Counterfeit products are a routine threat for the electronics industry. However, the more sinister specter of an electronic Trojan horse, lurking in the circuitry of a computer or a network router and allowing attackers clandestine access or control, was raised again recently by the F.B.I. and the Pentagon.

The new law enforcement and national security concerns were prompted by Operation Cisco Raider, which has led to 15 criminal cases involving counterfeit products bought in part by military agencies, military contractors and electric power companies in the United States. Over the two-year operation, 36 search warrants have been executed, resulting in the discovery of 3,500 counterfeit Cisco network components with an estimated retail value of more than $3.5 million, the F.B.I. said in a statement.
The F.B.I. is still not certain whether the ring’s actions were for profit or part of a state-sponsored intelligence effort.

The potential threat, according to the F.B.I. agents who gave a briefing at the Office of Management and Budget on Jan. 11, includes the remote jamming of supposedly secure computer networks and gaining access to supposedly highly secure systems. Contents of the briefing were contained in a PowerPoint presentation leaked to a Web site, Above Top Secret.
A Cisco spokesman said that the company had investigated the counterfeit gear seized by law enforcement agencies and had not found any secret back door.
“We did not find any evidence of re-engineering in the manner that was described in the F.B.I. presentation,” said John Noh, a Cisco spokesman. He added that the company believed the counterfeiters were interested in copying high volume products to make a quick profit. “We know what these counterfeiters are about.”
An F.B.I. spokeswoman, Catherine L. Milhoan, said the agency was not suggesting that the Chinese government was involved in the counterfeiting ring. “We worked very closely with the Chinese government,” she said. Arrests have been made in China as part of the investigation, she said. “The existence of this document shows that the cyber division of the F.B.I. has growing concerns about the production and distribution of counterfeit network hardware.”
Despite Cisco’s reassurance, a number of industry executives and technologists said that the threat of secretly added circuitry intended to subvert computer and network gear is real.
“There are enormous vulnerabilities in our defense and national security infrastructure,” said Peter Levin, a former Clinton administration official who is chief executive of DAFCA, a Framingham, Mass., company that designs systems to prevent malicious tampering with computer chips. “We outsource the manufacturing of computer integrated circuits to places that can manufacture these devices cheaply.”
Last month, the Pentagon’s Defense Advanced Research Projects Agency began distributing chips with hidden Trojan horse circuitry to military contractors who are participating in the agency’s Trusted Integrated Circuits program. The goal is to test forensic techniques for finding hidden electronic trap doors, which can be maddeningly elusive. The agency is not yet ready to announce the results of the test, according to Jan Walker, a spokeswoman for the agency.
The threat was demonstrated in April when a team of computer scientists from the University of Illinois presented a paper at a technical conference in San Francisco detailing how they had modified a Sun Microsystems SPARC microprocessor by altering the data file on a chip with nearly 1.8 million circuits used in automated manufacturing equipment.

The researchers were able to create a stealth system that would allow them to automatically log in to a computer and steal passwords. The danger of such hidden circuitry is that it could potentially undermine the strongest computer security protections by essentially giving an attacker a secret key to gain access to a network or a computer.


“It’s very difficult to detect and discover these issues,” said Ted Vucurevich, the chief technology officer of Cadence Design Systems, a company that provides design tools for chip makers. “That was one of the reasons” for the testing program.
Modern integrated circuits have billions of components, he said: “Adding a small number that do particular functions in particular cases is incredibly hard to detect.”

The potential threat of secret hardware-based backdoors or kill switches has been discussed for several decades. For example, the issue came up during the 1980s with a Swiss cryptography company, Crypto, which has been under suspicion of having installed back doors in its systems to give the National Security Agency access to encoded messages.

The issue was raised again during the first Iraq war and more recently in the Israeli bombing of a suspected Syrian nuclear plant. In both cases there has been speculation that booby-trapped antiaircraft equipment had been remotely turned off.

 

By JOHN MARKOFF;SAN FRANCISCO — NYT; May 9, 2008