Hardware imported from China could leave U.S. open to cyber-threats

Hardware imported from China could leave U.S. open to cyber-threats

Summary: Cybersecurity advisor Richard Clarke warns that imports of chips, routers and hardware from China and other foreign suppliers could leave the U.S. open to cyber-attacks and cyber-threats.


Richard Clarke, counter-terrorism czar for three U.S. presidents, believes that imports of chips, routers and hardware from Chinese and other foreign suppliers is leaving the U.S. open to cyber-warfare, cyber-espionage and cyber-sabotage.

In an interview with the Smithsonian, Clarke claims "every major company in the United States has already been penetrated by China."

He further claims that trade secrets and intellectual property are being stolen by hackers and funnelled back to China.

Another of his worries is that all the electronic components and devices used by U.S. homes and businesses are being made in China, and other foreign suppliers. These, Clarke claims, could be implanted with "logic bombs", trapdoors and "Trojan horses", which could be activated on command remotely.

Clarke says that his greatest fear is not that the U.S. will suffer a "cyber-Pearl Harbor event" but that instead it will be a "death of a thousand cuts".

He fears the U.S. will lose its competitive edge because of "research and development stolen by the Chinese," as "company after company in the United States spends millions, hundreds of millions, in some cases billions of dollars on R&D and that information goes free to China."

Pretty scary stuff. But should we be listening to Clarke?

History suggests that we should. He was the man who failed to get the White House to act on his warnings that al-Qaeda were planning an attack on American soil. Later, during his testimony to the 9/11 Commission he delivered his famous apology: "Your government failed you."

On the other hand, if Trojan horses in hardware and cyber-espionage are commonplace, where's the evidence? Where there is evidence for selective cyber-attacks, such as the one carried out against Adobe and Google, there's very little to suggest that these attacks are widespread -- certainly to the extent that it affects "every major company in the United States."

It's just so hard to imagine that something of that scale wouldn't leave traces behind.

Image credit: Wikimedia Commons.


Topics: Enterprise Software, Emerging Tech, Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Political Grandstanding, fear mongering

    You have to wonder what his hidden agenda is.
    These are pretty strong accusations he has made.
    Where is the substantion of his claims?

    He is going to have to back up his assertions.
    In the meantime, I would suggest not getting paranoid when you read it.
    Dietrich T. Schmitz *Your
    • Not like...

      We have a boat load of tainted products, from medicine to baby formula to doggy snacks. Free market in China operates on a different level and with different rules. Seriously if the Chinese govt. required companies to put some backdoor support in they would do it!

      We already know they are hacking everything in sight stealing IP! That is not a giant step to go to the next level. Of course in the name of bigger profits we can ignore the problem until it is too late.
    • How big does the already impressive pile of evidence have to get?

      How many incidents tracked back to China does it take before the Chamberlains of this world figure it out? I too would like to believe that China is basically good, but hell even our allies pull espionage stunts on us. And besides, we do the same to all of them - allies and others alike. Welcome to the realities of the world.
    • Read the article, because it's obvious you haven't

      He didn't say it HAD happened, he said it COULD happen and that we should be wary of it. Do YOU trust the Chinese government to not do something like this to anyone, because I don't.
    • rock

      You live under a rock don't you? Probably at the bottom of a cave somewhere.
    • He was right about 911; that's goo enough for me!!!!

    • No need to panic

      "In the meantime, I would suggest not getting paranoid when you read it."

      Until you are hit by a 9/11 equivalent? That's the most stupid strategy to adopt.
  • Uh Oh!

    Isn't pretty much *all* hardware made in China?
  • Lots of evidence out there

    Clarke is not stating anything new. Foreign corporate espionage is nothing new and it *is* widespread. Read "A Region Based Approach for the Identification of Hardware Trojans" And, it is not just the Chinese. You only know of a few examples because corporate America generally does not publicize the fact that they have been infilrated.
    Your Non Advocate
    • Nil

      There is no evidence of back doors cited by him. Not you.
      Dietrich T. Schmitz *Your
      • Correct, his interview did not cite any specific example

        Did you expect him to?

