Richard Clarke: All U.S. Electronics From China Could Be Infected

Well, it’s been pretty obviuos for a while now that China’s been hacking into some  of America’s most important businesses and government agencies and stealing reams of data. We’ve heard countless reports about Pentagon info being stolen orabout critical data on the F-35 Joint Strike Fighter being plucked from defense contractors networks — with China being the main suspect.

Well, former U.S. counter-terrorism czar –currently running his own cybersecurity firm — Richard Clarke is coming out and saying that all electronics made in China may well have built-in trapdoors allowing Chinese malware to infect American systems on command. The malware could do everything from take over a device to disabling it to secretly siphoning information off of it.

Just remember, plenty of military electronics parts are sourced from China too. U.S.-based defense contractors routinely buy things like processors and circuit boards — that end up on the Pentagon’s most advanced weapons, everything from fighter jets to nuclear submarines — from brokers who get such parts in China. As you know, these parts often prove fake, something that’s dangerous enough due to the high risk of a fake part failing. What’s to stop real parts made in China from carrying an equally dangerous cyber trapdoor?

Here’s what Clarke Recently told Smithsonian Magazine:

“My greatest fear,” Clarke says, “is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese. And we never really see the single event that makes us do something about it. That it’s always just below our pain threshold. That company after company in the United States spends millions, hundreds of millions, in some cases billions of dollars on R&D and that information goes free to China….After a while you can’t compete.”

But Clarke’s concerns reach beyond the cost of lost intellectual property. He foresees the loss of military power. Say there was another confrontation, such as the one in 1996 when President Clinton rushed two carrier battle fleets to the Taiwan Strait to warn China against an invasion of Taiwan. Clarke, who says there have been war games on precisely such a revived confrontation, now believes that we might be forced to give up playing such a role for fear that our carrier group defenses could be blinded and paralyzed by Chinese cyberintervention. (He cites a recent war game published in an influential military strategy journal called Orbis titled “How the U.S. Lost the Naval War of 2015.”)

As Gizmodo points out, this may just be clark doing his job as the head of a cybersecurity company to drum up business or it might be another prescient warning from the man who predicted a “spectacular” al Qaeda attack before 9/11. All I have to say is that implanting trapdoors in electronic goods bound for the U.S. would make perfect sense.

Via Smithsonian Magazine.

 

39 Comments on "Richard Clarke: All U.S. Electronics From China Could Be Infected"

  1. It would require incredible data-mining efforts to find those "high value appliances". I mean, a iPad owned by SecDef might be more interesting than Jill from Mankato, Minnesota? And even then, what's on that thing?

    Though it is a legit concern if it comes to network switches and computers. With network switches, isn't there a software layer that may present a wrinkle if the PRC has no access to source code? Though I suppose they could buy one, clone the firmware and check it for backdoors, but…

  2. jail all the ceo's

  3. Shame on all of the politicians combined with the Corporations that have left this once INDEPENDENT great country at the mercy of foreign countries. All of this done for the love of the almighty buck! The ones that carry the real burden and costs are our loyal Military members. Job well done to ALL of you in ALL of the forces!

  4. Ceo's sell out your country, jail all the Ceo's that do business with China…

  5. I bought a levi's back in the 80's for $25 and that made in the USA, CEO's want to move manufacture to China because INFLATION they claim, now 2012 I paid for the same levi's for $55 and it made in China….can any explain what inflation here..??my a$$ inflation or CEO's big bonuses INFLATION…

  6. Richard Clarke is an alarmist. Read his book Cyberwar. I think people like him tend to overestimate how difficult it would be to "get back online" after an attack. Most important data is now stored across air gaps. More importantly, placing the same trapdoor in millions of devices is a great way to get it discovered…and thwarted. It's not like there are super smart people within the military-intelligence complex and without looking for these things. just my two cents.

  7. While I do share Mr. Clarke's concerns, and agree that offshoring EVERYTHING is not within the long-term strategic interests of our country, militarily or economically, I don't quite agree his assessment. He is clearly saber-rattling for the sake of procuring more business.

    The reality is… the physical requirements to 'remotely activate' and then 'communicate back and forth' with embedded 'droneware' on any such device, would clearly be detectable during the course of transmission, given the appropirate network monitoring infrastructure.

    In other words, you're more likely to get infiltrated by simply visiting this web page, than you are buying some component from China.

