Should We Be Concerned That The Military Will Use Counterfeit Routers Bought Off eBay?
from the it's-not-pretty dept
There was a story last week that got a lot of press about how the FBI discovered that the military was using a ton of counterfeit technology equipment, including thousands of fake Cisco routers. Dan Wallach has an excellent writeup looking at the security implications of what happened. From the description, it certainly doesn't sound like any of the equipment was found to include any kind of questionable technology for spying, but the point is that it would have been easy enough if someone had wanted to do so. Basically, the background is that while the government only buys equipment from approved vendors, those vendors can subcontract out the actual tech purchases to anyone. That leads to situations where (no joke) one subcontractor purchased a bunch of fake routers off of eBay and then resold them to the government via an authorized vendor. Or, try to follow the details of the case of the US Navy contracting with Lockheed Martin for equipment. Lockheed outsourced the deal to an unauthorized Cisco reseller as a subcontractor. That subcontractor turned to its own subcontractor who (yup, you guessed it) hired another subcontractor who shipped the equipment straight to the Navy. If you lost count, that's five layers deep, with most of those layers having no real oversight on what they did. You would think the government (and especially the military) would be a bit more careful in where it sourced its products from, but it certainly doesn't seem as though that's the case at all. Given all that, it's almost difficult to believe that compromised equipment hasn't been sold to the government at some point.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: counterfeit, espionage, government procurement, military, routers, security, supply chain
Companies: cisco
Reader Comments
Subscribe: RSS
View by: Time | Thread
All equipment is or can be potentially compromised.
All ur bases r belong 2 us.
Clearly this breakdown of government contractors needs to be investigated and addressed, but one large lesson learned is the value of end-to-end encryption. Cryptography that stays technologically ahead of attempts to thwart it.
I hate to say that "obscurity" is the best solution, but if we continue to shake up our encryption protocols, dilute sensitive information in a flood of nonsensical garbage and challenge authenticity ultimately end to end, the equipment in the middle of a cloud is less of an attractive target.
[ link to this | view in thread ]
If they can enforce good quality with the first contractor, then they will get a good product, whatever the number of subcontractors.
[ link to this | view in thread ]
sounds like a bad Sci-Fi, huh?
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
worse yet.....
When I was stationed in Korea I worked with Top Secret, intelligence gathering, computer systems that were basically the key to any war time decision making.
When we needed new equipment or needed any infrastructure work done we had to use Korean contractors. We did an upgrade of the entire system about halfway through my tour and most of the work was done by Korean contractors. Tell me how much sense that makes. Do you honestly think that they haven't planted equipment that allows them to see what we are working on?
Our govt acts as though they are concerned with national security yet they give away the keys to kingdom all the time. This stuff going on with fake routers doesn't surprise me one bit.
[ link to this | view in thread ]
Registration
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: worse yet.....
In 'Ghan they hire a local contractor to wire the metal storage containers that were converted to apartments (don't ask) and the whole thing is done with one color of wire, cables running through puddles, and no grounding.
I will not let a local anywhere near my communications networks and I buy the equipment myself and inspect each unit personally.
[ link to this | view in thread ]
Re: Re: worse yet.....
We had the same problem in Viet Nahm hiring locals who would pace off the size of the compound and any high-value targets. Next day the mortars would come in with pin-point accuracy.
To have integrity, the military need to do it all, that is why we have cooks, bakeries, laundry units, etc. in the military, and the soldiers have to take their turn at gurad, shit burning, etc.
Some day we will study the lessons learned from pat conflicts and apply them to current one...
nrk
[ link to this | view in thread ]
Re: worse yet.....
information about the systems that handle classifed material (hardware vendors, versions of unix, etc.) is also classified, so if the phony brand name of the equipment was leaked, chances are it was for non-classified (though possibly still sensitive) material.
[ link to this | view in thread ]
Been there. Called the cops.
[ link to this | view in thread ]
Re: worse yet.....
[ link to this | view in thread ]
Re: Been there. Called the cops.
Definition:e.g = for example: as an example; "take ribbon
snakes, for example"
Your e.g. is an opinion, not an example. It contains hostile emphasis and swearing in just seven words. Good thing your opinion is humble. Keep it that way.
[ link to this | view in thread ]
Dlbrt: Like I told you, turn it upside down and shake,
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Been there. Called the cops.
[ link to this | view in thread ]
Re: Re: Been there. Called the cops.
[ link to this | view in thread ]