Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Counterfeit Chips Raise New Terror, Hacking Fears

Zonk posted more than 6 years ago | from the its-dah-end-oh-dah-woild dept.

Security 173

mattnyc99 writes "We've seen overtures by computer manufacturers to build in chip security before, but now Popular Mechanics takes a long look at growing worries over counterfeit chips, from the military and FAA to the Department of Energy and top universities. While there's still never been a fake-chip sabotage or info hack on America by foreign countries or rogue groups, this article suggests just how easy it would be for chips embedded with time-release cripple coding to steal data or bring down a critical network - and how that's got Homeland shaking in its boots (but not Bruce Schneier). While PopMech has an accompanying story on the possible end of cheap gadget manufacturing in China as inflation rates soar there, it's the global hardware business in general that has DoD officials freaking out over chips."

cancel ×

173 comments

Sorry! There are no comments related to the filter you selected.

SLASHDOT SUX0RZ (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22706958)

_0_
\''\
'=o='
.|!|
.| |
counterfeit goatse raises new gaping fears [goatse.ch]

FUD... (0)

Anonymous Coward | more than 6 years ago | (#22706972)

plain and simple...

ARRRGH! TERROR! (5, Insightful)

Jeremiah Cornelius (137) | more than 6 years ago | (#22706988)

EVERYTHING is now a "terror threat".

Do you suppose someone figured out that "terror" is a funding goldmine? That the way to ride this gravy-train was to pump up the volume on the "terror" megaphone?

It's pretty funny - 'til the unintended consequences land you "in internal exile", or "extraordinary rendition".

Re:ARRRGH! TERROR! (0)

Anonymous Coward | more than 6 years ago | (#22707190)

It's a relief to know we've solved "crime" and "espionage". Once we solve "terror", look out "bad vibes".

Re:ARRRGH! TERROR! (4, Insightful)

corsec67 (627446) | more than 6 years ago | (#22707310)

Just like how "think of the children" is a useful phrase for fucking over the American people's rights.

"Free speech" - "Think of the children", by the FCC
"Marijuana/drugs" - "Think of the children", by the DOJ

So, combine "think of the children" and "terrorists", and the Constitution becomes irrelevant.

Re:ARRRGH! TERROR! (4, Funny)

SleepyHappyDoc (813919) | more than 6 years ago | (#22707810)

What about child terrorists?

Re:ARRRGH! TERROR! (0)

Anonymous Coward | more than 6 years ago | (#22707882)

It's time we declare a "war on the children".

Won't somebody think of the terrorists?

It could be a joint-effort with 'War on Xmas'! (1)

FatSean (18753) | more than 6 years ago | (#22708230)

Just think, a double whammy of a war.

Re:ARRRGH! TERROR! (2, Interesting)

davester666 (731373) | more than 6 years ago | (#22708122)

It's already been done. The megaphone's that Homeland Security uses have already been hacked. They say "everything's fine" into the megaphone, but the evil terrorist's have hacked all of them so what comes out is "There's a terrorist everywhere, including inside your basement and inside your cellphone. You aren't safe anywhere."

"Terrorism" is a universal panacea (0, Troll)

LecheryJesus (1245812) | more than 6 years ago | (#22707766)

Just like the Cold war was post Stalin (and probably was all along).

Btw, I used to consider myself fairly conservative until "Basil" B(r)ush came along. Boom Boom!

Smoke and Mirrors (2, Interesting)

frovingslosh (582462) | more than 6 years ago | (#22707936)

Absolutely. If there were any real threat of a problem here, it could easily be dealt with by very simple technology, but the major manufacturers seems to not want to do that and rather go off on a smoke and mirrors terror binge. Many CPUs have long had a unique serial number built into them. Intel even gained a lot of consumer wrath when they wanted to use this ID to make it easier for every Internet advertiser to track you and amass more personal data about you. But they never made it easy for the user to benefit from this serial number.

Rather than wail and moan about supposedly fake chips, what the manufacturers should do is put on-line the database of valid serial numbers and their specs and history and let end users have access to this information and even add to the database (if they so choose) their ownership of a serial number. This would have several benefits: Fake chips would have a problem of not having a large pool of valid serial numbers (it would be easy enough to not have the database expose the entire list, and limit the number of chips that could be looked up by any IP in a short time) and if fake chips all used the same ID this could be quickly detected. Users could also confirm that the specs for the chip they bought were the specs the manufacturer intended, preventing the practice or remarking chips for higher clock frequencies. A user who desired it could have a lot of confidence that is chip was not counterfeit just by checking into the database and learning what the manufacturer knew about his chip. Chips with serious bugs that were recalled would be detected easily without alarming users of unaffected chips. And this could even provide a service of letting one register their CPU serial number, if they wanted the computer to be able to be look up by law enforcement or others later in the case of theft. That this isn't already being done, yet the industry is acting like counterfeit chips are a big problem, seems to be telling me something is bogus about their claims of doom.

Re:ARRRGH! TERROR! (1)

street struttin' (1249972) | more than 6 years ago | (#22708138)

AAAAHHHHH!!! Something Green! AHHHHHHH!!! Something NOT Green!

The Counterfeit Bolt Problem (5, Informative)

MichaelCrawford (610140) | more than 6 years ago | (#22706994)

There's been a problem for many years, in which bolts whose heads are marked to indicate that they are high-strength, are actually made from cheaper low-grade steel, and are therefor counterfeit.

