FBI: China may use counterfeit Cisco routers to penetrate U.S. networks

worldtribune ^ | May 15, 2008 | East-Asia-Intel

[ricks_place]

An FBI presentation states that China has counterfeited Cisco Systems network routers and may be using the equipment to penetrate U.S. government and private sector computer networks.

Federal authorities in February seized some 400 counterfeit Cisco Systems knockoffs worth $76 million. The equipment included routers, switches, gigabit interface converters and WAN interface cards. Among the purchasers of the fake equipment were the U.S. Naval Academy, U.S. Naval Air Warfare Center, U.S. Naval Undersea Warfare Center, U.S. Air Base at Spangdahelm, Germany, the Bonneville Power Administration, General Services Administration, and the defense contractor Raytheon, which makes key missile and weapons systems.

The FBI briefing slides on the case stated that while there are “intelligence gaps” on why the Chinese made the counterfeit equipment it could have been for profit or as part of a state-sponsored operation. Additionally the scope of the Chinese counterfeit equipment may extend beyond routers to include fake IT equipment such as PCs and printers.

Under a section titled “The Threat,” the FBI described the effort as “IT subversion/supply chain attack” that could “cause immediate or premature system failure during usage.”

The counterfeit equipment also could be used to “gain access to otherwise secure systems” and to “weaken cryptographic systems.”

The briefing slide said the Chinese information warfare efforts require “intimate access to target systems.”

[hamboy]

Actually this was posted at http://blog.ironkey.com/?p=347 on March 28, 2008 

Fake Cisco Gear Coming Into the U.S. from China

The Federal Bureau of Investigation reported last week more than 400 seizures of counterfeit Cisco equipment and labels worth more than $76 million filtering into the United States from China. The effort, which has been ongoing since 2005, is being driven by DHS and FBI. Immigration and Customs Enforcement, and the Customs and Border Protection conducted 28 investigations and managed six indictments and four felony convictions, with more than 74,000 fakes seized, while the FBI’s portion of the initiative, dubbed Operation Cisco Raider, resulted in 36 search warrants with approximately 3,500 counterfeit network components identified, and a total of ten convictions. The government is among the most profitable markets for Cisco. That makes federal agencies as susceptible as any to getting duped. In 2004, for example, counterfeit Cisco switches landed in one of the Navy’s secure facilities. One contractor involved was recently found liable, and now the circumstances are being investigated by the Navy’s Acquisition Integrity Office.

Imagine what happens if these fake devices have back-doors to allow remote attackers to gain access to corporate firewalls and networking gear….

[martin_fierro]

Ping

[devane617]

I’ve said for a long time that there is a hidden cyber-war going on, full-force, with China.

[devane617]

Most of our computer parts are made in China...Also, IBM recently sold it’s pc hardware division to China...But what the hell...China is only making the stuff Americans will not.

[hamboy]

You're probably right.  I got tired seeing Chinese IP addresses attempting to hack in to my home network appliance server.  BTW, this is another techie posting...  http://blog.ironkey.com/?p=348

Chinese Backdoors Could be “Hidden In Router Firmware” Says SecureTest

UK-based SecureTest believes spyware could be easily built into Asian-manufactured devices such as switches and routers, providing a simple backdoor for companies or governments in the Far East to listen in on communications.

“Organisations should change their security policies and procedures immediately,” says Ken Munro, managing director of SecureTest. “This is a very real loophole that needs closing. The government needs to act fast.”

Here is the First.org warning notification.

[brityank]

Ping to the thread and comments. Paranoia is good!

[Realism]

China only makes plastic toys and pink flamingos, everybody knows that.

[Travis McGee]

Tech ping

[kalee]

ping

[SE Mom]

Whoa..

I’m passing this along to our IT dept at work- they’re pretty up-to date on security- but who knows...

[Michael Barnes]

Sue who? There are still A LOT of x.25 pads out in the wild....bandwidth sucks, but so does the logging.

[CDB]

I believe this is the same case:

http://www.abovetopsecret.com/forum/thread350381/pg1

Good photos of genuine and fake routers

[driftdiver]

“Sue who? There are still A LOT of x.25 pads out in the wild....bandwidth sucks, but so does the logging.”

They’ll sue everyone and who knows, they may stop putting lead in our food products.

[driftdiver]

“Man our people are idiots for not checking this crap more closely, given where it is being used.”

All systems are checked pretty thoroughly when installed and routinely after that. The problem with these is they have a back door which probably doesn’t respond to normal penetration testing. Properly done it wouldn’t even show up in the logs.

[CJ Wolf]

the spam is the datastream back to china.

Darn said too much again.

[FreeAtlanta]

This worries me about all computer equipment made in China. I was just telling my wife that a friends laptop is totally made in china and that the Chinese dictator propably has the backdoor password.

I think all Macs are now made in China. That is what the fat guy needs to tell the cool dweeb.

[itsahoot]

Yes. As far as I am concerned, there should never be any foreign bidding on contracts to fill our military needs.

Doen't matter they just come here and build or buy a plant, and make them locally.

I believe this was done with our Aegis system.

[CodeToad]

Yes, sir, China is our friend. /sarcasm

[Mike Darancette]

Can you imagine how many Chicken Hawks will be paying alimony to their Boy Toys.

[WoofDog123]

yeah, i suspect there is an assumption that upon outbreak of any hot war with them, asome of our systems are going to either quit working, start doing strange things, or forwarding their data to a non-fedgov site...

The permutations of this strategy are quite disturbing.