Home » News » Around the Globe » Richard Clarke: All U.S. Electronics From China Could Be Infected

Richard Clarke: All U.S. Electronics From China Could Be Infected

by John Reed on March 29, 2012

Well, it’s been pretty obviuos for a while now that China’s been hacking into some  of America’s most important businesses and government agencies and stealing reams of data. We’ve heard countless reports about Pentagon info being stolen orabout critical data on the F-35 Joint Strike Fighter being plucked from defense contractors networks — with China being the main suspect.

Well, former U.S. counter-terrorism czar –currently running his own cybersecurity firm — Richard Clarke is coming out and saying that all electronics made in China may well have built-in trapdoors allowing Chinese malware to infect American systems on command. The malware could do everything from take over a device to disabling it to secretly siphoning information off of it.

Just remember, plenty of military electronics parts are sourced from China too. U.S.-based defense contractors routinely buy things like processors and circuit boards — that end up on the Pentagon’s most advanced weapons, everything from fighter jets to nuclear submarines — from brokers who get such parts in China. As you know, these parts often prove fake, something that’s dangerous enough due to the high risk of a fake part failing. What’s to stop real parts made in China from carrying an equally dangerous cyber trapdoor?

Here’s what Clarke Recently told Smithsonian Magazine:

“My greatest fear,” Clarke says, “is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese. And we never really see the single event that makes us do something about it. That it’s always just below our pain threshold. That company after company in the United States spends millions, hundreds of millions, in some cases billions of dollars on R&D and that information goes free to China.…After a while you can’t compete.”

But Clarke’s concerns reach beyond the cost of lost intellectual property. He foresees the loss of military power. Say there was another confrontation, such as the one in 1996 when President Clinton rushed two carrier battle fleets to the Taiwan Strait to warn China against an invasion of Taiwan. Clarke, who says there have been war games on precisely such a revived confrontation, now believes that we might be forced to give up playing such a role for fear that our carrier group defenses could be blinded and paralyzed by Chinese cyberintervention. (He cites a recent war game published in an influential military strategy journal called Orbis titled “How the U.S. Lost the Naval War of 2015.”)

As Gizmodo points out, this may just be clark doing his job as the head of a cybersecurity company to drum up business or it might be another prescient warning from the man who predicted a “spectacular” al Qaeda attack before 9/11. All I have to say is that implanting trapdoors in electronic goods bound for the U.S. would make perfect sense.

Via Smithsonian Magazine.

 

Share |

{ 91 comments… read them below or add one }

blight_ March 29, 2012 at 5:00 pm

It would require incredible data-mining efforts to find those "high value appliances". I mean, a iPad owned by SecDef might be more interesting than Jill from Mankato, Minnesota? And even then, what's on that thing?

Though it is a legit concern if it comes to network switches and computers. With network switches, isn't there a software layer that may present a wrinkle if the PRC has no access to source code? Though I suppose they could buy one, clone the firmware and check it for backdoors, but…

Reply

Musson March 30, 2012 at 8:32 am

You dont have to id specific individuals if you shut down all the iPads everywhere.

You don't have to ID which missile is carrying your chip – if you invoke an error routine in all your chips.

Reply

blight_ March 30, 2012 at 9:03 am

So there you go: the threat is a mass shut-down, not the "they can steals your computers!".

Of course, there is always the possibility of writing firmware updates to remove logic bombs, but that would require prior knowledge and mass distribution on the fly; hard to do after your infrastructure has been bricked.

Reply

Tyler Totten March 30, 2012 at 2:14 pm

Not to mention all the i-pads in the US used to execute a combined hack on Dept. of Energy of DOD systems would at the very least be a powerful distraction.

Reply

blight_ March 30, 2012 at 2:50 pm

If you're not dark-net and can't be pinged by everyone else; then…?

Reply

swizard March 30, 2012 at 4:00 pm

Anyone's iphone might provide an account/password for access into a dot.mil network. Example: using an iphone to access your dot.mil email account. Likely that 10s of thousands of people do this. A back door could provide that access, or a means to steal the account/password info itself.

Reply

blight_ March 30, 2012 at 4:25 pm

That would be a backdoor from iOS, not from the hardware itself.

Reply

BewareOfChina April 2, 2012 at 11:11 am

Yes, but consider modifying the SW or Firmware via a malware download via email or web browsing. Now the O/S is behaving differently and doing nefarious things. IMO, it is possible. The HW is just the vessel. The FPGAs or other devices within could have a hidden partition that already contains the required apps. All that is then needed is a way to trigger them. Malware becomes the activator and it does not have to be very sophisticated to be a trigger so it is small and it does nothing overt.

