FBI PowerPoint, Chinese Hackers, and Counterfeit Routers, Oh My!
April 23, 2008 9:11 PM   Subscribe

Back door? Why not come in the front door that every other U.S. government agency is holding wide open for them?
posted by three blind mice at 9:20 PM on April 23

We should be crafty and slip them a few boondoggles.
posted by b1tr0t at 9:27 PM on April 23

Uh, what was it my mother always used to say? oh yeah...

"No shit, Sherlock."
posted by PigAlien at 9:37 PM on April 23

They use a lot of bullets to make their points.
posted by owhydididoit at 9:38 PM on April 23 [1 favorite]

Robbie? Is that you?
posted by fullerine at 9:41 PM on April 23

three blind mice, would you care to elucidate?
posted by jtron at 9:43 PM on April 23

We should be crafty and slip them a few boondoggles.

I would be astonished if Microsoft, Apple, Cisco, Motorola, Intel, etc. haven't been building NSA sponsored trapdoors into their products for decades. The possibility to have a switch in every PC (and in every cell-phone) under control of the NSA seems to me to great a temptation for any government of the people, by the people and for the people to withstand.

But on the other hand this is a nice story that Microsoft, Apple, Cisco, Motorola, Intel, et cal. can use to make sure the Pentagon buys much more expensive non-counterfeit Microsoft, Apple, etc. hardware.

*Head explodes in outburst of cynicism*
posted by three blind mice at 9:45 PM on April 23 [2 favorites]

It's clearly impossible that the Chinese government could have smuggled counterfeit computer equipment into the US, because, after all, when it comes to computers, we have impenetrable border security.
posted by Western Infidels at 9:46 PM on April 23

Uh, what was it my mother always used to say?

"A faint heart never fucked a pig"?
posted by homunculus at 9:50 PM on April 23 [2 favorites]

three blind mice, would you care to elucidate?

Have you any idea how much U.S. sponsored "technology transfer" has taken place with China in the past two decades? How do you think they gained the ability to make counterfeit Cisco routers? From Cisco themselves.

Why go to the effort to steal secrets when they are just being given away?
posted by three blind mice at 9:50 PM on April 23

It's clearly impossible that the Chinese government could have smuggled counterfeit computer equipment into the US, because, after all, when it comes to computers, we have impenetrable border security.

Clearly it's not impossible, but I have a hard time believing that poorly soldered VIP cards is they way they would have done it. More likely, they are just crappy VIP cards that drop frames on the floor and die unexpectedly.
posted by b1tr0t at 9:51 PM on April 23

If America had not exported all of its manufacturing, it would be doing the same thing. Oh wait, they already do the same on all the fighter jets they export.
posted by furtive at 9:54 PM on April 23

We have cheap Chinese labor build our computers and network hardware. Of course they will all be 0wned by the Chinese government.
posted by Blazecock Pileon at 9:57 PM on April 23

This would have been a lot more helpful if they had thought about it before it was a fait accompli, say around 1990 or so.
posted by Kadin2048 at 10:18 PM on April 23

See also: Water wet. Sky blue.
posted by pompomtom at 10:38 PM on April 23

我有你现在, MetaFilter.
posted by not_on_display at 11:22 PM on April 23 [2 favorites]

Yep.
posted by blacklite at 11:23 PM on April 23

Also they all look alike* - just like cylons!

* They do not really all look alike
posted by Artw at 11:24 PM on April 23

Why is it that we immediately agree with the concept that l33t Chinese hackers have broken into government computers, but if I were to say the opposite, that the U.S. intelligence agencies (you know, the ones that, ahem, invented the Internet) have done the same, it would greeted with laughter?
posted by Cool Papa Bell at 11:27 PM on April 23

And this, folks, is why Open Source is a Good Thing.
posted by flabdablet at 11:29 PM on April 23 [3 favorites]

Well, okay, now that I actually read the content of the post (*cough* sorry) I think the bushy-tailed excitable sort that put together that powerpoint is most likely barking up the wrong tree. There are tons and tons of other holes and vulnerabilities out there, and to think that any other states or organized entities haven't poked at them would be laughable. There are some brilliant people working for the information security companies that I know about, which makes me quite curious about the people working for the organizations that I don't.