A construction worker was killed while torguing such a bolt while building the Saturn car factory. The head tore off and he fell to his death.

In the same article where I read this, a general complained that you could find broken bolts littering the ground in the path of tanks on training maneuvers.

There is a way to test bolts for strength, but it's expensive.

Re:The Counterfeit Bolt Problem (2, Interesting)

TooMuchToDo (882796) | more than 6 years ago | (#22707196)

I would think this could be fixed by having an agreement with the manufacturer/provider that said they were financially liable if the material/product you received was not what you ordered.

Re:The Counterfeit Bolt Problem (3, Insightful)

TubeSteak (669689) | more than 6 years ago | (#22707570)

I would think this could be fixed by having an agreement with the manufacturer/provider that said they were financially liable if the material/product you received was not what you ordered.
Which means insurance, testing, paperwork (in triplicate at a minimum), inspections, etc etc etc.

That'll significantly add to the cost when your price per unit is measured in pennies.

Re:The Counterfeit Bolt Problem (1)

Idiomatick (976696) | more than 6 years ago | (#22707940)

lol you would be making a deal with the company not insuring each individual bolt. so cost per unit doesnt come into play.

Re:The Counterfeit Bolt Problem (1)

TooMuchToDo (882796) | more than 6 years ago | (#22708084)

Which means insurance, testing, paperwork (in triplicate at a minimum), inspections, etc etc etc.

That'll significantly add to the cost when your price per unit is measured in pennies.

I agree, but space agencies have to deal with the extra costs due to electrical (and other related) components needing to be within more precise tolerances. Why not mission critical bolts? The space shuttle is held to the launch platform by two huge explosive bolts that only detonate and release the shuttle after the on-board computers determine all three main engines are fired up properly. How much is too much additional cost to ensure you don't lose a $1 billion+ space vehicle because of faulty bolts? I know that's an exceptional situation, but if the part in question is mission critical, it's design and manufacture needs to take that into account, as well as the cost.

Re:The Counterfeit Bolt Problem (2, Insightful)

multisync (218450) | more than 6 years ago | (#22707274)

A construction worker was killed while torguing such a bolt while building the Saturn car factory. The head tore off and he fell to his death.


Where the hell was this plant being built? That worker should have been wearing fall protection.

Re:The Counterfeit Bolt Problem (4, Funny)

veganboyjosh (896761) | more than 6 years ago | (#22707536)

That worker should have been wearing fall protection.

YEAH! They make these special bolts, which are super strong...oh wait.

Re:The Counterfeit Bolt Problem (2, Informative)

0100010001010011 (652467) | more than 6 years ago | (#22707306)

Expensive? We did this in lab in engineering. You pull on the bolt until it fails. If I was building something I'd test one out of every 100. Just grab a random one and test it. If it fails way early put the entire shipment into hold.

Re:The Counterfeit Bolt Problem (3, Insightful)

arivanov (12034) | more than 6 years ago | (#22707404)

That is just for torque. This does not say anything about resistance to material fatigue and so on.

Anyway, the only reason why Homeland Security is sh*** its pants on this is that the biggest spook sabotage achievement on USSR was apparently done this way when a gas pipeline blew up due to malfunctioning of counterfeit gear. However, we do not live in the 80-es. The computers and control gear has grown much more sophisticated and frankly, if anyone wants to plant such a bomb today they will do it in software. Much cheaper and much higher probability of success.

Re:The Counterfeit Bolt Problem (1)

0100010001010011 (652467) | more than 6 years ago | (#22707872)

So you bend them or twist them or pull them. Material properties of steel are pretty well known and they're all related by some fun math.

Re:The Counterfeit Bolt Problem (1)

arivanov (12034) | more than 6 years ago | (#22708422)

yes, but bending, twisting and pulling to a programmed pattern is actually what requires expensive equipment. Ripping bolt heads of is quite easy by comparison.

Re:The Counterfeit Bolt Problem (1)

Brian Gordon (987471) | more than 6 years ago | (#22708036)

Software? You mean those 1s and 0s right? They could just compile a nice data stealer, link in all the dependencies (theres probably some CS term for self-sufficient code) and put it on a ROM. When the time comes, just start reading off the ROM over whatever was being executed before. Modern CPUs are way over my head, but I assume there's some sort of hyper advanced analogue to not checking for interrupts and running on bare metal. The program executes, the chip halts or lets the OS panic into catatonia when it realizes half its memory is different from what it was 1 cycle ago, and the russians or whoever have our data-- very slick, but I would imagine it would be extremely expensive to redesign the chips ~~~~

Re:The Counterfeit Bolt Problem (1)

Azh Nazg (826118) | more than 6 years ago | (#22708582)

You're in luck. "Link in all the dependencies" is pretty much the right phrase for that. ;)

Re:The Counterfeit Bolt Problem (1)

poetmatt (793785) | more than 6 years ago | (#22707494)

Many companies do this as a standard process. The company I work for does this more randomly and its not just the "first shipment", its all shipments period. The things they test are tested for long term endurance to make sure it doesn't just "look okay". Fairly rarely that they see a counterfit/etc, and pretty quickly that they get using inferior materials turned around too.