How do you defend against this POTENTIAL threat? You don't buy Chinese parts or control system components unless you are willing to spend the money to vet them. Then what? are you going to vet EVERY single component or just sample the lots? How secure do you want to be? How much money do you want to spend? What is the price of security?

Difficult problem to solve, if there even is such a problem.

Reply

blight_ April 2, 2012 at 12:14 pm

Considering iOS doesn't have root priviledges, but requires hackers to find those weaknesses (for "jailbreaking" to install Cydia and such).

Modifying firmware can be dicey, especially if the applicance is being used. Do it wrong and the appliance bricks. Then again, the backdoor is likely already built in and simply requires the door be opened.

Zeke April 2, 2012 at 1:25 pm

Think sideways. On the consumer side this has less to do with data mining and more to do with setting up a dormant botnet that would utilize devices within the host country to perform denial of service attacks on its own communication infrastructure. Millions of drones within the country ready to go. It is very elegant and could be quite deadly. They may never need to use it but it is there just in case. At the same time you could data mine. Internet connected televisions, internet connected garage door openers and the list goes on.

Reply

blight_ April 2, 2012 at 4:18 pm

A zombienet ddos would be troublesome to deal with, but the nightmare scenario is our entire internet infrastructure turning upon us, starting with human/machine interfaces transmitting username/passwords to a recipient, or network hardware with built in exploits waiting to be utilized in wartime.

Reply

Andy March 29, 2012 at 5:05 pm

jail all the ceo's

Reply

@Raypc800 March 29, 2012 at 5:05 pm

Shame on all of the politicians combined with the Corporations that have left this once INDEPENDENT great country at the mercy of foreign countries. All of this done for the love of the almighty buck! The ones that carry the real burden and costs are our loyal Military members. Job well done to ALL of you in ALL of the forces!

Reply

@cumcakes May 23, 2012 at 11:07 am

lmao i don't know what you think 'independent' means dude, but there is no definition of that word that makes that sentence true

Reply

Andy March 29, 2012 at 5:06 pm

Ceo's sell out your country, jail all the Ceo's that do business with China…

Reply

Belesari March 29, 2012 at 5:48 pm

Andy ignoring your indepth commentary into the realities of modern politics, economics, and consumerism do you realise that the vast magority of people on this planet have will and probably continues to by goods made in china?

Why because they had almost no hurdles stopping them. And when they finaly started to make a buck we said oh shit.

Be angrier that they technically still owe us hundreds of billions in bonds from a long time ago.

Reply

ColMustard March 29, 2012 at 5:49 pm

I dare you to look at where 80% of the things you own are made Andy. Betcha they have "made in China" stamped on the back. Selling Chinese products is evil but buying them is another story huh?

Reply

akaa April 23, 2012 at 8:00 pm

don't jail just strip them of their US citizen, when if you want to do business with communist country, if you want to promote one party system, where there is an enormous restriction of freedom of expression then move to china and live there, we don't need you here in the US,

Reply

Andy March 29, 2012 at 5:31 pm

I bought a levi's back in the 80's for $25 and that made in the USA, CEO's want to move manufacture to China because INFLATION they claim, now 2012 I paid for the same levi's for $55 and it made in China….can any explain what inflation here..??my a$$ inflation or CEO's big bonuses INFLATION…

Reply

Skyepapa March 29, 2012 at 8:58 pm

At average rates of inflation a pair of jeans purchased in 1980 for $25 would cost $65.28 in 2010 (easier than today's date). Productivity increases explain why you paid less than what it should have been with inflation. You can find jeans branded as American made for around $50 if you search "jeans made in USA." You'll probably feel a lot better if just stop buying Levi's.

Reply

blight_ March 29, 2012 at 9:48 pm

Bringing the price point down by ten bucks a jean screams "good deal" until you realize the price you paid.

Even then, the question is whether or not "made in the USA" in the '80s was relevant. Was it stitched together with fabric from Mexico or with textile from North Carolina? How did you know, especially since it wasn't a big deal back then?

Reply

dddd March 29, 2012 at 5:47 pm

Richard Clarke is an alarmist. Read his book Cyberwar. I think people like him tend to overestimate how difficult it would be to "get back online" after an attack. Most important data is now stored across air gaps. More importantly, placing the same trapdoor in millions of devices is a great way to get it discovered…and thwarted. It's not like there are super smart people within the military-intelligence complex and without looking for these things. just my two cents.

Reply

blight_ March 29, 2012 at 6:34 pm

The hacker free market is actually quite helpful in that regard. Critical private sector infrastructure has become hardened over time as hackers launch attacks against civilian infrastructure exploiting hardware/software vulnerabilities that the PRC would probably exploit as well.

