Replies

null&void: Weren’t you assuring us that this wasn’t happening just 2 weeks ago today?

No. It was exactly ONE week ago. Thanks for the ping to another anthill, tho. =)

The question is: does anyone really want to know that the author of the study in question (Sergei Skorobogatov) specifically said that what he found in an FPGA programming method had nothing to do with the Chinese?

Does anyone here really care about the real potential for espionage from Norks, Russians, and Chinese that can so easily be done via USA fabs and design houses?

Does anyone here care that these stories are being ginned and purposefully conflated with the instances of counterfeiting done in every country of origin with nothing to do with software/networking espionage like Stuxnet (which was also not Chinese)? Does anyone care that these stories are fanned by Richard Clarke and Carl Levin to push their establishment agendas, and distracts from the numerous "legitimate" ways to infiltrate US military systems.

IOW, these guys are interested in directing attention away from their buds in the existing sloppy military procurement bureaucracy, away from the wide-open real threats to espionage in San Jose, California, for example, and on to those bastard freetradecommies that everybody hates. Did Clarke mention he has a book out for sale?

Fake Chinese Parts 'Found In US Planes'

05/30/2012 12:54:31 PM PDT · 176 of 177
sam_paine to Justa; jrestrepo; NVDave

So now we all agree! Like I was saying...

BI: Could you respond to this Errata post ("Bogus story: no Chinese backdoor in military chip") specifically?

[Sergei Skorobogatov] 1) We have made no reference to any Chinese involvement in either of the released papers or any reference to espionage. Therefore we don't agree with Robert Graham's assertion that we suggest Chinese involvement. So we have no idea why people have linked the Chinese to this as it did not come from us.

[Sergei Skorobogatov] 2) As far as we are concerned the back door was implemented by the manufacturers at the design stage and we suggest that in the papers.

That is from your "rebuttal" link, Justy.

Ok? So now we can all agree that the article of the original thread is about fraudulently copied functional equivalents, and not Chinese espionage like Sergei Impliedalotovstov says he's not alluding to. And we can agree that your rebuttal's author Sergei found a method to read out Actel's FPGA programming....which would allow certain data to be read if you could clip wires onto that physical system.

Wooptiedoo! Anyone who has ever fired up an evaluation board with a microcontroller or FPGA from Actel or Xilinx has known this for decades.

I've already mentioned upthread a more glaring, public, non-hidden problem with FPGAs which have the ability to be programmed via serial links and networks. So yeah, those systems could be vulnerable to cyberattacks from Korea or Russia or Israel or China. But that is coming from insecure design and development of the intended, advertised product MADE IN THE USA. Not Chinese "backdoors" in resistors!

But Sergei Wrotealotovrot did a smart thing by fanning the espionage flames. Otherwise his "expose" of an obvious internal exploit for a particular US design would've gotten ho-hum interest from anyone who knew anything about JTAG programming of FPGAs. BTW, you realize that the engineers who implemented that JTAG logic function have a design spec internally, and they have a Verilog or VHDL description of it, and tested it internally. Anyone who worked on that project knows everything Sergei Didalotovnada learned, and was not under any kind of military clearance, and might not have even had a non-disclosure agreement with respect to emailing it to a colleague, customer, student or chinese spy!

176 of 177

Thanks for your prompt and excellent reply. I missed last weeks anthill, I found a similar one I was involved with on the 23rd.

To the degree that Chinese manufacturers robotically use our layouts and mask sets there is little danger of them using our designed in back doors.

Unfortunately we train a LOT of Chinese engineering students in our universities, and SOME of them are PLA officers, and SOME of them are quite capable of reverse engineering our designs to insert any back doors the Chinese government desires.

The rules of threat assessment call for identifying what an enemy is capable of doing, not necessarily what they are actually doing.

They are capable of inserting a dormant shut down code in every microprocessor they manufacture, some of those chips might work their ways into critical systems. Most will end up sprinkled throughout our electronic infrastructure.

How much havoc would ensue if say, 10% of our gas pumps, heart monitors TV stations and home shopping computers all died in the same hour is an exercise left to the reader...

"Does anyone here really care about the real potential for espionage from Norks, Russians, and Chinese that can so easily be done via USA fabs and design houses?"

I can only speak for me - Yes, and assume others care based on what I read in comments on FR, like this from "null and void":

The rules of threat assessment call for identifying what an enemy is capable of doing, not necessarily what they are actually doing.

I like that quote a lot - given almost 30 years of high-end global industry experience (see note 1 below).

Based on your comments, I believe we're in agreement on the risk assessment facts from known design and engineering practices. We don't need to invent complicated engineering scenarios in order to be concerned about what's already installed across America and the globe that controls core elements of every day life.

The WashedUp Times pointed out some of the recently published studies on PLC vulnerabilities:

Project Basecamp at S4

"Project Basecamp had six great researchers looking for vulnerabilities in six different PLC’s / field devices, and the PLC’s took a beating. There were backdoors, weak credential storage, ability to change ladder logic and firmware, command line interface, overflows galore, TFTP for important files and so much more."

Cyber search engine Shodan exposes industrial control systems to new risks

Researchers found that one machine made by General Electric, the D-20, uses the same microprocessor installed in Apple computers two decades ago. The company that made its operating software stopped updating it in 1999. It is often shipped to customers with no meaningful security.“Security is disabled by default,” the manual says. “To log in, enter any name; you do not need a password.”
In a statement to The Washington Post, General Electric said: “The D-20 was designed for deployment in a layered security environment, in which asset owners and operators employ a range of measures to prevent, detect and respond to intrusions. GE actively works with our customers to design and support those security measures.”
The company added that the software for the machine “is designed to be secure and includes a layer of password-protection, which can be activated if the customer chooses to do so.”
Other machines had flaws that enabled the researchers to take control through electronic back doors.
In January, Digital Bond said the results were “a bloodbath, mostly.”
“Most of the guys were able to hack their controllers in a single day,” said K. Reid Wightman, a Digital Bond security researcher and former Pentagon cyberwarrior. “It’s just too easy. If we can do it, imagine what a well-funded foreign power could do.”

(1) My first professional job was in semiconductor manufacturing, not as an EE, but I designed their first distributed systems with desktops and "file servers" delivering integrated data from big iron global systems. And I pioneered some of the first commercial Software as a Service products. This was way before there were any books available on how to build, sell, run, scale, and support such products.