Of course in China and whatnot the requirements are much lower.

Re:The Counterfeit Bolt Problem (2, Insightful)

Jeremiah Cornelius (137) | more than 6 years ago | (#22707314)

There is a way to test bolts for strength, but it's expensive.

More expensive than wrongful-death compensation? Someone must have amortized this.

Re:The Counterfeit Bolt Problem (1)

pclminion (145572) | more than 6 years ago | (#22707474)

The failing bolt caused him to fall? What was he doing, leaning over an edge while putting all his weight on the wrench? The counterfeit bolt was part of the problem but it also sounds like they need to adjust their safe working practices. I don't mean to disparage the man who died. But that accident sounds like it could have been prevented even with the bogus bolt.

Re:The Counterfeit Bolt Problem (2, Interesting)

Serge_Tomiko (1178965) | more than 6 years ago | (#22707510)

There is one simple time honored solution:

Execute every manager and owner of a company found to engage in such corruption.

Such corruption strikes at the very heart of civilized society, and it should be punished with ferocious justice. It is time people in positions of authority answer for their incompetence with their lives.

Re:The Counterfeit Bolt Problem (1)

The Anarchist Avenge (1004563) | more than 6 years ago | (#22708158)

Shit, who modded this funny? Sounds like a good idea for me, but that's because I'm just a bottom-level factory worker. We'll see how I feel once I've been promoted once or twice.

Re:The Counterfeit Bolt Problem (1)

fishbowl (7759) | more than 6 years ago | (#22708012)

>A construction worker was killed while torguing such a bolt while building the Saturn car factory. The head
>tore off and he fell to his death.

Even if it had not been a counterfeit bolt, it sounds like the root cause of the problem was the reliance on a single untested point of failure. The correct bolt could have failed in the same way. What was he doing? Bolting together the platform that he was standing on? Or using the wrench as the only thing between him and a deadly fall? What if it had been the wrench that broke, or he simply lost his grip? I hope there were more policy changes after that accident than merely vendor stuff.

Re:The Counterfeit Bolt Problem (1)

gboss (968444) | more than 6 years ago | (#22708440)

The fact that he was killed has nothing to do with the failed bolt. If he was at a height where he was able to fall to his death (above 6ft, I believe is the OSHA standard), he should have been wearing fall protection. He was performing his job unsafely and it cost him his life. It had nothing to do with the (possibly counterfeit) bolt.

Re:The Counterfeit Bolt Problem (1)

dbcad7 (771464) | more than 6 years ago | (#22708484)

Although I agree with you that bolts which are improperly graded is a serious problem, I have to wonder about the cause of this fall.. Lets say he was torquing the bolt as you say, he would have still fallen if the socket slipped off the bolt.. so obviously he was not being safe... What's a greater concern, is that if all of these cheap bolts had survived torquing, it would not be known that there were weak bolts holding the building together.

I would also point out, that when buying materials for construction, you get what you pay for.. This is probably more of a problem of the person buying the materials (the bolts) finding the cheapest bolts at that grade they could find... The sad thing is that Saturn, a spin-off of GM, probably has very good buying power with Fastener companies, and they could have gotten really good quality bolts from them at the cheap price they probably paid.. But the construction company probably never even considered that when buying materials.

So maybe there is a market... (2, Interesting)

The Ancients (626689) | more than 6 years ago | (#22707000)

...for this [slashdot.org] , after all.

The focus of comments through the article was that very few people had actually come across counterfeit chips, and the financial repercussions were limited. This shifts the focus to security, which does raise different questions

Re:So maybe there is a market... (1)

Otter Popinski (1166533) | more than 6 years ago | (#22708212)

...very few people had actually come across counterfeit chips, and the financial repercussions were limited. This shifts the focus to security, which does raise different questions....

Shifting the focus to a hot-button issue is probably meant to create a market where none previously existed.

chips challenge (0)

Anonymous Coward | more than 6 years ago | (#22707002)

Well, that's globalization for ya!

Not Wise... (1)

imstanny (722685) | more than 6 years ago | (#22707008)

That's not Wise... they're Lays!

Digital Picture frames. (5, Interesting)

Lemental (719730) | more than 6 years ago | (#22707054)

This [sfgate.com] was only the beginning. Cant wait until next holiday season.

Re:Digital Picture frames. (1)

TubeSteak (669689) | more than 6 years ago | (#22707608)

Sounds like a great tool for spear fishing. Buy a crate of 'em and ship them off to the various executive officers of (Fortune 50 for example) companies. All you need is someone to whip you up a custom trojan that'll slip by most virus scanners.

TFA (3, Informative)

The Living Fractal (162153) | more than 6 years ago | (#22707064)

I didn't read TFA but is it suggesting that a highly advanced technology could be 'easily' counterfeited and delievered to US facilities? Assuming it would take another highly advanced country to do this... Doesn't this really mean war, not terror? If we find out a sovereign nation is attacking us through this channel I would call it war -- even if that means they are knowningly supplying terrorists with the chips instead of directly doing it themselves.

The US DoD depending on the global hardware business is the scariest implication to me.

And one more thing.. this almost sounds like it could be a back door for even stronger DRM technology, embedded in hardware, in our personal computers in the future. SO, how far off base am I this time?

