THE MANCHURIAN MICROCHIP
magazine. When one factors in the number of attacks each day to US
national security type computer systems - supposedly originating in
the PRC, this article gives one pause for thought.
"THE MANCHURIAN MICROCHIP
The myth: Chinese intelligence services have concealed a microchip in
every computer everywhere, programmed to 'call home' if and when
activated. The reality, it may actually be true.
All computers on the market today - be they Dell, Toshiba, Sony, Apple
or especially IBM - are assembled with components manufactured inside
the People's Republic of China. Each component produced by the
Chinese, according to a reliable source within the intelligence
community, is secretly equipped with a hidden microchip that can be
activated at any time by China's military-intelligence service.
'It is there, deep inside your computer, if they decide to call it
up,' the security chief of a multinational corporation told The
Investigator.
'It is capable of providing Chinese intelligence with everything
stored on your system - on everyone's system - from email to
documents. I call it Call Home Technology.
'It doesn't mean to say they're sucking data from everyone's computer
today; it means the Chinese think ahead - and they now have the
potential to do it when it suits their purposes.'
(Source: Robert Enriger, "The Investigator", 18 October 2008,
http://cryptome.info/0001/
hyphen in manchu-chip.htm.]"
It is highly unlikely that it is everywhere.
It is highly likely that it is somewhere.
Note that research results show that no more than 10K gates
are required to trojan a chip; 10K will not be found absent
decomposition and electron microscopy comparing what is there
with original chip masks. In the meantime, that very important
levels of control can be hidden more efficiently than a needle
in a haystack is both an opportunity for our side and for their
side, for all values of "our" and "their."
See www.dafca.com for one example of a good guy value of "our."
It is important to realize that true security is not possible
without hardware support, but if the hardware is trojaned then
true security is not possible and permanently so.
--dan
DAFCA is leveraging its patented validation and debug technology to meet the needs of the emerging Hardware Assurance segment of the cyber security market. The two key goals of Hardware Assurance are:
- Counterfeit detection, assuring for chip functional or logic equivalence, and that the chip is not unauthorized and unlicensed, and; Anti-Tampering/system protection (sabotage and unauthorized use prevention), assuring there are no functional or logic differences in how the chip performs and that the chip is authorized and licensed.
- DAFCA is currently developing Hardware Assurance solutions that will address these two critical areas with proprietary methods and innovative products that are natural extensions of its patented validation and debug core technology.
And now the Manchurian microchip
Robert Eringer
October 18, 2008 7:13 AM
The geniuses at Homeland Security who brought you hare-brained procedures at airports (which inconvenience travelers without snagging terrorists) have decreed that October is National Cyber Security Awareness Month. This means The Investigator -- at the risk of compromising national insecurities -- would be remiss not to make you aware of the hottest topic in U.S. counterintelligence circles: rogue microchips. This threat emanates from China (PRC) -- and it is hugely significant.
The myth: Chinese intelligence services have concealed a microchip in every computer everywhere, programmed to "call home" if and when activated.
The reality: It may actually be true.
All computers on the market today -- be they Dell, Toshiba, Sony, Apple or especially IBM -- are assembled with components manufactured inside the PRC. Each component produced by the Chinese, according to a reliable source within the intelligence community, is secretly equipped with a hidden microchip that can be activated any time by China's military intelligence services, the PLA.
"It is there, deep inside your computer, if they decide to call it up," the security chief of a multinational corporation told The Investigator. "It is capable of providing Chinese intelligence with everything stored on your system -- on everyone's system -- from e-mail to documents. I call it Call Home Technology. It doesn't mean to say they're sucking data from everyone's computer today, it means the Chinese think ahead -- and they now have the potential to do it when it suits their purposes."
Discussed theoretically in high-tech security circles as "Trojan Horse on a Chip" or "The Manchurian Chip," Call Home Technology came to light after the Defense Advanced Research Projects Agency (DARPA) launched a security program in December 2007 called Trust in Integrated Circuits. DARPA awarded almost $25 million in contracts to six companies and university research labs to test foreign-made microchips for hardware Trojans, back doors and kill switches -- techie-speak for bugs and gremlins -- with a view toward microchip verification.
Raytheon, a defense contractor, was granted almost half of these funds for hardware and software testing.
Its findings, which are classified, have apparently sent shockwaves through the counterintelligence community.
"It is the hottest topic concerning the FBI and the Pentagon," a retired intelligence official told The Investigator. "They don't know quite what to do about it. The Chinese have even been able to hack into the computer system that handles our Intercontinental Ballistic Missile system."
Another senior intelligence source told The Investigator, "Our military is aware of this and has had to take some protective measures. The problem includes defective chips that don't reach military specs -- as well as probable Trojans."
A little context: In 2005 the Lenovo Group in China paid $1.75 billion for IBM's PC unit, even though that unit had lost $965 million the previous four years. Three congressmen, including the chairman of the House Armed Services Committee, tried to block this sale because of national security concerns, to no avail. (The PRC embassy in Washington, D.C., maintains a large lobbying presence to influence congressmen and their staffs through direct contact.)
In June 2007, a Pentagon computer network utilized by the U.S. defense secretary's office was hacked into -- and traced directly back to the Chinese PLA.
A report presented to Congress late last year characterized PRC espionage as "the single greatest risk to the security of American technologies." Almost simultaneously, Jonathan Evans, director-general of MI5, Britain's domestic security and counterintelligence service, sent a confidential letter to CEOs and security chiefs at 300 UK companies to warn that they were under attack by "Chinese state organizations" whose purpose, said Mr. Evans, was to defeat their computer security systems and steal confidential commercial information.
