more than 6 years ago | (#23262852)

USgov: OK Mister smarty pants commie chip maker! PROVE TO ME that YOU"RE NOT putting malware into your chips!

ChipMaker: Sorry, I can't do that.

USgov: And WHY NOT???

ChipMaker: Because it's logically impossible you retarded oaf. You can't prove a negative.

USGov: But if you DON'T then we will have to TAKE ACTION!

ChipMaker: Oh, jeez... like what? You bumbling fuckhead!

USGov: we will STOP BUYING CHIPS from you! We will build them ourselves!

ChipMaker: Sorry, Wally, but you're not going to get that past your neoliberal internal trade agreements. I can see it now: "USGov goes into Chip Making"... Intel, AMD, and IBM would crack a loaf in their pants and sue. No, you'll have to subcontract to them, and they will have to set up a multijillion dollar fab plant in the USA that is populated by expensive american workers, and suddenly every laptop made for the USGov will be slower and more expensive than any other laptop on the market. Good move, Ace. Lemme know how that works out for ya.

USGov: buh buh buh WE NEED SECURITY!!!!

ChipMaker: look, dumbass, we make chips. We don't care what they go in, we don't care what they do, we just make chips. Test them all you want, you're not going to find anything, because we really don't give a shit. Now, if the ultraparanoid wing of your wingnut contingent can't swing with that, tought shit.

USGov: it would be SO much better if you simply PROVE THAT YOU'RE NOT putting bad things in our chips.

chipMaker: (sigh). How's this, USGov, just shut the fuck up, and get with the program.

USGov: But WE HAVE TO PROTECT OUR FREEDOMS!!!!

ChipMaker: WHEN were your FREEDOMS ever attacked? Some crazy fucking nutjobs from a loosely organised international political crime syndicate flew some planes into your buildings. They didn't attack your freedom, they just wanted you to get your jarheads out of Saudi Arabia. And then you invaded Iraq. "I'd like to know when Iraq attacked your freedoms - I'd like to know what day it was when the Iraqi Invasion Force stormed your beaches and dumped hot lead into your freedoms, because I must been on vacation that day in someplace called REALITY." Your paranoid abuse of logic is THE SAME. And we, the Rest Of The World, are getting sick and fucking tired of your penny ante tirades that end up getting thousands of people killed. So, for the jillionth time: NO, We Can't PROVE that our chips are not full of malware, because you CAN'T PROVE A NEGATIVE. You can test all you want, but you will never be 100% sure, and thusly, you're an idiot for demanding it. Heck - even if you build them yourself, you have no proof, as some employee might etch a wee corner of the chip to cause a computer to make fart noises and blit every other frame to the screen with an image of Jesus butt raping Mohammed, but only on even numbered Tuesdays.

USGov: BUT WE WANT SECURITY!!! We want to PROTECT OUR FREEDOMS!!!

ChipMaker: OK, OK, you fucking moron: "I solemnly swear, cross my heart and hope to die, that there is no bad stuff on any of the chips we make. Promise. Now, is that better?"

USGov: YOU ARE A GREAT ALLY!!! I feel so much more secure now.

RS

We have always been at war with Oceania.

Re:logically impossible (1)

ch-chuck (9622) | more than 6 years ago | (#23263772)

Because it's logically impossible you retarded oaf.

Oh really? [bloomu.edu]

Re:logically impossible (1)

Ralph Spoilsport (673134) | more than 6 years ago | (#23267082)

wrong.

from the article linked:

For one thing, a real, actual law of logic is a negative, namely the law of non-contradiction. This law states that that a proposition cannot be both true and not true. Nothing is both true and false.

OK: "this statement is wrong."

Goedel blew that article's line of reasoning out the door 80 years ago.

RS

Re:logically impossible (1)

Bugs42 (788576) | more than 6 years ago | (#23264920)

you CAN'T PROVE A NEGATIVE.
Can you please prove that?

Re:logically impossible (1)

mgblst (80109) | more than 6 years ago | (#23265040)

I don't think that anyone would mind the US government making chips for themselves. You are making a ridiculous argument.

