Please register or login. There are 0 registered and 1227 anonymous users currently online. Current bandwidth usage: 326.30 kbit/s December 13 - 02:17am EST 
Hardware Analysis
      
Forums Product Prices
  Contents 
 
 

  Latest Topics 
 

More >>
 

    
 
 

  You Are Here: 
 
/ Forums / Made in China, a security risk?
 

  Re: Made in China, a security risk? 
 
 Author 
 Date Written 
 Tools 
Continue Reading on Page: 1, 2, Next >>
Sander Sassen Apr 03, 2008, 10:50am EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List Replies: 21 - Views: 8014
Tantalizing subject, secret agent stuff, can somebody cue in the Bourne theme song please?

Best regards,


Sander Sassen
Editor in Chief - Hardware Analysis
ssassen@hardwareanalysis.com
Want to enjoy fewer advertisements and more features? Click here to become a Hardware Analysis registered user.
darkstar7 Apr 03, 2008, 11:49am EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Re: Made in China, a security risk?
The risk is very real. Keep in mind the cultural mindset as well - they essentially see themselves as a more evolved and mature culture, and the rest of the world is made up of uncivilized barbarians. The ability to bring Western (or any other) civilization to its knees would be a validation of their superiority.

Rooin Apr 03, 2008, 12:07pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Re: Made in China, a security risk?
Its not a matter of China doing it. Anyone doing it is need for concrete ways to ensure your getting authentic hardware from a proper manufacturer. I'm sure a visit to a manufacturers website with your device S/N in hand will help in validating its source, but that isn't fool proof.

================================================================
"Even Satan wouldn't use customer service as a form of punishment." - Lucas http://www.ctrlaltdel-online.com
Dr. Peaceful Apr 03, 2008, 12:11pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List

Edited: Apr 03, 2008, 12:22pm EDT

 
>> Re: Re: Made in China, a security risk?
As a polite comment. Sander, while you have a valid point regarding the security risks of using counterfeited routers and switches, I think the title of your article is a little too broad and ambiguous. It could create unnecessary, bias and controversial discussions, that could cross the line of the fair use policy set forth for this site. It is preferably, if you can specify it's routers and switches that you're talking about in the tiltle, such as "Counterfeited Network Hardware, a Security Risk?" Thank you.


Sander Sassen Apr 03, 2008, 12:26pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Re: Made in China, a security risk?
Dr. Peaceful,

I'm just taking corporate routers and switches as an example, but there's a broad selection of hardware you can apply this to, down to individual parts. I specifically mention China as the vast majority of reports about counterfeit hardware indicate China as the source.

http://washingtondc.fbi.gov/dojpressrel/pressrel08/cisco022808.htm
http://www.defensetech.org/archives/004096.html
http://www.neoconnews.com/2008/03/11/once-again-counterfeit-ch...rity-risk/
http://blogs.spectrum.ieee.org/riskfactor/2008/03/counterfeit_...s_sec.html

Best regards,

Sander Sassen
Editor in Chief - Hardware Analysis
ssassen@hardwareanalysis.com
Stuart K Apr 03, 2008, 01:24pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Re: Made in China, a security risk?
Counterfeit goods in general can pose problems.

What would mostly worry me about a counterfeit network device is that you won't get any support from Cisco or whoever if something goes wrong. I would also suspect that counterfeit network devices are more prone to failure since there is likely to be no quality control at all during production other than to make sure it looks ok from the outside.

The motive of a manufacturer of counterfeit equipment is almost certainly just to make money selling it.

The big problem is really that so many people around the world just want the lowest price. If you base your purchasing decisions solely upon price, someone out there will cut corners until you have your low price. We keep buying their junk, so they see no need to improve the quality or respect patents or copyrights. As long as we line up to buy, we're giving our tacit approval to all kinds of shenanigans.