... i.e., there are some unknown unknowns here.

The US military seems a lot like US health care: more money goes into it there than in any other country on the planet, but there are still much, much more impressive and successful alternatives.

If you want to be Machiavellian about it, though, it doesn't actually matter that the US army has crappy, exploitable tech. As long as the nukes stay under lock and key, the rest is just big guns and heavy debt, and real power will continue to be transferred to the Blackwaters and Halliburtons -- and their security is, I would bet, a bit beyond goofy powerpoints on Secret Cisco Hacks.
posted by blacklite at 11:33 PM on April 23 [2 favorites]

While it's a security risk, it's not necessarily the case that anyone has *actually* been pwned. If Chinese crackers were actually sending back-doored, counterfeit equipment, they wouldn't be sending stuff so low-quality that it goes up in flames after a short period of use...

<conspiratorial wink>
or maybe that's what they want you to think
</conspiratorial wink>
posted by honest knave at 11:38 PM on April 23

CPB:

Good question. I'd probably put it down to:

1) the opportunities that a skilled US cracker would have outside the government.
2) the fact that the US war industry is busy stealing oil saving the world in the ME.

and most importantly:

3) the fact that China doesn't really need to buy anything from the US.

(I'd love to hear peoples' contradictions to these reasons)
posted by pompomtom at 11:59 PM on April 23

it's not necessarily the case that anyone has *actually* been pwned.

Are you... allowed to say that on the internet?
posted by kid ichorous at 12:29 AM on April 24

The New E-spionage Threat: A BusinessWeek probe of rising attacks on America's most sensitive computer networks uncovers startling security gaps
posted by homunculus at 12:52 AM on April 24

If you actually read the PPT, it appears that the FBI's primary concern is drastically substandard equipment, rather than backdoors.
posted by me & my monkey at 1:02 AM on April 24

Fortune has a fascinating article on how Microsoft changed their strategy to succeed in China.

Mundie also began talks with Chinese security officials to convince them that Microsoft's software was not a secret tool of the U.S. government. As a result, in 2003 the company offered China and 59 other countries the right to look at the fundamental source code for its Windows operating system and to substitute certain portions with their own software - something Microsoft had never allowed in the past. Now when China uses Windows in President Hu's office, or for that matter in its missile systems, it can install its own cryptography.

And you can rest assured that the simplified Chinese versions of Microsoft that are on most of the machines in China come with Chinese-built crypto.
posted by gen at 1:36 AM on April 24

我有你现在, MetaFilter.

"你现在属于我，MetaFilter" would read better.
posted by WalterMitty at 1:59 AM on April 24 [1 favorite]

They use a lot of bullets to make their points.

Best critique of national security ever.
posted by srboisvert at 3:28 AM on April 24 [4 favorites]

Some months ago, my contacts in the defense industry had alerted me to a startling development that has escalated to the point of near-panick in nearly all corners of Government security and IT infrastructure.

Now it's time to have alerted the publick!
posted by Kirth Gerson at 3:45 AM on April 24 [1 favorite]

Wait - the government buys computer equipment on eBay?
posted by Kirth Gerson at 3:51 AM on April 24

Be afraid. Be very afraid.
This is the 21st century.
To be hopeful, is unAmerican.
Be afraid.
posted by Goofyy at 4:27 AM on April 24

I agree the presentation looks more like they are concerned over faulty equipment than security breaches. It has to do with sub-standard equipment and if it breaks down, yeah, people will be scrambling to fix it.

As far as security goes, I remember in the 1980's, the ISG programming body shop that I was working for was not allowed to hire a Chinese national because our client was a government contractor. They didn't want the risk of him stealing info and bringing it home.

Fast forward to another high tech company I worked for in the '90's: opening up offices all over the world to save on labor, and teaching not only the Chinese US technology but just about every other damn country that would let them set up shop near universities that were cranking out software engineers. They were a govt contractor too, so "US security" is a freaking joke and has been for years. These guys regularly jumped ship and went to work for other companies who gave them better benefits and/or took their new-found knowledge back home with them after coming here for 3 months and learning it.

