Counterfeit Cisco Routers
This is really bad and scary news. The F.B.I. Says the Military Had Bogus Computer Gear.
[T]he… sinister specter of an electronic Trojan horse, lurking in the circuitry of a computer or a network router and allowing attackers clandestine access or control, was raised again recently by the F.B.I. and the Pentagon.
The new law enforcement and national security concerns were prompted by Operation Cisco Raider, which has led to 15 criminal cases involving counterfeit products bought in part by military agencies, military contractors and electric power companies in the United States. Over the two-year operation, 36 search warrants have been executed, resulting in the discovery of 3,500 counterfeit Cisco network components.
Cisco routers are everywhere. According to Cisco’s web site, “Cisco is the leading supplier of networking equipment and network management for the Internet.” The likelihood that you received this web page over one or more Cisco routers is extremely high.
Also, what if this wasn’t just counterfeiting?
The F.B.I. is still not certain whether the ring’s actions were for profit or part of a state-sponsored intelligence effort.
It’s one thing if largely used networking components get compromised through a flaw to allow “back door”, privilege escalation, or other nefarious access to data which flows across them. It’s an entirely different thing if these devices were (re-)engineered with villainous intentions. Such additions could be nearly impossible to detect. One more quote from the NY Times story:
The threat was demonstrated in April when a team of computer scientists from the University of Illinois presented a paper at a technical conference in San Francisco detailing how they had modified a Sun Microsystems SPARC microprocessor by altering the data file on a chip with nearly 1.8 million circuits used in automated manufacturing equipment…
“It’s very difficult to detect and discover these issues,” said Ted Vucurevich, the chief technology officer of Cadence Design Systems, a company that provides design tools for chip makers. Modern integrated circuits have billions of components, he said: “Adding a small number that do particular functions in particular cases is incredibly hard to detect.”
If this doesn’t give you nightmares, it should.
One thought on “Counterfeit Cisco Routers”
Companies looking for a safe environment for purchasing used networking equipment should make sure they are dealing with a member of the United Network Equipment Dealer Association (www.uneda.com). More than 300 members worldwide work together to promote and uphold the highest standards and best practices when it comes to buying and selling legitimate pre-owned gear from all the leading OEMs. Together, UNEDA members sell more than $2 billion in pre-owned gear annually to over 10,000 customers, fueled by an increased supply of and demand for pre-owned network routers, switches, access servers, security products and VoIP phones/telephony products at savings of up to 90 percent off OEM list prices.
Comments are closed.