It's not impossible to hide a logic bomb in the code somewhere, but…

Reply

ChrisCicc March 29, 2012 at 9:04 pm

Dead on. Not to mention, there is no way to avoid dealing with the issue. Even if we manufactured network switches here, there is no way we could also manufacturer every component part, leaving many still vulnerable.

I think this is way overstated. It's hard to do, and even harder to avoid detection. Not to mention the NSA reviews quite a bit of military hardware.

Reply

elmondohummus April 1, 2012 at 8:57 am

Yes, this. Working in the IT field, I can testify that Clarke has a reputation as an alarmist in the field.

The unfortunate thing is that he tends to start from solid info, but does not rationally analyze is, instead presuming worst case scenarios. But that's when he's at this best. He's at his worst when he doesn't double-check his information, such as one of his examples of a supposedly network-attack vulnerable, early municipal utility system (think of a SCADA kind of system, but one from the early days when modems ruled and organizations still hired their own programmers for those type of embedded systems). Turned out the specific example he used wasn't even connected to the internet: The then modem-accessible aspect of the system didn't (again, at that time; don't know what the case is now) have direct control over the system at whatsoever.

He's a really intelligent guy, but again, his faults unfortunately undo his analysis. I think his heart's in the right place, but that doesn't excuse his all too often erroneous conclusions.

Reply

Sean O'Donnell March 29, 2012 at 6:24 pm

While I do share Mr. Clarke's concerns, and agree that offshoring EVERYTHING is not within the long-term strategic interests of our country, militarily or economically, I don't quite agree his assessment. He is clearly saber-rattling for the sake of procuring more business.

The reality is… the physical requirements to 'remotely activate' and then 'communicate back and forth' with embedded 'droneware' on any such device, would clearly be detectable during the course of transmission, given the appropirate network monitoring infrastructure.

In other words, you're more likely to get infiltrated by simply visiting this web page, than you are buying some component from China.

Reply

Matt Holzmann March 29, 2012 at 6:54 pm

wrong. Ask DARPA.

Reply

Sean O'Donnell March 29, 2012 at 11:14 pm

Well, by 'appropriate network monitoring infrastructure', I mean this would (by default) exclude products (and components) manufactured in China (or other nations).

Unfortunately, Cisco (and many other companies) have compromised their own credibility as a 'Network Security' product vendor, and this given assumption, by off-shoring most of their production. I do agree. =/

Reply

Anon March 30, 2012 at 1:10 pm

You couldn't be more wrong.
As an IT security specialist, I can tell you, network monitoring is like a lock on a door. It only stops the kids and amateurs.

Reply

PolicyWonk March 29, 2012 at 6:33 pm

This is part of what Pat Buchanan was talking about for years, especially from 2001-2008 when the exodus was radically increased via the administration changing the rules that encouraged our manufacturing base to move overseas.

Everything Pat predicted those years fell on deaf ears, and everything came true. OUr nation got sold out in return for little more than short-term profits.

Reply

Sean O'Donnell March 29, 2012 at 11:15 pm

Thank you.

Reply

Matt Holzmann March 29, 2012 at 6:53 pm

since this is my business I can comment with some authority.

40% of the component supply inventory has been affected. There are all sorts of variations.

They are relabeling/marking commercial grade components to MIL Spec. Obsoleted parts are being relabeled as new.

There is a great fear of trap door software.

Some of the components are "3rd Shift", where the employees or contractor may be running the production lines for unauthorized capacity off the books.

Some packages contain no silicon. You can buy the substrates, bond them and label them yourself as anything you want to.

It is a major criminal activity. It is occurring in Nigeria, India and China.

Many of the top line defense electronics contractors are lobbying for the removal of many key components from the ITAR list.

This thing is a tar baby and is one consequence of the destruction of the American electronics manufacturing base.

Reply

Matt Holzmann March 29, 2012 at 6:56 pm

follow up. By removing them from ITAR, they production can then be exported to non-ITAR countries like China. Chinese manufacturers will underbid Western suppliers and the remaining, limited defense subcomponent manufacturing base will then collapse.

Reply

Sgt_Buffy March 30, 2012 at 8:26 am

40%! Is that ALL electronics from China? That's pretty bad, I had it in my head that it was only about 5% or thereabouts. How much more would it cost to build American or European?

Reply

Tran March 29, 2012 at 8:25 pm

I understand we should get off offshore produstion and such. But does anyone know how we can do such a feat then? Like how we can convince for things to change or such? Please, give a real legit answer.