  8. This is part of what Pat Buchanan was talking about for years, especially from 2001-2008 when the exodus was radically increased via the administration changing the rules that encouraged our manufacturing base to move overseas.

    Everything Pat predicted those years fell on deaf ears, and everything came true. OUr nation got sold out in return for little more than short-term profits.

  9. Matt Holzmann | March 29, 2012 at 6:53 pm |

    since this is my business I can comment with some authority.

    40% of the component supply inventory has been affected. There are all sorts of variations.

    They are relabeling/marking commercial grade components to MIL Spec. Obsoleted parts are being relabeled as new.

    There is a great fear of trap door software.

    Some of the components are "3rd Shift", where the employees or contractor may be running the production lines for unauthorized capacity off the books.

    Some packages contain no silicon. You can buy the substrates, bond them and label them yourself as anything you want to.

    It is a major criminal activity. It is occurring in Nigeria, India and China.

    Many of the top line defense electronics contractors are lobbying for the removal of many key components from the ITAR list.

    This thing is a tar baby and is one consequence of the destruction of the American electronics manufacturing base.

  10. Matt Holzmann | March 29, 2012 at 6:56 pm |

    follow up. By removing them from ITAR, they production can then be exported to non-ITAR countries like China. Chinese manufacturers will underbid Western suppliers and the remaining, limited defense subcomponent manufacturing base will then collapse.

  11. I understand we should get off offshore produstion and such. But does anyone know how we can do such a feat then? Like how we can convince for things to change or such? Please, give a real legit answer.

  12. Apple Ipad has a branch in China at Zhengzhou plant. Noooo!!

  13. Hickelbilly | March 29, 2012 at 9:54 pm |

    I recall this story about two years ago when I was checking on why, with my profile, all I was getting was pics of Chinese people. As I recall someone had a whole network system on a desttop and it was hacked and stolen. It was perhaps slowly decoded over the years. I don't see the part where American Asians were taken popular songs plugging in one of those new auto pieanners, lib scyn, change the lanuage to Chinese, send it to Thiland, add codes, then ship it back with Chinese video overlayed, to greedy cheap-o Americans to sell or show on web-sites. Maybe some of our leaders were afraid of public panic but You never see anything about them adding slow acting cancer causing chemicals to dyes in shoes and clothing. And the Fox said, "Just because I am in the henhouse and have feathers in my mouth, don't mean I kill the chicken unless you can prove it."

  14. Like to reply to Tran. We need a Senate and Congress that can agree and be filled with resolve. And. The American People need to start being Americans and put America first. Everybody wants to be different or special. Are you an American African or African American. Are you an American Mexican or a Mexican American. Are you an American Asian of An American Asian. I have mostly English Blood but a lot of mixes from Europe. I am not an English American. I am plain American. Point is, every time you buy a non-American Product, The few cents, or dollars you save, is out of the pocket of An American Worker. Guess what, the Wealthy People in this country don't want to invest their wealth in people who in the long run will send it out of the country. Taken their wealth with legal trickery is not the answer. Remember England and India. India had England on the verge of collaspe, just by the people refusing to buy English products. Buy American and make American Jobs.

  15. There is a much greater chance that ipads have a US government back door in them then a Chinese one. But you don't see the Chinese in fits of angst when they buy them. It speaks volumes on the higher level of sophistication there.

    Meanwhile companies like Apple are moving even deeper into China. Its the future for those companies. Forced to choose between the American market and the Chinese one three times larger many American companies will choose China.

  16. There is a very simple solution to outsourcing – American standard of living must decline by 60%. Until that happens American companies cannot compete. It will happen naturally over the next 40 years and is pretty much unstoppable because we refuse to invest in infrastructure or education at the higher levels necessary.

    We even have a party – the Republicans who's whole world view is that it is inevitable and there is no need to invest in America, we just need to get used to having a large peasant class ruled over by a small elite.

  17. Why are things so expensive to manufacture here vs over there? Unions I blame for that. $45+/hr to bolt/stitch stuff together? Come on. The unions are the largest influence of our manufacturing jobs going to China. The experts predicted it in the 80's and lo and behold they were actually right.

    We should be having our manufacturing go to Mexico before China, but man, the cartels need to seriously get cleaned up first. If we can have our manufacturing jobs go to Mexico, prosperity would spread and there wouldn't such a focus to jump the border making the US dump so much on border security. Fast and the Furious fiasco didn't help.