Laptop Willie Apr 03, 2008, 02:19pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Re: Made in China, a security risk?
While I do agree that counterfeit goods present a problem to the security of our country as a whole, It would appear that our greatest security problems come from within. Case in point, the lost or stolen laptops with security information from the IRS and VA personnel's homes. It would appear that governmental security procedures of the past has gone lax.
In many cases the companies, with government contracts, do in fact buy these counterfeits and install them in their most sensitive areas. Many digital products are included in the counterfeits. It would also appear it is time to lower the boom on those who do not follow security procedures.

One thing I learned from twenty three years in the U. S. Air Force is that for every security measure, there is a countermeasure and even a counter-countermeasure. This has been going on from the beginning of the first armed conflict. Security procedures that are not followed put us all at risk.

Counterfeit items of any kind will always be with us. The security procedures we follow must include some type of monitoring measures.

Laptop Willie
check out laptopwillie.com
byron keathley Apr 03, 2008, 03:27pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Re: Made in China, a security risk?
This is a real risk, although it seems everyone is trying to deny China as the culprit, or call this some kind of racism, It is true. China and India have been getting a major foothold on various methods of fraud and data mining through mainly the internet. Using faulty sales sites, posting fake ads on places like craigslist, using numerous dating sites to promote faulty webcam spam, and more datamining. This just goes to show us the extent they will go to fullproff their methods of data mining and high level fraud.

Dave Van Amburg Apr 03, 2008, 03:44pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Made in China, a security risk?
Lowest priced vendor is an oxymoron:

This has been a problem for the military (government) for just about forever. In the 60's I was a PMEL tech (Precision Measuring Equipment Lab). We were the guys who repaired and calibrated to NBS standards all the test equipment used in repair and maintenance of USAF (and some Army) equipment and systems).

I wound up being the 'go to guy' for Oscilloscopes in our shop. The AF and Army had purchased a large number of 'knock-off' oscilloscopes based upon the Tektronix 500 series that were built by Hickok and others. The knock-offs were far less reliable and harder to calibrate than the originals. While some of these worked well others were impossible to bring up to spec.

In addition, parts for the scopes were also sourced from the lowest cost vendor. This posed additional problems and some rather expensive work-arounds. For example, the CRTs produced by Tektronix were of excellent quality, never a problem to replace and calibrate and covered by a year long warranty in case one did fail. At the time, Tektronix charged the military about $230 for a replacement CRT. The military procured replacements from a company called Jettronics (sp) who sold their version for about $90. It routinely required installing and testing 15-30 of these knock-offs to find one that would calibrate. I actually documented this over a 6 month period. The average was 9.nn per repair resulting in a net cost of approximately $840 parts cost per repair not counting roughly 3 lost man hours per bad part. Repair using the Tektronix CRTs required approximately 4 man hours and 1-$230 part. The work-around I discovered was when the local supply chain ran out of the knock-off CRTs to order 4 or 5 Tektronix CRTs direct from Tektronix (permissible when you couldn't get stock through channels).

We used the stock of Jettronic CRTs to 'repair' the Army's stock of knock-off scopes that would not calibrate to specs no matter how many parts you replaced. The guts of the units were so bad that even with a Tek CRT you couldn't meet specs and the 'bad' Jettronics CRTs didn't degrade their best performance.

And to think these were the scopes being used to work on the Nike-Hercules nuclear tipped air defense systems protecting our cities and military installations at the time.

Laptop Willie Apr 03, 2008, 03:57pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Re: Made in China, a security risk?
Dave Van Amburg said: [quote]Lowest priced vendor is an oxymoron:

This has been a problem for the military (government) for just about forever. In the 60's I was a PMEL tech (Precision Measuring Equipment Lab). We were the guys who repaired and calibrated to NBS standards all the test equipment used in repair and maintenance of USAF (and some Army) equipment and systems).

This is what happens to any government or business when the view is the bottom line. Dave, I must say I got a lot of use out of the equipment you calibrated. I was stationed at Keesler AFB and was in charge of preparing the test equipment going to PMEL. for the ATC Radar section. Thanks for your service.