Re:TFA (5, Insightful)

zappepcs (820751) | more than 6 years ago | (#22707186)

I think you are pretty much right on target. An errant USB stick with malicious firmware could easily wait until it is plugged into a machine on a network with the desired domain name before releasing a small virus. It is not implausible, nor hard to understand this attack vector. That USB stick might be in the form of a cheap MP3 player.

Without spraying details all over, there are many more ways to get a small piece of code inside a very secure facility, after which it's game on for the IDS system.

Even if nothing is found in the wild like this, fear of it might indeed push DRM et al into all manner of devices.

On the short list: Secure facilities should not be allowing electronic devices into their facilities. period. if they want to stay secure. No DRM should be trusted to fully do this job in such instances of security like are required for the Pentagon, military bases etc.

Adding DRM to commercial and personal use devices will NOT... repeat NOT increase security.

Re:TFA (2, Interesting)

blhack (921171) | more than 6 years ago | (#22707244)

Terrorism is the new communism. Don't let the actual definition get in the way of people using this to incite fear.

What we're talking about there is Cold war V2.0 with China.
There is no shortage of people who theorize that Russia at one point might have been able to pull of some crazy hack that disabled all of our electronics using Tesla tech; what we're talking about here is an ACTUAL ability for China to do it.
The real solution to this problem is to bring manufacturing back to the United States.

Unfortunately this requires more regulation on American Companies.

Re:TFA (2, Insightful)

Broken scope (973885) | more than 6 years ago | (#22707368)

The government could also only buy components made in the untied states. Or at least the critical ones.

Lou Dobbs? Is that You! (2, Interesting)

Jeremiah Cornelius (137) | more than 6 years ago | (#22707516)

Clearly, this is the agenda of the piece. PopMech has been a fan press for the US arm industry since its inception "Look! A dive-bomber that will send Tojo to his divine reward!".

They have seeded stories from Military and "Intelligence" sources for years.

Re:TFA (2, Interesting)

robertjw (728654) | more than 6 years ago | (#22707870)

Thing I don't get about this is the standards. Maybe general government use isn't the same, but back when I used to work for a company that made military equipment everything had to be to military specifications. Any changes had to be reviewed and approved by the DOD. I don't know if things have changed over the last 15 years, but this was a BIG deal then.

Re:TFA (0)

Anonymous Coward | more than 6 years ago | (#22708404)

Jerry Pournelle has often suggested a 10 to 20 percent across the board tariff on all manufactured goods entering the county. Not enough to encourage inefficiency, but enough to, at least partly, offset the regulatory burden on American manufacturers.

Re:TFA (3, Informative)

Arioch5 (856338) | more than 6 years ago | (#22707446)

Being that I work for an engineering company which almost exclusively works on DoD contracts (or sub contracts). I can tell you first hand that DoD material does depend on global hardware companies. Almost any type of chip out there has a military rated version available. Heck there's even a term Military COTS (Military Commercial Off The Shelf), for items that are specifically designed for military use using readily available off the shelf parts. What I would ask you is how could you possibly expect the US DOD to actually design and manufacture the vast array of chips that are currently available on the commercial market? Could you imagine the cost involved in re-designing every commercial chip and supplying it locally here in the US? In the end the only way anyone could afford to produce military grade products is to design with commercial and Industrial parts as much as possible supplementing with Military grade where necessary. In the end, everything has to be certified to meet very strict military standards. Of course, I'm speaking in generalizations here. There are I'm sure some products that are very custom to the level of having almost no commercial/industrial parts. But I dobut you could find anything that didn't at least contain commercial/industrial passive parts (ie. resistors).

Re:TFA (0)

Anonymous Coward | more than 6 years ago | (#22707696)

The US DoD depending on the global hardware business is the scariest implication to me.

<sarcasm>

Just keep repeating to yourself.

Free trade is wonderful. Free trade solves all our problems. Free trade is a panacea. Free trade can do no wrong.

There, that was easy.

</sarcasm>

Re:TFA... HOW can you call it war? (2, Interesting)

davidsyes (765062) | more than 6 years ago | (#22707760)

In the traditional sense?

If the US government (by extension, the wealthy, the connected, the power brokers, then the consumers/prosumers) want cheap goods, then they will be made in China or elsewhere. If the US wants security to not be threatened by counterfeit goods (bads) then it OUGHT to SHUT UP and bite the bullet and manufacture ALL infrastructure-threat-capable electronics domestically.

But, it can't. It can't because to do so would buck or contravene many conventions, trade acts, and agreements. If the US can't trust Asian producers, what makes it think it's safe trusting European producers? Only irrational comfort in color-based similarity and common heritage is probably all there is.

So, the next best thing is for governments to stop dicking around and posturing as soft-enemies. If China never has to fear the US, then national or entrepreneurial counterfeits orders might not be a real problem. If the US stops trying to f*sking trying to be NUMERO UNO/Master-of-the-Universe, other nations might feel less threatened. If the US is less feared, sure, some will still try to exploit it, but that is best done economically, which is already the case: multiple hands from multiple nations and places from Dubai to Israel, to UK to Tokyo to Beijing, to Venezuela (oil, cheap oil) will have some tug and push on the US. Small, but definitely felt.