        What part are you having problems with? Hardware trojans? Lots of examples like that ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5342391 The Raytheon study? The study is classified. Foreign infiltration?

        Sorry, when it comes to corporate espionage and government espionage, quite a bit of information is not dissemeninated to the average Dietrichs. But, anyone privy to high tech manufacturing will be cognizant of the threat, if unable to discuss it publically.
        Your Non Advocate
  • WTF?

    Really? This is something pretty much every average Joe could have predicted when we started allowing tech to be exported years ago and now our government is finally supposed to catch on?

    Seriously, it is time to end the constant procession of career politicians running our country! All they care about is how to line their own pockets!
  • Paradox .....

    The strange thing is that here is a country that is profoundly communist yet is every bit as capitalist as the West.
    Go figure.
    We should worry since they only seem to follow the rules that suit them and disregard the rest.
    Interesting times indeed.
    da philster
  • Where's the ownership?

    "He was the man who failed to get the White House to act on his warnings that al-Qaeda were planning an attack on American soil."

    So its Clark's fault that the white house failed to heed his warning? Does the author think that the white house just might share in that responsabiliyt? I know Bush and Cheney don't want to own any responsability for failure to act on the warnings they were receiving but we don't need to advance that myth here.
  • If you think....

    If you think you are doing business on your terms in China or if there is little risk to your intellectual property and products you ignore history. They will do everything and anything to continue their one party Communist state. Once and a while they will get caught and a few punished but they're great at window dressing.
  • Where's the DIRECT evidence?

    There a couple of things missing here.

    First, we know that there have been successful attacks against American companies, Adobe and Google being the foremost examples. Where is the evidence that these attacks were the result of hardware-borne vulnerabilities? From everything I've read, it's far more likely that they were the result of standard pen-testing methodology, plus social engineering and opportunistic use of software and system-wide vulnerabilities.

    Second, the scale of the conspiracy necessary for these "logic bombs" to be of any widespread use is mind-boggling. Where's the evidence for the presence of these built-in cybernetic backdoors? Are we so complacent that we'd just blithely assume that everything coming from outside our borders is without flaw? My own experience tells me that if there are errors in billions of pieces of hardware, we'd be seeing more specific problems, as the faulty items fail in unforeseen ways. I don't for a minute think that many if not most of the items we get from outside the US don't go through security testing, either in the open or behind closed doors by our security apparatus.

    I respect Richard Clarke - he does have a track record. But, in this matter, I'm going to have to be pretty skeptical.
  • Here's the ironic thing...

    The US produces tech that we expect the world to consume without question (Blackberry, Android, iOS, Google, Microsoft, the Internet, etc.). During the post-9/11 hysteria, it was well-known that US intelligence was gaining access to various tech segments in the name of counter-terrorism, much to the consternation of most foreign governments relying on it. Why would we question that other governments wouldn't want the same access and advantages in anything they are producing?
    • Unortunately

      Most of that tech is now owned by communist China.
    • Sorry to Interrupt But...

      The Blackberry is a Canadian product. This how successful they were in "concealing" the origin of something deemed as vital and secure. Otherwise, Americans wouldn't buy it. Many products, especially business software, are of Canadian origin but a "head" office address in the US had to be put on to sell it. And, apparently, Nortel, one of the world's biggest telecommunications company was hacked for 10 years maybe causing bankruptcy. Strangely, much of these problems started when American CEOs were hired. Hmmmm..... To me this is evidence where America had and still has a superiority complex. Why do you think everyone is so angry on this blog? Good ole US may be attacked by the "enemy". Should grow up and learn to play in the World's sandbox instead of just your own.
  • Look at it as a financial bomb

    What would happen to businesses here if communist China suddenly stopped importing these components? We have lost the capability to replace them on even a limited capability. We talk about the importance of oil imports, but if we do not ween ourselves off of China's cheap labor we could suffer more than a slow death to our economy. Right now China owns a significant part of our economy. That needs to change.