Reply

blight_ March 29, 2012 at 9:52 pm

NYT had an interesting article about how the entire manufacturing supply chain moved overseas. One of the critical parts of the industrial revolution was vertical integration, locating for efficiency (or owning outright) all the factories used to turn raw input into product, or when owning so many branches of production becomes inefficient, squeezing for efficiency at every point between raw material and final product.

For instance, all the chips come from Taiwan, China and South Korea and whatnot. They all ship to a central node (China). The factory to build and assemble screens may be in the same town as the town that makes the charger cables and the charger, along with the factory that assembles the boards which ships product to the final factory that takes finished screens, finished shells, finished boards and assembles everything into integrated product.

If you move an entire supply chain overseas and plop it into the same town with immense ability to control labor forces (who live in your factory and work on your demands) it is more powerful than building in the US where factories are scattered across the country and can not scale up on a moment's notice and material is moving across the country in transit.

I suppose that angle is more Just-in-Time logistics than vertical integration, but…

Reply

Allen June 15, 2012 at 7:24 pm

You understand what that offshore production does? I think anybody buying electronics from our biggest potential adversary is crazy. You lose wars by using substandard equipment. The real reason our country has to by from China is they own us. Keep borrowing and they will rename our armed forces to the United States PLA. All you can expect from a Communist country is Communism and hostility to freedom loving people everywhere. We have already moved a long way down the **** hole don't make it worse by buying our military supplies from people smart enough to know that military might equals safety. We are losing ours due the corruption in Washington. Sad.

Reply

Roland March 29, 2012 at 8:55 pm

Apple Ipad has a branch in China at Zhengzhou plant. Noooo!!

Reply

Roland March 29, 2012 at 8:56 pm

That explain it.

Reply

Hickelbilly March 29, 2012 at 9:54 pm

I recall this story about two years ago when I was checking on why, with my profile, all I was getting was pics of Chinese people. As I recall someone had a whole network system on a desttop and it was hacked and stolen. It was perhaps slowly decoded over the years. I don't see the part where American Asians were taken popular songs plugging in one of those new auto pieanners, lib scyn, change the lanuage to Chinese, send it to Thiland, add codes, then ship it back with Chinese video overlayed, to greedy cheap-o Americans to sell or show on web-sites. Maybe some of our leaders were afraid of public panic but You never see anything about them adding slow acting cancer causing chemicals to dyes in shoes and clothing. And the Fox said, "Just because I am in the henhouse and have feathers in my mouth, don't mean I kill the chicken unless you can prove it."

Reply

Hickelbilly March 29, 2012 at 10:20 pm

Like to reply to Tran. We need a Senate and Congress that can agree and be filled with resolve. And. The American People need to start being Americans and put America first. Everybody wants to be different or special. Are you an American African or African American. Are you an American Mexican or a Mexican American. Are you an American Asian of An American Asian. I have mostly English Blood but a lot of mixes from Europe. I am not an English American. I am plain American. Point is, every time you buy a non-American Product, The few cents, or dollars you save, is out of the pocket of An American Worker. Guess what, the Wealthy People in this country don't want to invest their wealth in people who in the long run will send it out of the country. Taken their wealth with legal trickery is not the answer. Remember England and India. India had England on the verge of collaspe, just by the people refusing to buy English products. Buy American and make American Jobs.

Reply

Riceball March 30, 2012 at 11:20 am

But what constitutes American? What about iPad and iPods, sold by Apple which is an American company but they're made in China. Same goes with many American cars, lost of so-called American cars are at least assembled in Mexico & Canada so there are some foreign workers getting a piece of the pie every time you buy an American car. Then on the other hand you have many Japanese & Korean cars that are being built or assembled in America by American workers so does that count as "Buying American" since the purchase is directly supporting an American worker even if the profits go to a foreign corporation?

Reply

Grandpa March 30, 2012 at 1:52 pm

Welcome to the American Titanic. Like the familiar sinking ship, we are casting the poor over the side without a lifeboat while the wealthy row about in the carnage safe from the freezing ocean.

This will be a Titanic election..

Reply

itfunk March 29, 2012 at 11:11 pm

There is a much greater chance that ipads have a US government back door in them then a Chinese one. But you don't see the Chinese in fits of angst when they buy them. It speaks volumes on the higher level of sophistication there.

Meanwhile companies like Apple are moving even deeper into China. Its the future for those companies. Forced to choose between the American market and the Chinese one three times larger many American companies will choose China.

Reply

itfunk March 29, 2012 at 11:22 pm

There is a very simple solution to outsourcing – American standard of living must decline by 60%. Until that happens American companies cannot compete. It will happen naturally over the next 40 years and is pretty much unstoppable because we refuse to invest in infrastructure or education at the higher levels necessary.