All this just reminds me of the post by a sysadmin about 2 weeks ago who said as long as the counterfeits work until he's got his ROI, or as long as they don't crash or trash his network and as long as the only difference is in the serial numbers, then he doesn't care, because he saved money. Well, how can HE ever know his company's chips are not trojan chips? He's not likely to have Cisco come do an audit on the chip code or substrates or pins. He'd get fire if it's shown he knew and did nothing. Well, MAYBE he'd be fired.

i wouldn't be surprised if 45% of US infrastructure and maybe the same of the EU and even Japan has been "infiltrated" (used not in the "evil" sense, but in the penetration sense) by counterfeit chips. I wouldn't be surprised to learn that prior to off-shoring chip plants to China that the US was sending "counterfeit" or infiltration chips to other nations. These companies probably did it at the bidding of the US government, under black ops national security project, which we'll never be able to prove nor disprove, given the secret accounting and multitudes of project names and cover names.

So, in all, this is "touche", or Karma (good or bad) at work or in play.

Re:TFA (3, Informative)

VValdo (10446) | more than 6 years ago | (#22707836)

Doesn't this really mean war, not terror?

I think it would depend on the context. From TFA:

However, not all experts agree that the risk is severe. After all, there's never been a report of a foreign country or criminal outfit using such technology to steal information or commit sabotage. (The United States did successfully conduct such a mission against the Soviet Union during the Cold War.)

If I'm not mistaken, the mission they are referring to [msn.com] was in 1982, when the US let the Soviet Union "steal" software that helped run a natural gas pipeline. The Russians were in the habit of stealing US technology, so the US secretly embedded the software with code that would- when run- cause the pressure in the pipes and pumps to go sky-high.

The result:

"The result was the most monumental non-nuclear explosion and fire ever seen from space."

Was this an act of war? Not really, since the code was stolen. Maybe sabotage. Terrorism? No, but it probably sent a message to the Kremlin that stealing foreign technology may not be a good idea...

W

ugh (0)

Anonymous Coward | more than 6 years ago | (#22707078)

Every time I see an article talking about the impending terrorist plots to use high-tech means of warfare, I just say to myself, "box cutters".

Awesome! (1, Offtopic)

choseph (1024971) | more than 6 years ago | (#22707092)

Does waterboarding these 'terror chips' work as well as water cooling?

Re:Awesome! Waterboarding??? (1)

davidsyes (765062) | more than 6 years ago | (#22707814)

How about "Back-dooring"... Introducing Her Hingelader... The hind-loading info-sucking chip...

Re:Awesome! (0)

Anonymous Coward | more than 6 years ago | (#22708126)

> Does waterboarding these 'terror chips' work as well as water cooling?

Yeah, it seems to. But you don't notice until later that the information you get out of them is completely unreliable...

I like "counterfeit" turtles (0, Offtopic)

stevedmc (1065590) | more than 6 years ago | (#22707096)

I like "counterfeit" turtles.

New terror is hacking fears (3, Insightful)

Jeremi (14640) | more than 6 years ago | (#22707124)

Counterfeit Chips Raise New Terror, Hacking Fears


Indeed... the "War on Terror" is nothing more than various groups of people trying use terror to "hack our fears". The terrorists try to hack our fears to gain power over us, and the governments fighting them do the same.

Terror Fears? (1)

dmahurin (2128) | more than 6 years ago | (#22707130)

What exactly is "Terror Fear"?

Fear of extreme fear?

Re:Terror Fears? (1)

bhima (46039) | more than 6 years ago | (#22707192)

No. It's being suckered by Assholerly and Cynicism

Re:Terror Fears? (1)

kent_eh (543303) | more than 6 years ago | (#22707478)

recursive fear?

Re:Terror Fears? (1)

sxeraverx (962068) | more than 6 years ago | (#22707764)

The only thing we have to fear is fear itself. Politicians understand that concept extremely well, just not the people, which makes them so easy to manipulate.

Re:Terror Fears? (1)

UncleTogie (1004853) | more than 6 years ago | (#22708592)

The only thing we have to fear is fear itself.

Don't fear fear, use fear....whether yours or others...

Strangely enough, using it is the only way to avoid it...

Five Words (4, Insightful)

sharp-bang (311928) | more than 6 years ago | (#22707136)

You get what you pay for.

If you don't want counterfeit parts, pay for the appropriate controls and enforce them. The government has been trying to build government-class security and reliability on COTS technology for far too long.

If that means domestic production, so be it.

Re:Five Words (1)

southpolesammy (150094) | more than 6 years ago | (#22707414)

Use of COTS parts is fine as long as:
  1. Reliability concerns are either accepted as non-critical, or mitigated through the use of controls such as parts caches
  2. TCO of product is cheaper
  3. Trust in the manufacturer/integrator is established

If any of these items can not be successfully accommodated, then you shouldn't use COTS parts in your product. With respect to this discussion, #1 and #3 are in question, and debatably #2.

Re:Five Words (1)

junner518 (1235322) | more than 6 years ago | (#22707584)

You get what you pay for.
If I'm not mistaken that is six words :p

Re:Five Words (1)

sharp-bang (311928) | more than 6 years ago | (#22707628)

Technically the word "you" occurs twice. ;-)

Re:Five Words (1)

junner518 (1235322) | more than 6 years ago | (#22708260)

Okay we'll go with that

Re:Five Words (1)

robably (1044462) | more than 6 years ago | (#22707622)

Five Words: You get what you pay for.
Sometimes you get one free, it seems.