The Chinese had specifically targeted Rolls-Royce and Shell Oil.
The key to unlocking computer secrets through rogue microchips is uncovering (or stealing) source codes, without which such microchips would be useless. This is why Chinese espionage is so heavily focused upon the U.S. computer industry.
Four main computer operating systems exist. Two of them, Unix and Linux, utilize open-source codes. Apple's operating system is Unix-based.
Which leaves only Microsoft as the source code worth cracking. But in early 2004, Microsoft announced that its security had been breached and that its source code was "lost or stolen."
"As technology evolves, each new program has a new source code," a computer forensics expert told The Investigator. "So the Chinese would need ongoing access to new Microsoft source codes for maintaining their ability to activate any microchips they may have installed, along with the expertise to utilize new hardware technology."
No surprise then that the FBI expends much of its counterintelligence resources these days on Chinese high-tech espionage within the United States. Timothy Bereznay, while still serving as assistant director of the FBI's Counterintelligence Division, told USA Today, "Foreign collectors don't wait until something is classified -- they're targeting it at the research and development stage." Mr. Bereznay now heads Raytheon's Intelligence and Information Systems division.
The PRC's intelligence services use tourists, exchange students and trade show attendees to gather strategic data, mostly from open sources. They have also created over 3,500 front companies in the United States -- including several based in Palo Alto to focus on computer technology.
Back in 2005, when the Chinese espionage problem was thought to be focused on military technology, then-FBI counterintelligence operations chief Dave Szady said, "I think the problem is huge, and it's something we're just getting our arms around." Little did he know just how huge, as it currently applies to computer network security.
The FBI is reported to have arrested more than 25 Chinese nationals and Chinese-Americans on suspicion of conspiracy to commit espionage between 2004 and 2006. The Investigator endeavored to update this figure, but was told by FBI spokesman William Carter, "We do not track cases by ethnicity."
Excuse us for asking. We may be losing secrets, but at least the dignity of our political correctness remains intact.
Oh, and Homeland Security snagged comic icon Jerry Lewis, 82, trying to board a plane in Las Vegas with a gun -- no joke.
If you have a story idea for The Investigator, contact him at reringer@newspress.com. State if your query is confidential.
I would be looking towards economics rather than SciFi as a potential attack vector. But given the fact that China is our banker, I find it highly unlikely they would shoot themselves in the foot by attacking their milk cow...
JMHO
Faulty US software was to blame for one of the biggest non-nuclear explosions the world has ever seen, which took place in a Siberian natural gas pipeline, according to a new book published on Monday.
At the Abyss: An Insider's History of the Cold War, written by Thomas C. Reed, a former Air Force secretary who served in the US National Security Council during the Reagan administration, documents how software and other technology was deliberately created with flaws as part of US attempts to undermine the Soviet economy.
In his book, Reed says the pipeline explosion was just one example of "cold-eyed economic warfare" against the Soviet Union at a time when the US was trying to block Western Europe from importing Soviet natural gas. The CIA slipped the flawed software to the Soviets in a way they would not detect it, according to Reed.
The book is likely to add fuel to the debate over open-source software, which many governments are examining with increasing interest. The Chinese government is one such, with Red Flag Linuxgaining increasing traction in China, and proprietary software companies such as Microsoft scrambling to reassure them that the closed-source model does not pose risks.
"In order to disrupt the Soviet gas supply, its hard currency earnings from the West, and the internal Russian economy, the pipeline software that was to run the pumps, turbines, and valves was programmed to go haywire, after a decent interval, to reset pump speeds and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds," Reed wrote. "The result was the most monumental non-nuclear explosion and fire ever seen from space."
"While there were no physical casualties from the pipeline explosion, there was significant damage to the Soviet economy. Its ultimate bankruptcy, not a bloody battle or nuclear exchange, is what brought the Cold War to an end. In time the Soviets came to understand that they had been stealing bogus technology, but now what were they to do? By implication, every cell of the Soviet leviathan might be infected. They had no way of knowing which equipment was sound, which was bogus. All was suspect, which was the intended endgame for the operation."
The faulty software was slipped to the Russians after an agent recruited by the French and dubbed "Farewell" provided a shopping list of Soviet priorities, which focused on stealing Western technology.
Exactly one year ago, China officials announced that the country hadsigned a pact with Microsoft that would give them access to the highly protected Windows operating system source code. Microsoft chairman Bill Gates hinted at the time that China would be privy to all, not just part, of the source code its government wished to inspect.
The Chinese government and military have previously stated their preference for the rival Linux operating system because its source code is made publicly available.
Source code makes it easier to understand the inner workings of an operating system, and without access to the code, governments like China fear that back doors may be installed to leak out sensitive information.
China is also said to be readying its own 64-bit server chip, as part of an effort to control more of the intellectual property that the country uses.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Maybe it doesn't call home but their other triggers to do other things.
I am concerned, it doesn't sound feasable for it to call home but
one needs to think out side the box.
Not just in terms of hardware vs software, but in terms of triggers
and actions.
Gerald
Tactical Internet Systems analyst
.
Labels: THE MANCHURIAN MICROCHIP
posted by gerald at
2/17/2009 11:27:00 PM
READ MORE
READ OR SUBSCRIBE, Our WAR OSINT on Twitter
Tweet
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home