Anyone ever see that presentation on security and how the various govt agencies connect with each other? The guy presenting it had a chart, and it looked like a spiderweb made by a spider on crack. Left hand not only doesn't know what the right hand is doing, left hand doesn't even know that the right hand exists. I'm waiting for the big worm that will explode the banking system or something, but it will come from hackers, in my opinion, not high tech companies. The worst the Chinese are probably gonna do is set up their own shops and become competitors to US companies.
posted by Marie Mon Dieu at 4:36 AM on April 24 [2 favorites]

Case in point about the banking system and hackers.
posted by Marie Mon Dieu at 4:43 AM on April 24

Don't forget that in the Washington FBI office the computers are so old and useless that the agents have to go down the road to an cafe to use the internet for research.

It's probably run by members of the Chinese MSS as well.
posted by longbaugh at 4:46 AM on April 24

The US bent over in front of China years ago. Worrying now whether or not they should have used a condom is just a waste of time.
posted by tommasz at 5:13 AM on April 24 [1 favorite]

Don't forget that in the Washington FBI office the computers are so old and useless that the agents have to go down the road to an cafe to use the internet for research.

Do you have a reliable source for that information. Connecting to a secured database using a wireless connection is a pretty serious security violation in the government. Are you sure they weren't just using the wifi at starbucks to run a lexis/nexis search or something?
posted by Pollomacho at 5:26 AM on April 24

Wow..... somehow I'm not as shocked as I thought I'd be.

Thank you Mr President... Like all things wrong with this country I'm sure you are to blame somehow, someway.
posted by Mastercheddaar at 6:29 AM on April 24

Government purchasing contracts are screwed up to begin with. Maybe this will help fix them.

Case in point: Lab tech in a VA-funded research lab needs a new computer to run a microscope. Order is placed by deciding what brand/configuration is needed (in this case he chose an HP), then searching GPO-approved vendor database for a quote. Vendors respond. He picks the lowest quote and submits it to purchasing office. They re-run the search and confirm quotes. If everything matches order is placed. He pays the GPO-approved vendor a fee (around $50) to place the order with HP-Compaq. Someone explain to me why this is better than just ordering directly from HP? Why is the lab tech paying some third party a $50 fee for placing the order he could have placed himself? How does that possibly save anyone any money?

(Even better, the damn computer won't work with the digitizer capture card on the microscope, so it isn't even being used for the purpose for which it was intended. Hooray.)

Sometimes saving money on government purchases is a good thing. When it comes to purchasing the equipment that keeps our sensitive information secure, well, maybe - just maybe - that is the one time that the toilet seat should cost $1000, if you get my drift.
posted by caution live frogs at 6:54 AM on April 24

Also, Mastercheddar, this is a longstanding problem. I'd like to blame W myself, but to be fair the worst his administration has done is to continue the mess started by his predecessors.
posted by caution live frogs at 6:57 AM on April 24

How do you think they gained the ability to make counterfeit Cisco routers? From Cisco themselves.

How hard could it be to make a counterfit cisco router? All you have to do is take a cheapass router and slap a cisco logo on it. Hardly some high-tech feat. It's not like routers are some magical technology that only super-geniuses (which china has none of, of course) can figure out.

Anyway, sounds like total paranoia. These counterfit boxes are probably just slightly slower then their Cisco counterparts. If the Chinese really wanted to have backdoors into US system, they would have sold modified real routers so that the modifications couldn't be detected.
posted by delmoi at 7:02 AM on April 24

Wait - the government buys computer equipment on eBay?

A+ buyer! Paid 5x for substandard router. Would sell to again! A++++!!
posted by KevinSkomsvold at 7:03 AM on April 24

I'm laughing pretty hard at the 'Supply Chain Two' slide - blame Canada!
posted by not_that_epiphanius at 7:07 AM on April 24

"你现在属于我，MetaFilter" would read better.
Metafilter, 你全部基地给我占有了！
posted by Abiezer at 8:01 AM on April 24 [3 favorites]

Promise
posted by hortense at 9:09 AM on April 24

FBI wants widespread monitoring of 'illegal' Internet activity
posted by homunculus at 9:21 AM on April 24

I'm curious if anyone can back up this story? The site that the OP links to also covers stories involving the paranormal and conspiracy theories (eg. its a crackpot site).

