Hardware imported from China could leave U.S. open to cyber-threats
Summary: Cybersecurity advisor Richard Clarke warns that imports of chips, routers and hardware from China and other foreign suppliers could leave the U.S. open to cyber-attacks and cyber-threats.
Richard Clarke, counter-terrorism czar for three U.S. presidents, believes that imports of chips, routers and hardware from Chinese and other foreign suppliers is leaving the U.S. open to cyber-warfare, cyber-espionage and cyber-sabotage.
In an interview with the Smithsonian, Clarke claims "every major company in the United States has already been penetrated by China."
He further claims that trade secrets and intellectual property are being stolen by hackers and funnelled back to China.
Another of his worries is that all the electronic components and devices used by U.S. homes and businesses are being made in China, and other foreign suppliers. These, Clarke claims, could be implanted with "logic bombs", trapdoors and "Trojan horses", which could be activated on command remotely.
Clarke says that his greatest fear is not that the U.S. will suffer a "cyber-Pearl Harbor event" but that instead it will be a "death of a thousand cuts".
He fears the U.S. will lose its competitive edge because of "research and development stolen by the Chinese," as "company after company in the United States spends millions, hundreds of millions, in some cases billions of dollars on R&D and that information goes free to China."
Pretty scary stuff. But should we be listening to Clarke?
History suggests that we should. He was the man who failed to get the White House to act on his warnings that al-Qaeda were planning an attack on American soil. Later, during his testimony to the 9/11 Commission he delivered his famous apology: "Your government failed you."
On the other hand, if Trojan horses in hardware and cyber-espionage are commonplace, where's the evidence? Where there is evidence for selective cyber-attacks, such as the one carried out against Adobe and Google, there's very little to suggest that these attacks are widespread -- certainly to the extent that it affects "every major company in the United States."
It's just so hard to imagine that something of that scale wouldn't leave traces behind.
Image credit: Wikimedia Commons.
Related:
- China claims US started global 'Internet war' after Google attack
- Chinese documentary shows military university attacking U.S. targets
- China state media disputes recent hacking claims as ‘irresponsible’
- China claims no involvement in Gmail hacking
- ZDNet Government: U.S. finally acknowledges Chinese and Russian cyber-threat
- Did Chinese security firm snag too many American security secrets before the barn door closed?
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Political Grandstanding, fear mongering
These are pretty strong accusations he has made.
Where is the substantion of his claims?
He is going to have to back up his assertions.
In the meantime, I would suggest not getting paranoid when you read it.
Not like...
We already know they are hacking everything in sight stealing IP! That is not a giant step to go to the next level. Of course in the name of bigger profits we can ignore the problem until it is too late.
How big does the already impressive pile of evidence have to get?
Read the article, because it's obvious you haven't
rock
He was right about 911; that's goo enough for me!!!!
No need to panic
Until you are hit by a 9/11 equivalent? That's the most stupid strategy to adopt.
Uh Oh!
Lots of evidence out there
Nil
Correct, his interview did not cite any specific example
What part are you having problems with? Hardware trojans? Lots of examples like that ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5342391 The Raytheon study? The study is classified. Foreign infiltration?
Sorry, when it comes to corporate espionage and government espionage, quite a bit of information is not dissemeninated to the average Dietrichs. But, anyone privy to high tech manufacturing will be cognizant of the threat, if unable to discuss it publically.
WTF?
Seriously, it is time to end the constant procession of career politicians running our country! All they care about is how to line their own pockets!
Paradox .....
Go figure.
We should worry since they only seem to follow the rules that suit them and disregard the rest.
Interesting times indeed.
Where's the ownership?
So its Clark's fault that the white house failed to heed his warning? Does the author think that the white house just might share in that responsabiliyt? I know Bush and Cheney don't want to own any responsability for failure to act on the warnings they were receiving but we don't need to advance that myth here.
If you think....
Where's the DIRECT evidence?
First, we know that there have been successful attacks against American companies, Adobe and Google being the foremost examples. Where is the evidence that these attacks were the result of hardware-borne vulnerabilities? From everything I've read, it's far more likely that they were the result of standard pen-testing methodology, plus social engineering and opportunistic use of software and system-wide vulnerabilities.
Second, the scale of the conspiracy necessary for these "logic bombs" to be of any widespread use is mind-boggling. Where's the evidence for the presence of these built-in cybernetic backdoors? Are we so complacent that we'd just blithely assume that everything coming from outside our borders is without flaw? My own experience tells me that if there are errors in billions of pieces of hardware, we'd be seeing more specific problems, as the faulty items fail in unforeseen ways. I don't for a minute think that many if not most of the items we get from outside the US don't go through security testing, either in the open or behind closed doors by our security apparatus.
I respect Richard Clarke - he does have a track record. But, in this matter, I'm going to have to be pretty skeptical.
Here's the ironic thing...
Unortunately
Sorry to Interrupt But...
Look at it as a financial bomb