One word: (0)

Anonymous Coward | more than 6 years ago | (#22707644)

If that means domestic production, so be it.

One word: AMEN!
(or should I say it how I and millions of others really feel: A-fucking-MEN!

It is more subtle than that (1)

bbasgen (165297) | more than 6 years ago | (#22708398)


  Saying "you get what you pay for" is objectively true, but it ignores the point of the article.... ;)

  No matter how much the DoD would like domestic chips, no matter how much they shell out, it just isn't going to happen. This shift in the market has been going on for decades, there is no way in hell you can stop it. More importantly, any efforts against it necessarily require political protectionism, which is as politically dead as buggy whips. Meanwhile, computer crime has skyrocketed in the last 5 years, and it has become extremely big business. Big enough that this kind of thing, embedding chips with spy ware, is starting to actually make sense.

  I think most people recognize that the dependence of the US military on technology is problematic. At some point this will become a major vulnerability point for the US military in war. You don't have to go sci-fi and consider an EMP weapon; look no further than embedded chips, brought to you by the Russian mafia for the low-low price of a few tens of millions.

  The bottom line is that you can't compete via protectionism, and if you can't compete in the market, the conventional wisdom is that you are sure to loose on the battlefield.

Turnabout (2, Interesting)

Reader X (906979) | more than 6 years ago | (#22707178)

While there's still never been a fake-chip sabotage or info hack on America by foreign countries or rogue groups

One wonders whether the reverse is true, and if so, why other countries are not freaking out about it...

Re:Turnabout ... Intruder... Fair Play? (0, Offtopic)

davidsyes (765062) | more than 6 years ago | (#22707884)

http://www.npr.org/templates/story/story.php?storyId=88031211&ft=1&f=1001 [npr.org]

There is a "Listen Now" link, too.

But, here's a chunk:

"Army Maj. Reid Sawyer, of West Point's Combating Terrorism Center, says that is now changing -- and that al-Qaida's central leadership, securely based in Pakistan, is once again taking charge.

"What we have been observing is al-Qaida's attempt to re-assert control throughout their disparate networks, with al-Qaida in the Arabian Peninsula, in the Horn of Africa, to provide guidance and mentoring, if you will, as well as some funding to these organizations," Sawyer said.

"And so the organization has coalesced again, because of its ability to have sanctuary. And that's really given it such a benefit that can't be overstated."

Michael Scheuer, a top al-Qaida specialist at the CIA until 2004, goes even further in his assessment.

"I think al-Qaida as an organization was never seriously damaged," Scheuer said. "What we're seeing is, it has a new base. It is fairly comfortable where it sits at the moment. And it is able to go back to doing the things it did since 1988."

But the world has changed since 1988 -- and so has al-Qaida.

The group is now on the Internet, and it even has its own media company, producing videos for radical Islamist Web sites.

With these new tools, the Internet makes it possible for al-Qaida to promote its vision of jihad or holy war and solicit recruits throughout the Muslim world.

Sawyer says the Internet even provides a training mechanism, taking the burden off al-Qaida bases in Pakistan.

"What the Internet has really created for al-Qaida and its affiliated groups is a virtual sanctuary,... "

Like Adama told Tyrol about Galactica Valerii: "You'll see her again, Chief.... There are many copies."

Keep manufacturing in the US (2, Insightful)

alextheseal (653421) | more than 6 years ago | (#22707228)

Maybe if these parts are so critical we should keep the manufacturing in the US?

Re:Keep manufacturing in the US (1)

x1n933k (966581) | more than 6 years ago | (#22708114)

Good point, but you're not willing to pay to have it manufactured here as it would cost more. People would feel cheated, etc etc



[J]

Trust Your Suppliers (1, Insightful)

Anonymous Coward | more than 6 years ago | (#22707290)

... if you can't do that, there is always the old adage:

"If you want something done right, you have to do it yourself."

At some point, there is a diminishing return on security. If Chinese sabotage chips report my high score at Super Mario Galaxy back to home base .. I don't really care.

For people who need to protect their secret identity, well, WTF are we paying billions upon billions of dollars to the DoD for anyway? Build a chip fabrication plant.

"All your chip are belong to us!" (1)

StefanJ (88986) | more than 6 years ago | (#22707292)

"Hah hah!"

"Someone set us up the server!"

That explains it! (5, Funny)

boristdog (133725) | more than 6 years ago | (#22707312)

I was wondering why my new "Gatemay" computer had an "Inpel Inside!" sticker on it.

Another one for you (4, Funny)

querist (97166) | more than 6 years ago | (#22707838)

I wanted to mod this up (funny), but I decided to comment instead...

My brother has a Shrap calculator. (Yes, S-H-R-A-P, not Sharp). The lettering looks exactly like the lettering used by Sharp during that time period (1980s). He keeps it for the humor value.

"From Shrap minds come shrap products..." :-)

This kind of thing really does happen.

Re:Another one for you (1)

boristdog (133725) | more than 6 years ago | (#22707938)

Heh. A friend who went to Hong Kong brought home some "SOMY" AA batteries.