We even have a party – the Republicans who's whole world view is that it is inevitable and there is no need to invest in America, we just need to get used to having a large peasant class ruled over by a small elite.

Reply

itfunk March 29, 2012 at 11:23 pm

And here is the funniest bit of all – the peasants wouldn't want it any other way.

Reply

Dfens March 30, 2012 at 7:50 am

Rick Santorium, Newt Gingrich, and Ron Paul all voted for China to have "Most Favored Nation" trade status with the US. Ron Paul argued their case before the House and wants to go even further and favors "unilateral elimination of all tariffs" as a way out of our current economic problems. On the other hand, Bill Clinton was a big advocate of the elimination of tariffs on China. Barack Obama said he would get tough with China, which meant a temporary tariff on tires and now he advocates a tariff on solar cells. Our federal government listens to whoever has money to throw around in Washington DC, and to hell with the rest of the country.

Reply

Sgt_Buffy March 30, 2012 at 8:30 am

I think we could use a Ron Paul, if only as a slap to the face wake-up call. We need less boring Presidents. I disagree with his views, some of them, but we need Paul just because he'll stick by his views and change something, then we can step back and say "Wow, what just happened, you mean things can change here?" I am not sure that the other three can say the same, I haven't heard something that I can trust was their true opinion from any of them.

Reply

William C. March 31, 2012 at 2:27 am

Ah, itfunk deludes himself into thinking the Democrats care about him once again. Classic.

Tell me itfunk, when is throwing money at infrastructure or education going to magically fix everything like you say it will? Most of the money thrown at infrastructure has gone into the pockets of the "green" companies in bed with the Democrats and is never seen again. Most of the money thrown at education accomplishes absolutely nothing because the problem with the education system isn't a lack of money.

You claim to care about the country but every other post you're saying how we should destroy one of the most high-tech manufacturing sectors in this country. Why? Because it's the evil defense industry and it doesn't fit your simplistic 2D image of the world.

Reply

Hornman 2 March 30, 2012 at 10:16 pm

I'm sure that the typo was accidental; you meant to say Democrats. Their World view is to make the U.S. equal to the rest of the World; peasant class, elitist class. They know beyond any reasonable that Marxism has never worked; but, they are SO ideologically driven they think it only failed because WE have never tried it.

Reply

ltfunk March 31, 2012 at 1:36 am

Ah the American peasant, content with decline because he's told he's the salt of the earth and has some enemies to hate.

The democrats are slowly realizing that there are a lot of republican voting working class folk who are more than content with seeing their own economic decline, they feel validated by it.

Reply

William C. March 31, 2012 at 2:33 am

Keep telling yourself that the Democrats and liberals care about you itfunk. It will be all the more funny when you finally figure out they don't. To them you're just another fool whose vote will ensure the the "smart people" are in positions of power.

Oh believe me, I don't harbor any delusions that the Republicans care about me, but they don't have nearly the same number of stupid ideas they attempt to implement and the biased media actually pays attention to what they do.

Reply

Jayson March 29, 2012 at 11:51 pm

Why are things so expensive to manufacture here vs over there? Unions I blame for that. $45+/hr to bolt/stitch stuff together? Come on. The unions are the largest influence of our manufacturing jobs going to China. The experts predicted it in the 80's and lo and behold they were actually right.

We should be having our manufacturing go to Mexico before China, but man, the cartels need to seriously get cleaned up first. If we can have our manufacturing jobs go to Mexico, prosperity would spread and there wouldn't such a focus to jump the border making the US dump so much on border security. Fast and the Furious fiasco didn't help.

Reply

blight_ March 30, 2012 at 9:05 am

Even un-unionized workforces are still more expensive than China. It was bound to happen one way or another.

Reply

Paralus April 2, 2012 at 3:39 pm

Yeah, how dare American workers demand a living wage, affordable healthcare and a secure, dignified retirement. The nerve of those union members creating a tax-base and forming the backbone of the middle-class.

Unions make up less than 12% of the total US workforce, less than that if you exclude the public sector, so it's rather disingenuous to suggest unions are to blame. It's the same old canard cheap-labor free-marketeers wheel out to shift blame from their own actions.

Corporations always want cheap labor and whether that means relying on immigrants to drive down wages or just shipping factories to China, Vietnam, etc., they do it regardless of their workforces being union or non-union because it is good for profits and keeps shareholders content.

Reply

Lance March 30, 2012 at 12:17 am

Sad to say im not surprised everything is made in china now.

Reply

Jason Carey March 30, 2012 at 9:22 am

I AGREE WITH JAYSON, UNIONS ARE THE BIGGEST PROBLEM HERE.
Some say that the big blackout back in 2002-3? in the North East was a test run for this kind of Chinese war.