  18. Sad to say im not surprised everything is made in china now.

  19. I AGREE WITH JAYSON, UNIONS ARE THE BIGGEST PROBLEM HERE.
    Some say that the big blackout back in 2002-3? in the North East was a test run for this kind of Chinese war.

  20. Disclaimer: I have never worked for, or am not now working for Richard Clarke or any of his interests. I am an independent information security expert who has watched Richard Clarke’s career, with great interest. All comments here are my own, and not representative of any company or interest.

    I’m just stumped that Trader Joe’s sell me (in Southern California) A ready-to-eat, frozen, boxed breakfast of eggs, potatoes and onions, and it’s clearly stamped, “A product of France”.

    Why are we continuing to spend $$ on importing food, and any other item, being wasteful of our resources and not sourcing things locally? Cost. We, the consumer, have been told it’s all about the cost. We blindly agree to raise taxes to stop “child pornography” or “terrorism”, without so much as a whimper, yet, we watch the government continue to provide HUGE subsidies to massive corporations, even take OUR TAX DOLLARS, and GIVE them to corporations that are “too big to fail”.

    Bring back FREE trade, bring back excise taxes, reduce or remove the income tax, sales tax, and property taxes, and we’re going to be a more successful, and more focused country.

    Sadly, our politicians aren’t in government for the constituents, they’re in government for power and personal gain. We’re not being represented by far right or far left leaning people. We need to stop the madness that is consuming us, and stop the politicians that are continuing to DIVIDE this once great PRODUCING nation. We no longer are a producing nation, we’re a nation of consumers.

    So, here’s my thoughts. 1) Put down your iPad/Tablet, 2) Pick up your phone, 3) Call your congressmen and representatives and TELL THEM what you thing. Don’t let them TELL you anything. Remember, THEY WORK FOR YOU, and ME, and every other CITIZEN. We pay their salaries to sit in office and make things better for us.

    Lastly, about this article, Richard Clarke is discussing a reasonable, realistic scenario, where there are a myriad of possibilities. When anyone can produce something that the consumer has little or no knowledge of, it is trivial to install means to tap or control that equipment. Richard Clarke has been, in my personal opinion, a very accurate and rational analyst, with incredible foresight. It would be a great error in judgment to pass this report off as a sales tactic.

  21. Ok so with just this open source information we have Microsoft, Symantec, Juniper and Cisco . So in essence you have the primary Operating system for the US, you have the 2 main comunication devices, plus you have a main source for Anti-Virus and storage devices.

    Tell me AGAIN why everyone is so shocked when we get hacked??? What Congressional member thought releasing Source Code to China was a good idea?? Who thought releasing Juniper to China was beneficial to the US, and oh lets not forget to mention the issue with Cisco source code and the fake Cisco routers. Oh and what is a big player in protecting US machines from Viruses?????

    Tell Me AGAIN why people are shocked??? Cause I'm at a loss for words. The problem is you have suits that are in their 60's and 70's that have no understanding of technology except to send email and their the ones making the decisions after the visit by the lobbyist.

  22. Why is this happening ? Because all the fan boys of the war toys in the petting zoo are bought and distracted by seeing the Blue Angels fly on Memorial Day.

    The Chinese have a patience and subtlety that hardware obsessed Americans do not.

  23. Processors can magically jump across electrical boundaries to talk to a network directly.

    The first step to defeating this is setting up a very basic system to teach people the basics of how computers work. This article is reads like it was written by an alarmist retard.

    Quoting Gizmodo out of context doesn't give it any more credibility.

    The two highest value attack vectors for security vulnerabilities are software platform vulnerabilities (Flash, Acrobat, SIlverlight, ect) where a lot of work is being done to fix/replace them and…

    PEBCAK (Problem Exists Between Chair and Keyboard). Why would China waste the time/effort to carefully develop a system that functions exactly how we expect but also relay information back when it's a few magnitudes less difficult to get a bunch of idiots to download and launch an infected application.

    Here's a simple 1-1 comparison. Develop a motherboard that has a custom BIOS where everything punched into the keyboard is relayed across the network. Hope your victim has a dedicated internet connection. Pray that there are no monitoring firewalls/honeypots in place to pinpoint the location of the transmissions and receiving location. If the malicious hardware is quarantined, the infected equipment gets quarantined and/or recalled at a massive monetary loss to the developer.

    Or.

    Post porn online for free, require the user to open the file on their local computer, embed executable script that is launched when the file is opened.

