Following Pakistan's recently introduced "Prevention of Electronic Crimes Ordinance 2008” according to which potential cyberterrorists would face the death penalty, a neighboring country, Iran, has recently executed an IT expert who confessed of being an Israeli spy for at least three years.
"Behind their backs he allowed the software he bought to be subtly doctored by Israeli computer engineers before it was imported to Iran. Ashtari confessed: “Mossad’s goal was to sell specialised computer equipment through me to Iranian intelligence organisations.” Ashtari revealed how he communicated with his Israeli controllers: “I received a laptop with encrypted software for fast e-mail communication,” he said. “They asked me to install bugging devices in the communications equipment I provided to my clients.”"
Once the physical security of the devices has been compromised, anything from remote control capabilities to scheduled malfunctioning through logic bombs could have been integrated within. Despite the fact that they wanted him to give a portable satellite Internet device to the Iranian government, it still remains unknown to what extend and what type of backdoored equipment he has already introduced on behalf of the foreign agents.
The concept of backdooring hardware is nothing new, take for instance such proof of concepts like the Illinois Malicious Processors (IMPs) allowing high level access to a system running the backdoored hardware. In fact, the potential for damage and espionage activities is so realistic, that in a leaked FBI presentation entitled "Cisco Routers" the agency assesses the risks posed by counterfeit Cisco routers somehow making it into the critical infrastructure network.
The weakest link? It's the subcontracting process.