Beware: Pop Mechanics speaks for Homeland Security (0)

Anonymous Coward | more than 6 years ago | (#22707376)

One of the main editors of Pop Mechanics is Benjamin Chertoff, according to his mother a cousin of Michael Chertoff, secretary of US Homeland Security. I find it very suspicious that Pop Mechanics pushes the concept of counterfeit chips onto the masses, which will enlarge support for chip IDs. That serves DHS's agenda perfectly. PM has had other very controversial stories in the past.

Never been a fake-chip sabotage (1)

nurb432 (527695) | more than 6 years ago | (#22707386)

That we know of. There could be millions of rogue processors out there just waiting for a command to "turn on", or self-destruct. How would we ever know from the outside?

Wasn't there some question about Levono's laptops recently and their potential to secretly spy on its users at a hardware level? While not exactly the same, it is similar.

More Word Games (2, Insightful)

joebob2000 (840395) | more than 6 years ago | (#22707394)

Define Counterfeit

Isn't this hashing over the same deal where the "counterfeit" parts were really just unauthorized copies of a good board? How is it "Anti-Terrorism" to terrify the crap out of unsuspecting people with far-fetched hypotheticals?

Articles like: "The danger of installing foreign designed, foreign made black boxes in our infrastructure" just sounds obvious, and the answer is obvious too: make your own boxes.

These so-called but not-exactly-counterfeits are a problem caused by a lot of short-sighted business fads. Aggressive offshoring of design and manufacturing means that you are not in control of the product anymore. It also means that you killed off your local design and manufacturing, making it that much harder to solve the problem. If the "Counterfeit" uses full-spec parts, then are they really counterfeit? If they use crap parts, they will just break early, costing someone money. As far as a cyber-bot-net conspiracy, there are more realistic problems to worry about.

NSA (2, Interesting)

guy5000 (1211440) | more than 6 years ago | (#22707434)

Doesn't the NSA make their chips domestically?

Consensus of different implentations (2, Insightful)

scorp1us (235526) | more than 6 years ago | (#22707462)

Hardware is cheap, and there are always more than one way to skin a cat.

Just do the same algorithm on different hardware architenctures and at least one different virtual machine implementations. (Use a minimum of three implementations!) Take the answer that two agree on and forward that on to the next step in the pipeline. It would be difficult if not impossible to produce a counterfeit chip that could produce undetectable deviations in both software and hardware machines.

"Never set sail with only two compasses - use one or three."

the ongoing effort to make DRM mean security (2, Insightful)

fpgaprogrammer (1086859) | more than 6 years ago | (#22707520)

the impetus for adding restrictions and obfuscations is most certainly NOT security in the DoD sense. methinks interested parties are trying to juxtapose priacy/DRM interests with security/terrorism concerns. there is no really good argument for increased in-silicon DRM as a means to end-to-end security except for the economic security of intellectuals and their property. the troubling aspect to any attempt at subverting counterfeit designs is that it encourages mechanism to obfuscate a digital design and decreases your freedom to know exactly what is happening to those electrons. such measures invariably decrease the overall security and reliability of the system by adding more complexity. an easily counterfeit-able design is also easy to verify. the converse is also true. truly safe systems must incorporate redundant standardized parts from multiple vendors to eliminate the effectiveness of malevolently embedded flaws.

end of cheap gadget manufacturing in China (1)

nurb432 (527695) | more than 6 years ago | (#22707532)

Well, wont that just suck.

Cheaper chinese goods that are flooding in help keep prices down overall.

Ruffles (1)

c0d3r (156687) | more than 6 years ago | (#22707550)

I think it's healty for other manufactures to make rippled potato chips other than ruffles.

The CIA did this... (4, Interesting)

bockelboy (824282) | more than 6 years ago | (#22707578)

Isn't this what the CIA did to the USSR? They purposely sold the Soviets Counterfeit CPUs and other technology so their economy would be based on faulty technology.

In fact, it culminated in the mid 80's when a brand new pipeline was turned on with turbines taken from America via a Canadian intermediary. The turbines purposely malfunctioned and the resulting blast was about 1/4 the size of Hiroshima. Taking out such an important oil pipeline made a non-trivial dent in the Soviet economy.

Look up the "Farewell Dossier".

What is old is new again.

They would know (1)

Rorschach1 (174480) | more than 6 years ago | (#22707592)

Didn't the US government do exactly this sort of thing to someone else? I think it was a country in the Middle East, and it involved HP printers, IIRC.

Terror? You want terror? I'LL GIVE YOU TERROR! (-1, Troll)

Chas (5144) | more than 6 years ago | (#22707610)

*POOT!*

Now! Cringe in horror as the unholy stench of my "biological agent" sears its way into your nostrils!

HMBOOWAHAHAHAHA!

Too over the top? Yeah. But, then again, so is more of the erstwhile "War on Terror".

Done before (1, Interesting)

Anonymous Coward | more than 6 years ago | (#22707724)

This was actually done before, by the US.

During the COCOM technology embargo era US intelligence services secretly supplied the USSR computer equipments with rigged chips. These computers were used in critical applications, including oil industry. In the mid 80's the American government revealed and demonstrated that they owned critical Russian computer infrastructure.
According to some analyst this was a major factor in the sudden collapse of the political system: the Russians had no way to know and verify how deeply they were penetrated.

It's strange to hear that anybody in the US in charge is surprised now...