The powerpoint presentation, which I believe is still available here and displays an image that is watermarked to www.andovercg.com.

The blogger on Donkey-on-a-waffle states that he received the PPT from someone at infosec.jmu.edu

Andovercg is a used equipment reseller. It's my guess that the picture was originally a side by side comparison of two cisco router revisions. (ever had to work with 3com 3c905c's? They've changed dramatically between revisions as well)

If I blow up that picture I can make out the following numbers on the model tag:

Left: 2461 8792 A
Right: 2461 8797 A

I believe the 2nd number is a revision number, which explains the difference in the appearances between the two boards. That's just my best guess though, I'd love to hear of an interpretation from someone that actually works with these boards.

I tend to not believe everything I read to be true...unless its backed up and verfied. This story, while more elaborate than most, fails to convince me its true (not to mention its hosted on a conspiracy-theory website).

When it comes to counterfeit Cisco routers, what it really (usually) means is that surplus routers are manufactured in the same plant that are not licensed by Cisco. So instead of being shoddy mock-ups of the original, they are of the same quality as the original but are sent out to market by non-legit means. Sure rootkits could still be made or installed I suppose, so it's a valid concern. But as far as this article goes I think it's mostly someone pulling at America's xenophobic strings.
posted by samsara at 9:49 AM on April 24 [2 favorites]

Pollomacho - the source for that comes from a MeFi thread some time in the past 6-9 months about a woman who was setting herself up as a Islamic Fundamentalist and passing data on to the FBI once she had hooked herself some fishes. IIRC the article had an interview with the FBI office who mentioned that if they needed to do research of their own they had to do this. I will see if I can find the link.

Here we go and my apologies as it wasn't Washington, but Great Falls and it was also not a cafe (or even "an" cafe...) but was in fact the public library...

My memory is clearly failing me as bad as the FBI counterintelligence unit is failing you guys.

This is from p4 of the linked Wired article...

"When I was in the White House and doing terrorism, the holy grail was ‘actionable intelligence,' and she brings a form of actionable intelligence," says Roger Cressey, a White House counterterrorism official in both the Clinton and George W. Bush administrations. (He learned of Rossmiller after he left the government.) The FBI, on the other hand, has failed in every attempt to modernize its technology since 2001, and it so restricts the software available to agents that they can't even begin to match what Rossmiller does. "The FBI is a dinosaur in many respects," says Cressey.

Rossmiller agrees. "I went to a meeting in Great Falls, and we got to talking, and someone had to look something up online," she says. "I asked, ‘What do you use for Internet access?' and one agent said, ‘We have to go to the public library down the street.'
posted by longbaugh at 10:00 AM on April 24

Ah, nevermind...I found the article on Andovercg describing conterfeit Cisco Routers
posted by samsara at 10:10 AM on April 24

From Cisco VAR Coastside Networking, How to detect counterfeit Cisco:

A great deal of Cisco manufacturing is now done overseas, specifically in China. Cisco made a decision a decade ago to manufacture product in China as a way of cutting production costs. What has happened is that many of the companies that do the outsourcing for Cisco now run an extra shift and sell the now counterfeit hardware out the back door. After all, they have the manufacturing capability, the expertise and the full blessing of Cisco. The result? More and more counterfeit Cisco hardware is now showing up on American shores. Part of the problem is that China does not have strong intellectual property protection laws. This is a situation that Cisco and many other companies are still struggling to solve and one that does not promise to be resolved soon.

So yes, all that chaff being thrown in the air by DHS/FBI/etc. is just FUD to take advantage of a situation that's about IP & licensing & not some cyberpunk fantasy involving rootkitted hardware.