John

Re:logically impossible (1)

Rich0 (548339) | more than 6 years ago | (#23265600)

Strategically the US is in a bad position when it depends on military/infrastructure supplies from foreign nations.

Just look at what happened to the USSR [wikipedia.org] . The US should know that when you procure parts from a strategic adversary you open yourself up to these kinds of attacks...

Re:logically impossible (0)

Anonymous Coward | more than 6 years ago | (#23267066)

not quite. I CAN prove a negative.
http://www.graveyardofthegods.net/articles/cantprovenegative.html

Quick and simple test.. (2, Funny)

Linker3000 (626634) | more than 6 years ago | (#23262912)

If:

10 PRINT "HELLO WORLD"

Comes out as HERRO WORD

You're pwned.

Re:Quick and simple test.. (0)

Anonymous Coward | more than 6 years ago | (#23266142)

You forgot:

20 GOTO 10

Conspiracy! (1)

Layer 3 Ninja (862455) | more than 6 years ago | (#23262956)

This project is for improving methods to backdoor telco equipment for data mining. Now, if you'll excuse me, I'm out of tinfoil.

Open Cores. (0)

Anonymous Coward | more than 6 years ago | (#23262960)

http://www.opencores.org/

'nuff said.

Devious insertion (0)

Anonymous Coward | more than 6 years ago | (#23263020)

The teams have until the end of this month to ferret out as many of the devious insertions as they can."

I'll give yo mama a devious insertion. That's what she calls anal sex.

they should reprioritize their efforts... (0)

Anonymous Coward | more than 6 years ago | (#23263032)

what i love is that most of the US military still runs IE 6. all this money spent towards "security" when they can't even get the basics of patch management and upgrade cycles right...

It's about the design, not the fab (2, Informative)

smellsofbikes (890263) | more than 6 years ago | (#23263232)

I've written about this before. It's all about the design of the IC -- they're tightly integrated designs. The designer works with a design team, who reviews the layout, and sends it off to get fabricated. If what comes back isn't exactly the same as what went out it's going to be *completely* obvious. First off, the most important thing is how large the die is. Nobody can change that without everything downstream breaking -- your wafersort test hardware won't match up with the die (and wafersort is done by test engineers working with the designer, so is done where the designer works). So you can't make a larger die to put extra malicious circuitry in. Secondly, every bit of the die space you have is used. There's never unused silicon because that's wasted money. People will completely relayout a design from a square to a rectangle if that means they can get 10 more chips off a wafer. So you can't sneak malicious circuitry into an existing design.
And, for that matter, a designer or even an applications engineer can tell, at a glance, if the silicon that came back from the fab is the same as their design. Some of our applications engineers can tell, without a microscope, what another manufacturer's raw silicon does, just by looking at it. (Not everything, obviously, but they can say "this part is logic, this part is a big power FET, there's a bunch of ESD stuff over here...")
Bottom line: if you have to trust the design, you need to have your designer and your design review team where you can see them. The fabs don't really matter that much.

Re:It's about the design, not the fab (2, Informative)

MobyDisk (75490) | more than 6 years ago | (#23264334)

I respectfully disagree.

First off, the most important thing is how large the die is.
Obviously they would not change the die size. If the military orders .25mm bolts and gets .45mm bolts that don't fit, they don't need a security audit to figure that out.

Secondly, every bit of the die space you have is used.
There's lots of ways to make space. De-optimize some areas: Remove the carry lookahead logic, shrink the cache. Remove some of the full-complementary logic. Replace fast structures with smaller sub-optimal things like transmission-gate XORs. If the chip has duplicate cache to compensate for manufacturing yields, that would provide TONS of space.

Some of our applications engineers can tell, without a microscope, what another manufacturer's raw silicon does, just by looking at it.
Other than removing a large part of the cache, none the of the things I mentioned above would be noticable to the human eye. One could probably reduce the cache a tiny tiny bit and still have room for whatever extra logic is needed.

How many layers of metal are we up to now? If I rewired a chip and left all the transistors in place but changed the metal, would anyone be able to tell? Can you even look down to that 7th layer of metal sandwiched underneath all the transistors to even tell that it was changed? It would be tough, but the chip could be rewired without moving any of the visible surface structures.