Reply

dc0de March 30, 2012 at 10:26 am

Disclaimer: I have never worked for, or am not now working for Richard Clarke or any of his interests. I am an independent information security expert who has watched Richard Clarke’s career, with great interest. All comments here are my own, and not representative of any company or interest.

I’m just stumped that Trader Joe’s sell me (in Southern California) A ready-to-eat, frozen, boxed breakfast of eggs, potatoes and onions, and it’s clearly stamped, “A product of France”.

Why are we continuing to spend $$ on importing food, and any other item, being wasteful of our resources and not sourcing things locally? Cost. We, the consumer, have been told it’s all about the cost. We blindly agree to raise taxes to stop “child pornography” or “terrorism”, without so much as a whimper, yet, we watch the government continue to provide HUGE subsidies to massive corporations, even take OUR TAX DOLLARS, and GIVE them to corporations that are “too big to fail”.

Bring back FREE trade, bring back excise taxes, reduce or remove the income tax, sales tax, and property taxes, and we’re going to be a more successful, and more focused country.

Sadly, our politicians aren’t in government for the constituents, they’re in government for power and personal gain. We’re not being represented by far right or far left leaning people. We need to stop the madness that is consuming us, and stop the politicians that are continuing to DIVIDE this once great PRODUCING nation. We no longer are a producing nation, we’re a nation of consumers.

So, here’s my thoughts. 1) Put down your iPad/Tablet, 2) Pick up your phone, 3) Call your congressmen and representatives and TELL THEM what you thing. Don’t let them TELL you anything. Remember, THEY WORK FOR YOU, and ME, and every other CITIZEN. We pay their salaries to sit in office and make things better for us.

Lastly, about this article, Richard Clarke is discussing a reasonable, realistic scenario, where there are a myriad of possibilities. When anyone can produce something that the consumer has little or no knowledge of, it is trivial to install means to tap or control that equipment. Richard Clarke has been, in my personal opinion, a very accurate and rational analyst, with incredible foresight. It would be a great error in judgment to pass this report off as a sales tactic.

Reply

elmondohummus April 1, 2012 at 9:57 am

I don't think I can agree with this. I, too work in the IT field, and the people I've talked to – not the least of which were my SANS network and operating system security instructors – most definitely viewed him as alarmist. Again, I point at the infamous Arizona dam control system exaggeration he engaged: The example he used didn't have a connection to the internet to begin with.

(Continued…)

Reply

allen June 15, 2012 at 8:08 pm

Hi Riceball

Good question. I agree totally. Is a Toyota pickup Japanese when more parts for it are made in the U.S. than a Chevy or Ford. Everybody used to say made in the USA. Now it's made in America (meaning Canada or Mexico) In my mind a car assembled of American made parts by Americans is an American made car. A Ford made in Monterrey Mexico is American Made (Or should I say made in the USA)
Too bad .

Reply

allen June 15, 2012 at 8:09 pm

Whoops I left out not :)

Reply

Same Guest March 30, 2012 at 11:28 am

Ok so with just this open source information we have Microsoft, Symantec, Juniper and Cisco . So in essence you have the primary Operating system for the US, you have the 2 main comunication devices, plus you have a main source for Anti-Virus and storage devices.

Tell me AGAIN why everyone is so shocked when we get hacked??? What Congressional member thought releasing Source Code to China was a good idea?? Who thought releasing Juniper to China was beneficial to the US, and oh lets not forget to mention the issue with Cisco source code and the fake Cisco routers. Oh and what is a big player in protecting US machines from Viruses?????

Tell Me AGAIN why people are shocked??? Cause I'm at a loss for words. The problem is you have suits that are in their 60's and 70's that have no understanding of technology except to send email and their the ones making the decisions after the visit by the lobbyist.

Reply

allen June 15, 2012 at 8:13 pm

Scuse me Same Guest. I am in that age group and am very technologically literate. The problem is money and it's influence in our Government and the fact that businesses feel free to go where they can pay bottom dollar (VERY SOON TO BE YUAN)

Reply

Ronaldo March 30, 2012 at 1:35 pm

Why is this happening ? Because all the fan boys of the war toys in the petting zoo are bought and distracted by seeing the Blue Angels fly on Memorial Day.

The Chinese have a patience and subtlety that hardware obsessed Americans do not.

Reply

Evan March 30, 2012 at 4:52 pm

Processors can magically jump across electrical boundaries to talk to a network directly.

The first step to defeating this is setting up a very basic system to teach people the basics of how computers work. This article is reads like it was written by an alarmist retard.

Quoting Gizmodo out of context doesn't give it any more credibility.