If you want to talk about real hardware backdoors, a good place to start would be this expose on the world's leading manufacturer of cryptographic devices, Crypto AG, & its decades-long compromise by the NSA. And if you want to understand the technical issues involved, I'll point you to a talk by my old friend Joe Grand, Can You Really Trust Hardware? Exploring Security Problems in Hardware Devices (PDF).
posted by scalefree at 10:37 AM on April 24

I'd also recommend that those interested take a look at the "Designing and Implementing Malicious Hardware" paper from LEET '08, which describes how the authors modified a CPU to contain the hardware equivalent of a rootkit, and then used it for various exploits.
posted by ymgve at 10:54 AM on April 24 [1 favorite]

hortense: "Promise"

Yeah, let's not forget the other Electronic Pearl Harbor, PROMIS. Ex-NSA programmers create next-gen SNA/datamining software that prefigures TIA back in the 1980s, only to have it pirated by Reagan's Attorney Gen. Ed Meese who passes it on to Israeli intelligence (LAKAM not Mossad), who write a backdoor into it & use UK newspaper magnate Robert Maxwell to sell somewhere in the neighborhood of 800 copies at a million dollars a pop to intelligence agencies, corporations & maybe even Osama bin Laden before they got nervous & had Maxwell assassinated out on his yacht in the Mediterranean. And the FBI gets stuck with the craptacular dogs Trinity & Virtual Case File. It'd make a conspiracy movie that'd rival anything Hollywood's ever put out, but nobody'd ever believe it really happened.

Chinese rootkitted routers. Snort.
posted by scalefree at 11:09 AM on April 24 [5 favorites]

I havent made a powerpoint since 10th grade highschool, and mine was better than that hunk of crap.
FBi Whut?
posted by mannequito at 12:34 PM on April 24

haha,. I think uits hilarious. you Americans deserve whatever you get. here's to hoping somethign intereting happens and someone does bring down the US.

one of my dreams is to see the day when the US is the lapdog of the rest fo the world. - If only there was a way I could hasten the process.
posted by mary8nne at 3:38 AM on April 25

Thanks longbaugh, pretty scary. It just doesn't seem to fit with my experience working with those guys though, especially in terrorism interdiction, those guys have some fancy equipment. Maybe they had a secure line down at the library though, in their secured office there?

Also though, that article was written by Jack Hitt. I grew up in the same town as Jack Hitt. Some of my family knows him and we all went to some of the same events that he describes in his writings about his home town. I'm not saying that he's a bad writer, but he has a tendency to take the hyperbole and exaggeration in the things people say and run with it as if it was literal truth. In other words, the FBI agent may very well have said that they go to the library for internet as a joke, but Hitt adds it to imply that they are litterally so woefully undersupplied that they don't even have internet connections in their office. But maybe, just maybe, Great Falls is considered such a backwater that they wouldn't bother setting up a terrorist interdiction outfit or even an outfit with much fancy equipment out there for the handfull of kidnappings, bank robberies and cattle rustling cases they handle. Who expects terrorists to want to go to Montana anyway?
posted by Pollomacho at 4:54 AM on April 25

And the FBI gets stuck with the craptacular dogs Trinity Trilogy & Virtual Case File.

My bad.
posted by scalefree at 10:03 AM on April 25

China mounts cyber attacks on Indian sites
posted by homunculus at 9:42 AM on May 5

F.B.I. Says the Military Had Bogus Computer Gear
posted by homunculus at 10:42 AM on May 10

The issue was raised again during the first Iraq war and more recently in the Israeli bombing of a suspected Syrian nuclear plant. In both cases there has been speculation that booby-trapped antiaircraft equipment had been remotely turned off.

Previously.
posted by scalefree at 10:06 AM on May 15

Air Force Aims for 'Full Control' of 'Any and All' Computers
posted by homunculus at 10:31 AM on May 15

Keep in mind, these chuckleheads at AFCYBER can't even secure their own computers properly. There's thinking out of the box & there's not thinking other people into yours.
posted by scalefree at 11:01 AM on May 15

Cisco Leak: 'Great Firewall' of China was a Chance to Sell More Routers
posted by homunculus at 8:27 PM on May 20