March 29, 2012:
Over the last year a growing number of U.S. government agencies have warned their purchasing and IT (information technology) managers to beware of electronic components secretly equipped with the ability to provide a hostile government (like China) with access to U.S. government computers. So far, there has been no proof that such skullduggery is actually going on. But fear has more staying power than fact. Moreover, if such compromised components were discovered, U.S. intelligence agencies would try to keep that secret while the hunt for who exactly was behind these altered electronics was underway.
Last year the U.S. government, apparently acting on more than the usual rumors or suspicions, officially sought information from companies in the telecommunications industry (service providers plus hardware and software manufacturers) about the use of Chinese made hardware and software. This investigation tried to find out if Chinese espionage efforts included the use of communications hardware and software secretly modified to allow information to be covertly monitored and sent back to China. But many of the companies receiving the questionnaire refused to comply because they feared that poor security in U.S. government networks would allow others to steal questionnaire answers and reveal company secrets. In response, the U.S. government invoked some Cold War era laws that compel answering the questionnaire on "national security" grounds.
This is but the latest effort to get a handle on the extent, if any, of Chinese spies using electronics and communications gear made in China to help steal American secrets. The fear began with the increased use of counterfeit Chinese electronic components. For several years now it was believed that the illegal sale of Chinese made counterfeit computer components (microprocessors and related items) was part of an effort to gain secret access to U.S. government and military secrets. This fear is stoked by continued Chinese refusal to shut down the factories (which are known to Western electronics firms) that produce the counterfeit stuff.
Such counterfeit components ending up in American military equipment is old news. The fraud here is largely in the paperwork, where convincing looking counterfeit chips are labeled as "military grade" (the most robust and durable of that item available). These sell for more than "consumer grade" (the most common) and "industrial grade" (for use in factories, where failure can cause more damage and expensive down time). Failure in military grade parts can get people killed.
One reason China tolerates the widespread manufacture of counterfeit products is because some of them have some military benefit for China's Cyber War effort. Two years ago, for example, the FBI arrested two Americans for running a computer parts company that was selling counterfeit computer parts (especially Cisco router components) manufactured in China. The phony parts had counterfeit labels and were delivered in counterfeit boxes. The two brothers had a contract to sell these parts to the Department of Defense and other government agencies. It was feared that the Chinese government could have some of these counterfeit chips equipped with a semi-magical "backdoor" that would enable an evil genius (or government bureaucrat) back in China to take control over equipment using the counterfeit part when hooked up to the Internet. Or something like that. This is the sort of thing the U.S. government is trying to clarify via the controversial questionnaires. So far, there have been no reports of backdoors discovered in Chinese hardware or software.
Actually, the Chinese got lucky with this one. Normally these counterfeit parts are sold by transitory operations. Eventually the user has reason to contact the manufacturer of the shoddy part. At that point the buyer discovers that say, Cisco, has no router component with the serial number the scammed buyer is reading over the phone. It is then that the buyer realizes they have been screwed.
Of more immediate concern is not backdoors in counterfeit chips but such secret features in legitimate chips or larger items (like routers and other hardware needed to operate the Internet). American engineers know how such secret features can be added to electronics. American espionage officials know that it can be done because the U.S. has already used this sort of thing and has been doing so for decades. So it's not unreasonable to believe that the Chinese are catching up in this area as well. Exactly what is known about Chinese operations in this area is kept secret because it is possible to send false information via this backdoor channel but only if the Chinese believe their backdoors are still hidden from American view.
Meanwhile, counterfeit high-tech items are a growing business and a growing danger. In addition to computer gear, auto and aircraft components are also being faked. Some aircraft and auto accidents have been traced to the fakes, which makes it a public safety issue. But with the Department of Defense installing counterfeit computer components it becomes a national security issue. There's also the fear that the Chinese, or some other hostile nation, might get their hands on real computer components and replace some of the chips with modified ones that will make government networks easier to hack. Yes, it just gets worse.