The two highest value attack vectors for security vulnerabilities are software platform vulnerabilities (Flash, Acrobat, SIlverlight, ect) where a lot of work is being done to fix/replace them and…

PEBCAK (Problem Exists Between Chair and Keyboard). Why would China waste the time/effort to carefully develop a system that functions exactly how we expect but also relay information back when it's a few magnitudes less difficult to get a bunch of idiots to download and launch an infected application.

Here's a simple 1-1 comparison. Develop a motherboard that has a custom BIOS where everything punched into the keyboard is relayed across the network. Hope your victim has a dedicated internet connection. Pray that there are no monitoring firewalls/honeypots in place to pinpoint the location of the transmissions and receiving location. If the malicious hardware is quarantined, the infected equipment gets quarantined and/or recalled at a massive monetary loss to the developer.

Or.

Post porn online for free, require the user to open the file on their local computer, embed executable script that is launched when the file is opened.

The first takes years of develop and could crumble in an instant. The second is cheap, easy to deploy, and dependable (stupidity is predictable and common).

The simple problem is and will always be, you can't fix stupid…

Reply

ltfunk March 31, 2012 at 1:47 am

Cyberwar is really a modern ludditism. The less you understand and like technology the more likely you are to embrace cyberwar.

Reply

passingby March 31, 2012 at 5:39 pm

Flash is trash. Steve Jobs was smart to ban the bug-ridden garbage from many of Apple's products.

Reply

Ralph March 30, 2012 at 9:00 pm

I find it baffling that the military would be stupid enough to use such vital computer parts from China, or any foreign country for that matter. No disrespect to any servicemen.

Reply

Roland March 31, 2012 at 5:18 am

I bought a surveillance equipment on ebay and it was made from China. I found out that the software driver is a virus that get info on your computer.

Reply

blight_ March 31, 2012 at 8:30 am

"I bought a surveillance equipment on ebay…"

Reply

Nate March 31, 2012 at 12:29 pm

China isn't stupid. Why do you think they sell everything so cheap here. If you can control the electronics of a country, you can influence everything that country does. I would like to know what idiot in the government decided it would be a good idea to buy critical electronic components from a Communist country like China. I never finished college and I still wouldn't have done that. When are we going to get rid of the idiots that influence government decisions. We are destined to destruction if we dont start thinking again.

Reply

Dave March 31, 2012 at 3:35 pm

lol. Chines outsmarted Americans again. politicians that allowed for this to happen and corrupt CEOs that gave those politicians money…i mean donations. lol!!!!! the WHOLE national security is screwed and this is not an overstatement. go kung-fu this uncle sam! this are the real terrorists!

Reply

Infidel4LIFE April 2, 2012 at 1:24 pm

I been saying it for years. GREED. Thats why this happened. You would be foolish NOT to infect the electronics bought by US defense contractors. They ain't gonna fight, so why should they care? Thats their effed up way of thinking, and doing bizness. THANX GUYS!! 4 NOTHING.

Reply

Nam Marine April 2, 2012 at 5:57 pm

Gee, lets see. Would our Enemy, who is supplying our electronics, spy on us????
Dahhhhhhhhhh!

Reply

Jimmy April 2, 2012 at 6:34 pm

But….but….but….Bill Clinton and Obama told us that China is our friend and that they are good people we can trust….but…but….

Reply

Trugz1 April 2, 2012 at 9:39 pm

This is what happens when you outsource electronics out of the country and this is the end result….Shame on the Clinton,Bush,and Obama administration for moving our jobs over seas. The f-35 parts and plane should have been made in USA like wise the ipad and iPhone and we wouldn’t be dealing with these issues…

Reply

mmkkpro April 2, 2012 at 9:58 pm

Does any of this really matter,one world government is coming.

Reply

openAir April 2, 2012 at 10:04 pm

Did Clark do any research/testing on the imported electronic parts from China to factually determine if there was any "trap doors" in it?

OR

Whatever he said about trap doors was just mere speculation?

Reply

Cyborg April 2, 2012 at 10:46 pm

It's difficult to believe that NSA, CIA and other alleged computer literates hadn't passionately raised that question years ago and taken steps to counteract it. . Seven years ago I believed the same and wrote a dozen letters to appropriate units, just to make myself feel better.

I am shocked, shocked, shocked It seems every month I have read of Govt sites hacked, Credit cards hacked, Industrial secrets hacked and it doesn't stop.

""""There is NO excuse for that"""" Once it happens you stop it. You isolate it particularly given the critical stakes.
All that super secret sleuth stuff in novels is fiction. It is unfathomable that so much continues to be stolen. The security document train in every instance has to be obscenely flawed. Again there is no excuse.

