The US Federal Bureau of Investigation has warned of threats to the US military and critical national infrastructure caused by counterfeit Cisco products.
The counterfeit products could open a hardware backdoor into those systems, warned the Federal Bureau of Investigation (FBI), enabling an attacker, potentially undetected by security software, to gain control of the systems. Counterfeit parts also have a much higher failure rate: one is known to have caught fire in a government network, due to a faulty power supply, warned the FBI.
To make matters worse, the FBI has an "intelligence gap": it does not know whether the fake goods are made for private profit or are state-sponsored, nor the scope of counterfeit-equipment use in the US government. The FBI did warn, however, that there is a threat of IT subversion and supply-chain attack which could cause vital systems to fail, allow access to otherwise secure systems and weaken cryptographic safeguards on government data.
An FBI PowerPoint presentation leaked in April to abovetopsecret.com gave details of an FBI investigation into Cisco routers: "Operation Cisco Router". In the presentation, the FBI detailed how counterfeit Cisco goods from China had made their way into the US military supply chain.
Manufactured in the Shenzhen province of China, the fake Cisco equipment was then supplied directly to the US government through several routes: either directly through US distributors or through those who had bought the counterfeit kit off eBay; through distributors in other countries, including the UK; and through US government employees buying through non-General Services Administration (GSA) approved sources. The GSA is the US federal acquisition agency.
One company was indicted in December 2007 for allegedly shipping counterfeit products from China and selling them to the Marine Corps, the Air Force, the Federal Aviation Administration, the FBI itself, defence contractors, universities and financial institutions. The US Navy and Bonneville Power Administration, which serves the US Pacific Northwest with power, were allegedly sold counterfeit products by another company buying directly from China.
According to a whitepaper by the Alliance for Gray Market and Counterfeit Abatement (AGMA) and KPMG, approximately 10 percent of IT products sold are counterfeit. However, the FBI presentation said that law-enforcement agencies estimate the percentage to be higher.
One commentator on the abovetopsecret.com blog asked why the US government had not employed more stringent supply-chain practices.
"It was quite shocking that the US government would allow second- or third-party sub-contractors to place hardware orders," wrote IchiNiSan. "Why doesn't the US government cut a country-wide deal directly with Cisco or other branded US hardware manufacturers? I'm quite sure, with the total volume combined, they would be much better off than going two [or] three layers down the supply chain, not to mention [mitigating] the security risks."
The FBI presentation said part of the problem lies with government procurement practices, revealing that the government normally searches for the lowest prices for products. A counterfeit Cisco 1721 router costs $234 (£120), while the genuine version costs approximately $1,375. Another part of the problem is that...
Talkback
Offshoring US jobs to lower cost economies for regular US investor and management greed has carried this risk for years. Products used by the US military and their components and sub assemblies are built from and designed in US vendor's low cost off-shore facilities staffed by people who shared University classes and military training with their peers in those countries secret services, or by people who trained in those countries and now work in another. Many of these facilities are in, or have close links with, countries with no respect for International law like Israel, Poland(Russia), China, S.Korea(N.Korea).
Example: Israel's appallingly repressive regime of fundamentalist land grabbers with Nukes has people designing chips and code that supply US manufacturers and users leading edge infrastructure and who have direct links to MOSSAD this way, went to the same Technical University, etc.
Would they bite the hand that feeds them $$$$ and war machines? They occupied the territory of other countries and claimed it as their own based on Biblical references to get and expand a state (try that in New York), have built nuclear weapons illegally, kidnap people from foreign countries who have done nothing wrong in international law for revenge "trial", and , practice assassination at home and abroad, all well documented. So will certainly do anything to get information.
Less evil regime's security services do all kinds of mad things to spy on their supposed allies as well as their enemies - including the US and UK for a start, with total disregard for the law.
So in short I would expect the US has been compromised for years at a fundamental level by this route through US based suppiiers - through its own greed and supposed friends as well as enemies.
Brian