But the biggest area of concern would be the microcode. It would be nearly impossible to see the differences and a whole lot of changes could be done without anyone noticing.

IMHO, it would be really really really hard to do any of the things I listed above. But, I think it would be completely impossible to detect.

Re:It's about the design, not the fab (1)

smellsofbikes (890263) | more than 6 years ago | (#23265182)

I grant you I'm talking purely about analog power chips, because that's what I know. I'm sure you're right about microcode -- that's probably something that could be changed. But that stuff is really optimized, isn't it? It's not like you can sneak a tcp/ip stack in there so you can do your own communication -- you'd have to go off-chip, for one thing.
I don't know how big digital chips get tested. I do know that for our chips, we test hundreds of parts and thousands of chips still on the wafer for tens of thousands of conditions -- how quickly they respond to perturbations in their inputs compared to the initial silicon we had built in a different fab in the US, for instance, or how many nanoamps of leakage current pins are showing, again, compared to silicon we had done on a planet run in a completely different fab. We can easily bin out chips from different wafers, just based on their test characteristics. If anyone actually changed anything in the silicon, it would show up like a bright red flashing light. That's an understatement. It would fail so many tests it would overwhelm our error logfile server.
Seriously -- we can sometimes tell when the fab has changed lots on whatever they use to clean the finished wafers. Any silicon moves and it'd be shiningly obvious.
Like I said: I don't know big digital. But I find it hard to believe that when you set up your chip test hardware to test 1000 parameters per chip, many of them involving timing and power drain, a reengineered chip with changes would be able to match the original chip within 3% on every one of those parameters, especially if the people doing the reengineering don't know what those parameters are. Microcode might be easier to finagle, and completely invisible from a visibility standpoint, but the amount of testing those chips go through before they're shipped out is enormous, and that's where I think changes would be caught.

Re:It's about the design, not the fab (1)

joebob2000 (840395) | more than 6 years ago | (#23267416)

Remove the carry lookahead logic, shrink the cache, etc.

Even if changes cannot be spotted by examination, they can be caught by Manufacturing and Benchmarking tests that are used to validate each revision. JTAG tests, current consumption tests, functional tests, end to end performance tests, etc. After MFG tests wafers, QA runs its tests on packaged dies, then AEs take a look at it, then the SW and HW design teams use them as part of their development process. Then Customer engineers beat on them before they ever ship anything. Thats a lot of engineers with SAs, BERTs, Scopes, Throughput testers, DMMs, Hotboxes, Debuggers, calibration rigs, shakedown code, etc.

If a new chip does not match the old chip plus expected changes, you always end up with a bunch of AEs and Marketing guys in your face asking you WTF?!

Bottom line, nobody knowledgeable has said "flat impossible", but hacking chips without someone, maybe several, on the inside, is a very low odds proposition. It would be far easier to supply your own counterfeit chip with the mods and sneak it into the supply chain. This will hide how the chip looks in the package, but you better make sure it still works and takes juice like the old one, or one of the boards with the chip will end up back at the Vendor's R&D HQ, to be xrayed and thoroughly worked over by all those engineers.

Re:It's about the design, not the fab (1)

kesuki (321456) | more than 6 years ago | (#23268132)

"It would be far easier to supply your own counterfeit chip with the mods and sneak it into the supply chain."

Which is exactly what the Chinese ARE doing, and why the DOD is testing suppliers for their ability to detect modifications to chips. they decided that every chip used by the DOD now need to be checked for modifications, so they want whomever is best at finding those modifications to do it.

It's kinda hard to keep things secure if the Chinese have found a way to smuggle counterfeit chips into the DOD's firewall/routers that protect their organizations computers.

if the approach used is practical enough banks etc will start adopting similar approaches, after all cyber crime is running rampant and those with the money are looking for ways to protect it. Some credit card companies now text the user every time a credit card transaction goes through to catch credit card fraud faster.

Word games do not define engineering. (1)

joebob2000 (840395) | more than 6 years ago | (#23268970)

Those so-called "counterfeit" chips and boards you are talking about were actually unauthorized builds by contract manufacturers. If they don't work right, it is because they used seconds or substituted cheaper parts( eg lower voltage, temp rated capacitors, etc.) on the PCB. Essentially, the danger would be shipping boards that do not meet spec, the kind of stuff that can happen even without any monkey business involved.

That has nothing to do with embedding "malware" type features into working chip and having it still pass muster. When I talked about counterfeit, I meant a _fake_ chip from a third party, not somebody running off extra copies on the "4th shift".

By the way the R&D groups of manufacturers have been known to buy end products containing their chips from local retail instead of building their own copy of the reference design because the retail product is cheaper due to economies of scale. So a malware chip can easily end up back in the place that is most likely to detect it.

Re:It's about the design, not the fab (0)

Anonymous Coward | more than 6 years ago | (#23271814)

Of your list, microcode attacks are the easiest to perform, but also the easiest to protect against. You need two microcode words in your file: the first performs a cryptographic algorithmic mutation of its operands, the second performs the first across the microcode file given an arbitrary value stored at a specific address. You then test against actual ROM that contains a test routine, a test file, a primary test key, and a random test key chooser. The chip self-tests, and then reports a random number / checksum 2-tuple, which is then recalculated with another system (with a different ISA possibly) and compared mechanically and by eyeball.

This has been done through many generations of CPUs for validating boot ROM prior to execution, just without strong crypto. Some microcode-heavy architectures did this sort of checksumming because microcode files (from updates, for example) had a tendency to mis-load into EEPROMs.

Some of your other attacks are revealed through changes in chip mass, some by observation (mechanical reflectometry or transmissometry for example), and some by changes in power consumption and timing of a variety of test routines.

Subverting a CPU that is examined even cursorily for subversion is going to be hard. Most CPUs today are expensive and complicated enough that they are carefully examined for fabrication error, which is almost a strict subset of checking against subversion.

It is probably more interesting to attack peripheral components e.g. I/O controllers (especially LAN related chips) to insert covert channels that may be bidirectional. These are also checked for fab error, but less aggressively, because they are invariably using more established fab processes and facilities, and either work or don't work, since they are generally not expected to do arbitrary computation. Board assemblies, on the other hand, can do arbitrary computation, and may even have unfettered DMA, and those can be subverted by firmware fairly easily.

It is probably much more cost-effective (and lower risk) to insert a sympathetic human close to the data you are interested in acquiring or corrupting, than it is to attack a complicated supply chain whose end products ultimately are used on the data in question, and that still matters to governments in trillion-dollar economies.

Re:It's about the design, not the fab (0)

Anonymous Coward | more than 6 years ago | (#23266038)

I actually design chips, and you don't know what you're talking about. Donor gates are always left on the die so that respins can be done by just changing connectivity in the metal layers if a bug is found after tape-out. Tweaking the metal layers to cause chip failure under certain conditions would be very hard but not impossible (chip companies do it all the time to fix bugs, after all). In addition, any reasonably large die is way to complicated for anyone to figure out by inspection, and no modern design is fully formally specified such that all possible corners of the state space are known. This is a very real problem, and we're not even talking about the possibility of malicious microcode...

Re:It's about the design, not the fab (1)

smellsofbikes (890263) | more than 6 years ago | (#23266402)

I guess you're designing way different types of chips than we are. We never leave *any* extra gates unless it's a part that needs on-die trimming during test, and even then, we have control of the tester and blow all the gates we've left open.

I agree that making chips fail under usage is comparatively easy: screw up the ESD protection structures. The US did this on purpose to the USSR [nytimes.com] during the Cold War and sent them chips that failed during use, causing massive damage, but I think that failure is different than the subject under consideration.

Re:It's about the design, not the fab (0)

Anonymous Coward | more than 6 years ago | (#23267224)

Come on, you have no imagination.

Consider an ASIC that does all-in-one encrypted RF transmissions... then consider a well-placed short that leaks information about the encryption key e.g. by inducing (tolerable) drift in the carrier frequency. I bet it would just take one, in the right place. :) Possibly zero if the nefarious designer purposefully induces crosstalk.