Here is an analogy. Once you experience a Twin Tower 911 or a Pearl Harbor you should Never ever have a repeat of that type of Incident. But we have as far a data & infrastructure failure after failure after failure.

The government, / defense dept Sec Ags should operate everything from a Closed system. You unhook critical systems from the Internet if necessary. Then """all"""" communication is encrypted.

Reply

Paul April 3, 2012 at 11:22 am

The sad thing is that it is indicative of how much we've already lost the edge. Call me a defector but I only buy chinese anymore since the technology here in the States is sop far behind the tech curve. I'd love to buy American but the devices are somewhat archaic and usually crippled like the iPad series.

Reply

blight_ April 4, 2012 at 11:16 am

Jailbreak your iProducts or root your Android product.

Reply

skipperjohn April 3, 2012 at 2:09 pm

As John Glenn said as he was being strapped in to Mercury: "It's reassuring to know this was built by the lowest bidder."

Reply

Matt April 6, 2012 at 9:05 pm

Just more proof that we need to bring jobs to America, relying on potential enemies for crucial electronics is foolish and shortsighted.
Even out sourcing to India is preferable; at least they're democratic, not communist…

Reply

Bob Wilbur May 31, 2012 at 10:36 am

I told you so in 1974 and you didnt listen.

Reply

Ryan C. Bailey September 5, 2012 at 3:57 pm

Ref: “How the U.S. Lost the Naval War of 2015.” in Orbis Journal; This is exactly why I've recommended the maintenance of a robust Silicon Valley, together with concurrent nationwide electronics and technical-industrial manufacturing as a keystone to our military-industrial complex, without which we cannot be prepared for the next nation state war.

Reply

elmondohummus April 1, 2012 at 9:59 am

Both Wired and ZDNet have published opinion pieces that, in my experience, accurately reflect the state of IT Security opinion on Clarke. The above is one; here is another: http://www.wired.com/threatlevel/2010/04/cyberwar

Here's an interview of George Mason University's Jeremy Brito: http://www.onthemedia.org/2011/dec/02/how-cyberwa

Clarke is indeed an intelligent guy. He has properly noted that there are indeed threats to infrastructure from the internet. But he goes off the rails with exaggeration as well as outright errors. I wish he's tighten up his analyses and better understand the natures of the threats he cites. Exaggeration of threats, which leads to mistaken prioritizations of some lesser threats over greater ones, never helps people like me who's jobs involve assisting the drafting, evaluation, implementation, and enforcement of organizational IT security policies. The information needs to be *accurate*, and he does not help clarify whatever confusion exists.

Reply

blight_ April 2, 2012 at 12:18 pm

It's better to do worst-case than be caught when the situation is worse and you are accused of white-washing. Kind of like the whole Y2K thing which took off and got out of control…

Reply

elmondohummus April 2, 2012 at 1:47 pm

I agree, but those scenarios must be *properly* identified to begin with. I don't think I made this clear in my posts above, but that's one problem I have with Clarke: When he's not being outright erroneous, he's not properly identifying the actual problems; see his misidentification of the Blaster work as the cause of power blackouts in 2003 as an example of this. And the times he does get it right,he throws his weight behind either unworkable solutions that would not resolve the problem, or solutions that end up being *worse* than the problem.

Reply

elmondohummus April 2, 2012 at 2:02 pm

As an example of one that's both, see his proposal to force network providers to perform deep packet analysis monitoring on all traffic flowing through them. That's not only defeatable (encrypt the traffic, compromise some trivial host within the network perimeter of the ultimate host you're targeting, launch attack from *there*. Traffic is encrypted at the ISP level and on top of that, the attack launches within someone's network away from those routers), but it's also a huge, nearly unmeetable burden on the network providers. That, BTW, is why intrusion detection and prevention is best deployed as local network and host based.

Reply

elmondohummus April 2, 2012 at 2:03 pm

And all of that is only workable *if* you can correctly identify malicious traffic to begin with. SMB query from host so-and-so, username "Fred", password "Daphne". How at the ISP level – or even the local network level – do you know that that's genuinely from "Fred"? That would not meet anyone's signature of compromise traffic and wouldn't trip Snort, cisco IDS/IPS, etc., but it's still illicit access. ISP's are best suited to monitor and fight general, wide types of attacks (like distributed denial of service ones from botnets). Not *all* attacks.

Reply

blight_ April 2, 2012 at 4:16 pm

The problem gets worse when you have remote users that can move between appliances and use different IPs if they're logging in remotely. A whitelist approach is also defeatable.

Reply

Leave a Comment

Previous post:

Next post: