Replies

No. It was exactly ONE week ago. Thanks for the ping to another anthill, tho. =)

The question is: does anyone really want to know that the author of the study in question (Sergei Skorobogatov) specifically said that what he found in an FPGA programming method had nothing to do with the Chinese?

Does anyone here really care about the real potential for espionage from Norks, Russians, and Chinese that can so easily be done via USA fabs and design houses?

Does anyone here care that these stories are being ginned and purposefully conflated with the instances of counterfeiting done in every country of origin with nothing to do with software/networking espionage like Stuxnet (which was also not Chinese)? Does anyone care that these stories are fanned by Richard Clarke and Carl Levin to push their establishment agendas, and distracts from the numerous "legitimate" ways to infiltrate US military systems.

IOW, these guys are interested in directing attention away from their buds in the existing sloppy military procurement bureaucracy, away from the wide-open real threats to espionage in San Jose, California, for example, and on to those bastard freetradecommies that everybody hates. Did Clarke mention he has a book out for sale?

Fake Chinese Parts 'Found In US Planes'

05/30/2012 12:54:31 PM PDT · 176 of 177
sam_paine to Justa; jrestrepo; NVDave

So now we all agree! Like I was saying...

BI: Could you respond to this Errata post ("Bogus story: no Chinese backdoor in military chip") specifically?

[Sergei Skorobogatov] 1) We have made no reference to any Chinese involvement in either of the released papers or any reference to espionage. Therefore we don't agree with Robert Graham's assertion that we suggest Chinese involvement. So we have no idea why people have linked the Chinese to this as it did not come from us.

[Sergei Skorobogatov] 2) As far as we are concerned the back door was implemented by the manufacturers at the design stage and we suggest that in the papers.

That is from your "rebuttal" link, Justy.

Ok? So now we can all agree that the article of the original thread is about fraudulently copied functional equivalents, and not Chinese espionage like Sergei Impliedalotovstov says he's not alluding to. And we can agree that your rebuttal's author Sergei found a method to read out Actel's FPGA programming....which would allow certain data to be read if you could clip wires onto that physical system.

Wooptiedoo! Anyone who has ever fired up an evaluation board with a microcontroller or FPGA from Actel or Xilinx has known this for decades.

I've already mentioned upthread a more glaring, public, non-hidden problem with FPGAs which have the ability to be programmed via serial links and networks. So yeah, those systems could be vulnerable to cyberattacks from Korea or Russia or Israel or China. But that is coming from insecure design and development of the intended, advertised product MADE IN THE USA. Not Chinese "backdoors" in resistors!

But Sergei Wrotealotovrot did a smart thing by fanning the espionage flames. Otherwise his "expose" of an obvious internal exploit for a particular US design would've gotten ho-hum interest from anyone who knew anything about JTAG programming of FPGAs. BTW, you realize that the engineers who implemented that JTAG logic function have a design spec internally, and they have a Verilog or VHDL description of it, and tested it internally. Anyone who worked on that project knows everything Sergei Didalotovnada learned, and was not under any kind of military clearance, and might not have even had a non-disclosure agreement with respect to emailing it to a colleague, customer, student or chinese spy!