Or how about the many bits of peripheral hardware on the typical PC bus? How hard (easy) would it be to induce bugs that would, say, cause one of them to DMA write to the wrong address under specific conditions? Mmmm tasty, a rootkitted ethernet card!

Doh! (0)

Anonymous Coward | more than 6 years ago | (#23263308)

It's taken this long for the US government to finally realize that off-shoring technology might actually come back to bite them?

The argument is that "well ... the US will keep the design and architecture for technology, and all that is being off-shored is the grunt work". Where do you think the experience for doing the design and architecture comes from?

Probably the best quote for the direction that the US is heading towards is from a STNG episode

It's broken. Can you make it go?

real world examples (1)

lophophore (4087) | more than 6 years ago | (#23263376)

Early Motorola 6809 microprocessors had an "unused" opcode hackers named HCF -- halt and catch fire [wikipedia.org] ...

Then, you have built-in kill switches used to fight satellite TV piracy, like the dreaded DirecTV Black Sunday [securityfocus.com] killer packets that killed unauthorized access cards.

So this stuff has happened.

How many Counterfeit Cisco Routers [slashdot.org] have built in exploits or kill switches is another question...

Response to Minot AFB nukes incident ... (0)

Anonymous Coward | more than 6 years ago | (#23263730)

This DARPA project will be specifically in response to the implications thrown up by the Minot/Barskdale missing nukes debacle late last year where 6 live nukes were carted across the US and one went missing. Ignore the official explanation of that - it's pure bunkum and nonsense. It was very clear something else was going on, something serious.

It was most likely a Chinese military hack, and one that was possible due to the sheer quantity of Chinese chips in US military hardware, and was a demonstrator of Chinese hacking ability.

You can learn much more here (ignore the lame sounds upon page load - the articles are worth reading): http://www.willthomasonline.net/willthomasonline/Command_Override.html [willthomasonline.net]
a 2nd more important one here:
http://www.willthomasonline.net/willthomasonline/Verification.html [willthomasonline.net]
and finally here:
http://www.willthomasonline.net/willthomasonline/Loose_Nukes.html [willthomasonline.net]

Chinese backdoors in chips in deployed US military hardware is currently a severe risk but it's good to see that they are doing something about it.

Re:Response to Minot AFB nukes incident ... (2, Funny)

geekboy642 (799087) | more than 6 years ago | (#23266666)

So I was reading one of your links with interest, seeing as it's been a long time since I got into a really juicy conspiracy theory. Those internet vandals keep debunking the good ones! And I came across this:

As they watched in shock and awe, randomly typed letters scrolled across a screen. The words were gibberish.

The sender "left breadcrumbs," Hank related. The deliberately attached ISP (Internet Service Provider) pointed to China.

This was bad enough. But what really freaked out the officers was the realization that none of these "stand alone" machines was online. None of them contained a modem!
So, first there's an "ISP" attached, and then there's no modem. It gets better.

How did the PLA hack supposedly secure air force computers lacking network modems? Just like as select power companies can now pipe the Internet to home computers through electrical power lines, the Chinese were able to play on SAC's supposedly secure computers through the AC power cables connecting them to the national power... "grid".
Okay. The PRC has invented the fantastic ability to first, hack into the U.S. national power grid from China and modulate a signal onto the power line. Then they somehow direct this signal unerringly into one of the U.S. government's most secure facilities, with filtered power, constant battery backup, and their own generators for extra backup. Then this super-powered signal hacks its way through the power supply unit (how? I haven't the slightest clue. Genius!) and gets into the CPU. And with all that fantastic power, what does China do? They type "gibberish."

Kill switch - possible but by no means probable (1)

timholman (71886) | more than 6 years ago | (#23264260)

I'm one of the people who was interviewed for this article. Several people in my department spent an afternoon talking to the IEEE Spectrum technical writer. Although it didn't really come out in the article, our take on the kill-switch concept was that it was possible but very unlikely.