Laptop Willie
check out laptopwillie.com
FingerMeElmo87 Apr 04, 2008, 04:45pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Re: Made in China, a security risk?
darkstar7 said:
The ability to bring Western (or any other) civilization to its knees would be a validation of their superiority.


because they have small wee-wee's thats why they try to show other countries up

Phenom II 720 BE @ 3.41Ghz w/ Zerotherm Nirvana NV120
G.Skill 2 x 2GB DDR2 1066 @ 5-5-5-15
GIGABYTE GA-MA790X-UD4
VisionTek HD 4850 512MB GDDR3
500GB Seagate 7200.12 - Windows 7 RC1
Hiper Type-R 580 WATT PSU
Hugh Scriven Apr 04, 2008, 11:38pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Re: Made in China, a security risk?
Do you believe those kinds of efforts referred to below are unique to the peoples of China and India?

It's more than probable that whatever "data mining" techniques are now in practice on the Web have proliferated from a common origin.

Once the cat is out of the bag, others are free to analyze and emulate.

Are we still clinging to the belief that the Economic Environment in America is the model of ethics and honesty for all the World to admire?

Has Caveat Emptor and Due Diligence gone out of vogue?

<Quote>
"China and India have been getting a major foothold on various methods of fraud and data mining through mainly the internet. Using faulty sales sites, posting fake ads on places like craigslist, using numerous dating sites to promote faulty webcam spam, and more datamining. This just goes to show us the extent they will go to fullproff their methods of data mining and high level fraud."
<End of quote>


With the incredibly sophisticated analytical tools available to Systems Techs today, a properly thorough "shakedown" should readily identify any Security Holes or Technological Threats.

Brendan Falvey Apr 05, 2008, 12:24am EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List

Edited: Apr 05, 2008, 12:31am EDT

 
>> Re: Re: Made in China, a security risk?
All the issues that Sander are valid.

Whose worried about China the Uncle Sams boys at the NSA in the Good Ole USofA have been at it since the late 1990's. I read an article where someone had found several undocumented APIs for NT whose sole purpose seemed to be to circumvent encrypted data on the disk.

I am sure that some characters in the current US administration would not be above using any such information gained for commercial advantage rather than the intended national security. Where does national security start and finish since trade is a cornerstone of national interests and must be secured.

I have come across obscure references over the years that would suggest most national governents given the opportunity will resort to such skullduggery.

Do not trust any of the B@#ta^ds!


RAJEEV VASU Apr 05, 2008, 02:18pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Re: Made in China, a security risk?
Dear Sander Sassen,

I was surprised when I saw your article.I was thinking in the same line.The threat is real.
Recently, my friend asked my help.He is having broadband connection and using a chineese made router for the connection.His problem was, though network connection is established and UL and DL are showing, no page is connecting through IE.. At first I thought it was browser hijacking.Soon, I realised it was not hijack but something fishy about the router.I tried to web manage the router by typing http://192.168.1.1 but the same usual IE error message telling the page can not be connected.I was frustrated.At last I found a suspecious item in start -up which was in unknown language (looks like chineese).I removed it and restarted the PC.This time I could access the router.The first thing I noticed was that my friends user name and password (provided by the internet service provider )fed into the router was found replaced with some other user name and password.I changed back it to the original and now he is having no problem connecting to the web.I don't know what sort of hacking these and how the hacker is benefitted by it.I am still searching for more information about such threats.

Thank you.

- Rajeev

john albrich Apr 09, 2008, 07:12am EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Re: Made in China, a security risk?
Stuart K said:
...The motive of a manufacturer of counterfeit equipment is almost certainly just to make money selling it...

That is true of the commercial-only sector, but in many countries virtually every tech company has ties to their government, and often their military.

In the past, even the US has been accused of designing hardware components to circumvent computer security and/or to facilitate remotely prosecuting computer warfare in other countries, including allies.