It would be so easy to put a back door into AMT (3, Informative)

Animats (122034) | more than 6 years ago | (#22707800)

The easy way to attack remote systems at the hardware level would be to preload a back-door key into Active Management Technology. [wikipedia.org] All the hardware is already there to remote control the computer, without any help from the operating system. By default, this feature is supposed to be disabled. But a minor firmware change, initializing the AMT unit with a second hidden key instead of leaving it disabled, would make it possible to take over any corrupted machine from a level below the OS.

AMT is the latest form of this, but there's also ASF (AMD's version), and RCMP (works over UDP, while AMT is a web service).

This is tough to detect, short of cutting open the network controller chip and tracing the wiring with a scanning electron microscope. That's quite possible and tools for it exist, but it's not cheap.

Use programmable logic (0)

Anonymous Coward | more than 6 years ago | (#22707818)

Using programmable (but not reprogrammable logic) solves this problem.

T.J. Bass' The Godwhale -- deja vu all over again. (0)

Anonymous Coward | more than 6 years ago | (#22707908)

1970's era scifi -- the nebishes in the hive give the humans chips that self destruct.

America should say NO to china built chips (0)

WindBourne (631190) | more than 6 years ago | (#22707998)

All in all, at the very least, the US gov. should say no to companies that are moving their production to china. In fact, I think that if the production does not come from certain countries, then it should not be bought. Basically, we are allowing our far too many of our items to go to countries who WILL be after the west. The feds could just buy from Places like EU, Japan, Canada, Israel, and even Mexico and not worry too much.

Hackers are cheapskates too... (4, Insightful)

Stochastism (1040102) | more than 6 years ago | (#22708128)

This kind of illicit technology is usually (not always) about making a buck. It's cheaper to exploit software than physical chips.

Fix the world's software and then those industrious rogues might decide the expense and lengthy process of counterfitting physical chips is worthwhile compared to a quick piece of spyware.

Never been a fake-chip sabotage or info hack (1)

noidentity (188756) | more than 6 years ago | (#22708156)

While there's still never been a known and admitted fake-chip sabotage or info hack on America by foreign countries or rogue groups

There, fixed that for you.

Already been done, but it's difficult (5, Informative)

smellsofbikes (890263) | more than 6 years ago | (#22708174)

In the early 1980's, the US produced intermittently buggy chips which we sold to the USSR in full knowledge that they'd disrupt production facilities. It worked very well. [nytimes.com] Why, then, wouldn't China do the same thing?

As someone who works in chip verification, I can tell you it's very difficult with most chips to do this, as long as the chips are designed in the US -- which is still largely the case, that they're designed here and produced in fabs in China (because labor's cheap and they don't care if their workers are exposed to HF and silane as long as money's coming in.)
You know *exactly* what size your chip die is. If the silicon comes back from the fab with a different-sized die, it will be very obvious. So nobody can put extra stuff onto an existing die. Die size is the single most critical aspect of most designs, because of the cost, so existing designs are jammed just as tightly as they can possibly be. You can't put more functionality into an existing die size. The problem, then, is letting your design out. (And even then, a competent chip designer could probably spot strange material on a smaller die because they're familiar with how the layout is supposed to look.)
There are some amazing military-grade chips out there. I was reading about the Maxim DS3600 [maxim-ic.com] the other day -- on-chip encryption and tamper-sensing, including detecting temperature changes and reacting by blanking all the on-board memory and stored encryption keys in nanoseconds, far faster than dumping liquid helium onto the chip would be able to freeze the memory for decoding. (They use some whack process for continually load-levelling and rewriting the keys so you can't use stored oxide charge to read what was there before it got blanked, either.) That kind of stuff is on the common market, available for anyone to buy. I assume the military has better stuff yet, and espionage people even better.
At the end of the day you have to be able to trust someone or you'll just crouch in your basement. But there are ways to verify a chip's functionality and look for clearly bogus interactions. Our chip test systems make it easy to distinguish chips from different silicon lots, much less from different fabs. As always, if you buy the cheap stuff you don't know what you're getting, but if you spend the money to do some research, you'll have a much, much better idea of what you're getting. In this case, money in the millions of dollars, granted, but if you're designing military-grade stuff, well, that's why you buy from companies with a track record of producing trustworthy stuff.

Just like the movie Runaway (1)

dwarmstr (993558) | more than 6 years ago | (#22708240)

Just like Runaway! [imdb.com]

You mean my Doritos may not be safe for Democracy? (-1, Offtopic)

GlobalColding (1239712) | more than 6 years ago | (#22708390)

Oh n0s, teh terrorists am teh haxx0ring mah Doritos! Is nothing sacred any more?

Coward Warriors (-1, Redundant)

Doc Ruby (173196) | more than 6 years ago | (#22708596)

that's got Homeland shaking in its boots (but not Bruce Schneier).

I'd feel a lot safer if the people who've trashed our Constitution, killed our soldiers (and so many foreigners), and squandered our money (and our childrens's and grandchildren's) didn't pretend to be so tough while actually fearing anything that moves. They'd probably kill a lot less people, destroy a lot less of whatever they touch, and maybe actually stop some of the threats they're supposed to.

Where's Binladen? He ain't encoded into some Manchurian Chip, that's for sure.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>