Adding a trojan at the hardware level would be incredibly difficult and risky. In the first place, reverse-engineering a design from its GDS files, determining how and where to add hidden circuitry, and then incorporating the trojan circuitry into the design would be extremely difficult, as others have pointed out. The trojan would have to be customized for every design - not a trivial task. Second, if any foundry was caught producing a compromised chip, it would be ruined overnight. No commercial or government vendor would ever trust its products again. Ditto for any software vendor whose CAD tools were found to add hidden backdoors. Even if it were possible, no sane company would take the risk.

Attacking at the firmware level is more plausible, but still unlikely. If you're using an FPGA-based design, and you let some fly-by-night offshore company write the firmware for it, hidden functionality could be slipped in if you were sloppy about vetting the code. Even if the firmware was written in the U.S., you could bribe an engineer at the company to add the trojan, but again you're gambling no one else checks the code.

Our ultimate conclusion was that the most likely scenario for future compromised computer systems was exactly the one we're seeing today - worms and trojans attacking at the OS / applications level. It's an attack vector where plausible deniability by the originator can be easily maintained. It's worked pretty well so far, and it should continue to work as long as complex systems are placed in the hands of millions of technically illiterate and careless users. DARPA is spending a relatively tiny amount of money to check out the likelihood of a hardware trojan, but I doubt many people directly involved in commercial IC hardware design are truly worried about it.

Re:Kill switch - possible but by no means probable (1)

onion_joe (625886) | more than 6 years ago | (#23268220)

I'm one of the people who was interviewed for this article. Several people in my department spent an afternoon talking to the IEEE Spectrum technical writer. Although it didn't really come out in the article, our take on the kill-switch concept was that it was possible but very unlikely.

BUT, the payoff could be tremendous. I'm thinking Cylons here. Mod me funny if you dare, but think of simply the idea that US chips are compromised. The US did it to the USSR, the example that comes to mind is this: http://www.msnbc.msn.com/id/4394002 [msn.com]

And now everybody is doubting the integrity of their chips. COmbine this with the Cisco hardware scandal previously covered by slashdot, and...

To the Chinese, I tip my hat. A brilliant move, even if only psychological.

Get Them a Clue For Christmas (1)

LordOfTheUnderverse (1282568) | more than 6 years ago | (#23264850)

How do you trigger a kill switch in a microprocessor running an application on top of an OS? Build in an aerial and a radio receiver?? Your tax dollars at work folks - vote for competence!

Found some! (1)

Intron (870560) | more than 6 years ago | (#23265348)

Extra stuff has been placed in chips for years:

http://smithsonianchips.si.edu/chipfun/graff.htm [si.edu]

On my favorite design we had nearly 100% coverage on the test vectors, someone said to "marx the uncovered nets" so we named them Groucho, Chico and Harpo in the netlist.

Missing the point... (1)

fahrbot-bot (874524) | more than 6 years ago | (#23265484)

I think people are missing the real point here.

DARPA is obviously seeing if they can do it. The end goal is probably to get chips manufactured for the rest of the world that the US Govt can disable at will -- something like GPS Selective Availability [wikipedia.org] .

Presumably they're doing it themselves (2, Insightful)

currivan (654314) | more than 6 years ago | (#23266032)

If they think this approach is valuable to an enemy, what do you suppose the chances are that they aren't doing it themselves, but by pressuring the companies rather than surreptitiously inserting circuitry at the fab?

In the microprocessor case, suppose they added a bit of logic to look for a particular data sequence, and if found, switch to system management mode or ring 0 and execute whatever follows. Then they could take over any machine simply by sending it a data packet. Presumably there would be some code signing to prevent anyone else from exploiting the backdoor.

Intel, Cisco, et al are involved in the Critical Infrastructure Protection program and undoubtedly have other high-level contacts with the national security apparatus. It seems obvious that the US is in a better position than anyone else to carry out this type of attack.

Network traffic and firewalls (1)

hilather (1079603) | more than 6 years ago | (#23266156)

It seems to me that even if your CPUs were "pwnd" they would still have to use the network to relay information. No suspicious network traffic, no problem. Now if your Ciscos were made in China, your in a totally different world of pain.

I worked on this. (0)

Anonymous Coward | more than 6 years ago | (#23266376)

I worked on this stuff as a graduate student. That is all.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>