    The first takes years of develop and could crumble in an instant. The second is cheap, easy to deploy, and dependable (stupidity is predictable and common).

    The simple problem is and will always be, you can't fix stupid…

  24. I find it baffling that the military would be stupid enough to use such vital computer parts from China, or any foreign country for that matter. No disrespect to any servicemen.

  25. I bought a surveillance equipment on ebay and it was made from China. I found out that the software driver is a virus that get info on your computer.

  26. China isn't stupid. Why do you think they sell everything so cheap here. If you can control the electronics of a country, you can influence everything that country does. I would like to know what idiot in the government decided it would be a good idea to buy critical electronic components from a Communist country like China. I never finished college and I still wouldn't have done that. When are we going to get rid of the idiots that influence government decisions. We are destined to destruction if we dont start thinking again.

  27. lol. Chines outsmarted Americans again. politicians that allowed for this to happen and corrupt CEOs that gave those politicians money…i mean donations. lol!!!!! the WHOLE national security is screwed and this is not an overstatement. go kung-fu this uncle sam! this are the real terrorists!

  28. Infidel4LIFE | April 2, 2012 at 1:24 pm |

    I been saying it for years. GREED. Thats why this happened. You would be foolish NOT to infect the electronics bought by US defense contractors. They ain't gonna fight, so why should they care? Thats their effed up way of thinking, and doing bizness. THANX GUYS!! 4 NOTHING.

  29. Nam Marine | April 2, 2012 at 5:57 pm |

    Gee, lets see. Would our Enemy, who is supplying our electronics, spy on us????
    Dahhhhhhhhhh!

  30. But….but….but….Bill Clinton and Obama told us that China is our friend and that they are good people we can trust….but…but….

  31. This is what happens when you outsource electronics out of the country and this is the end result….Shame on the Clinton,Bush,and Obama administration for moving our jobs over seas. The f-35 parts and plane should have been made in USA like wise the ipad and iPhone and we wouldn’t be dealing with these issues…

  32. Does any of this really matter,one world government is coming.

  33. Did Clark do any research/testing on the imported electronic parts from China to factually determine if there was any "trap doors" in it?

    OR

    Whatever he said about trap doors was just mere speculation?

  34. It's difficult to believe that NSA, CIA and other alleged computer literates hadn't passionately raised that question years ago and taken steps to counteract it. . Seven years ago I believed the same and wrote a dozen letters to appropriate units, just to make myself feel better.

    I am shocked, shocked, shocked It seems every month I have read of Govt sites hacked, Credit cards hacked, Industrial secrets hacked and it doesn't stop.

    """"There is NO excuse for that"""" Once it happens you stop it. You isolate it particularly given the critical stakes.
    All that super secret sleuth stuff in novels is fiction. It is unfathomable that so much continues to be stolen. The security document train in every instance has to be obscenely flawed. Again there is no excuse.

    Here is an analogy. Once you experience a Twin Tower 911 or a Pearl Harbor you should Never ever have a repeat of that type of Incident. But we have as far a data & infrastructure failure after failure after failure.

    The government, / defense dept Sec Ags should operate everything from a Closed system. You unhook critical systems from the Internet if necessary. Then """all"""" communication is encrypted.

  35. The sad thing is that it is indicative of how much we've already lost the edge. Call me a defector but I only buy chinese anymore since the technology here in the States is sop far behind the tech curve. I'd love to buy American but the devices are somewhat archaic and usually crippled like the iPad series.

  36. skipperjohn | April 3, 2012 at 2:09 pm |

    As John Glenn said as he was being strapped in to Mercury: "It's reassuring to know this was built by the lowest bidder."

  37. Just more proof that we need to bring jobs to America, relying on potential enemies for crucial electronics is foolish and shortsighted.
    Even out sourcing to India is preferable; at least they're democratic, not communist…

  38. Bob Wilbur | May 31, 2012 at 10:36 am |

    I told you so in 1974 and you didnt listen.

  39. Ryan C. Bailey | September 5, 2012 at 3:57 pm |

    Ref: “How the U.S. Lost the Naval War of 2015.” in Orbis Journal; This is exactly why I've recommended the maintenance of a robust Silicon Valley, together with concurrent nationwide electronics and technical-industrial manufacturing as a keystone to our military-industrial complex, without which we cannot be prepared for the next nation state war.

Comments are closed.