One can make a profit and pursue intelligence and military objectives at the same time...and when your company exists solely at the day-to-day discretion of the ruling party, dictator, junta, parliament, etc, you have one hell of an incentive to cooperate.

varun rao Apr 09, 2008, 12:38pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List

Edited: Apr 09, 2008, 12:42pm EDT

 
>> Re: Re: Made in China, a security risk?
"As a polite comment. Sander, while you have a valid point regarding the security risks of using counterfeited routers and switches, I think the title of your article is a little too broad and ambiguous. It could create unnecessary, bias and controversial discussions, that could cross the line of the fair use policy set forth for this site. It is preferably, if you can specify it's routers and switches that you're talking about in the tiltle, such as "Counterfeited Network Hardware, a Security Risk?" Thank you"


Sander I think the man has a point. China manufactures parts for BIG corps and they work perfectly fine. They are all made to specifications and quality standards that are in tune with what the respective manufacturers implement anywhere in the world.
Counterfeit hardware exists everywhere, Its a global menace and China is not the only source.

-----------------------------------------------------------------------
Outdated
Kenny Perryman Apr 14, 2008, 02:01pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Re: Made in China, a security risk?

Kenny Perryman Apr 14, 2008, 02:04pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Re: Made in China, a security risk?
A buddy of mine in IT for the Air Force was telling me a while ago about some chineese built laptops that were sending a lot of data back to china. He said they had some extra Ics in them. I can't vouch for the validity but the Air Force is worrried if their telling this to their IT people.

Lawrence O. Wilson Apr 16, 2008, 04:38pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Re: Made in China, a security risk?
Computers play a major role in Americas national defemse, security, economy, and yet America does not produce neither computers are ANY of their parts. America has given her entire manufacturing infrasture to China or other countries! So now America has to depend up other countries for her well being!

Why should Americas be buy dog food from other nations? Why are our school supplies being printed in China? Why are the toys Americans buy for their children be made in China?

All of the major countries on this earth maintain huge armys and their military infrastructure, WHY? Does it make any kind of sense to be come dependent upon a foreign country for your security and well being? As far as China is concerned, how easily and quickly everyone seems to have forgotten that when one of our military air craft made an emergency landing on their soil, they TOOK the crew as prisoners, held them against their will and it required the president of the US, begging to get them back! Not only that, they completely took apart the aircraft, looking for any thing that they could use from a military point! We were not at war with China, we supported their country during the second world war and many Americans died on her lands fighting the Japanese.

How stupid is America? We have no right to complain to China about substandard food products purchased from them! America feed the world after the second world war, we have some of the richest farm lands in the world, and we had the worlds best farming infrasture. America does not need any country to produce food products, toys, computers, tooth paste, iron/steel, TV, audio, anything!

America has show herself ro be willing to be at the mercy of the world for one more dollar!
In 1961 the world coveted the US Dollar, to day, no foreign country wants to even be bothered with it. America is in billions of dollars in debt to other countries, that means America has neither the Goods, services or gold to pay for the dollars printed or contracts signed.

Why are we buying and depending upon China? Greed has opened a huge wound and the lack of intergity is preventing healing!

24 years in the US Military, two times in Vietnam. If you have not wore the uniform or carried the weapon -------!

Pedro Fortuny Ayuso Apr 22, 2008, 10:21am EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Re: Made in China, a security risk?
Signing the firmware and updating just after receiving the hardware.

That is a possible solution (well, a possible way to detect counterfeit hardware), and not expensive at all. I guess that ought to be common practice by now.

Pedro.

Suspended User Jul 01, 2008, 01:19am EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Re: Made in China, a security risk?
What about a unique MAC address for every piece of hardware sold? Once installed, activate the MAC address online to the manufacturer.


Write a Reply >>

Continue Reading on Page: 1, 2, Next >>

 

    
 
 

  Topic Tools 
 
RSS UpdatesRSS Updates
 

  Related Articles 
 
 

  Newsletter 
 
A weekly newsletter featuring an editorial and a roundup of the latest articles, news and other interesting topics.

Please enter your email address below and click Subscribe.