by Mike Masnick
Wed, May 14th 2008 8:38am
There was a story last week that got a lot of press about how the FBI discovered that the military was using a ton of counterfeit technology equipment, including thousands of fake Cisco routers. Dan Wallach has an excellent writeup looking at the security implications of what happened. From the description, it certainly doesn't sound like any of the equipment was found to include any kind of questionable technology for spying, but the point is that it would have been easy enough if someone had wanted to do so. Basically, the background is that while the government only buys equipment from approved vendors, those vendors can subcontract out the actual tech purchases to anyone. That leads to situations where (no joke) one subcontractor purchased a bunch of fake routers off of eBay and then resold them to the government via an authorized vendor. Or, try to follow the details of the case of the US Navy contracting with Lockheed Martin for equipment. Lockheed outsourced the deal to an unauthorized Cisco reseller as a subcontractor. That subcontractor turned to its own subcontractor who (yup, you guessed it) hired another subcontractor who shipped the equipment straight to the Navy. If you lost count, that's five layers deep, with most of those layers having no real oversight on what they did. You would think the government (and especially the military) would be a bit more careful in where it sourced its products from, but it certainly doesn't seem as though that's the case at all. Given all that, it's almost difficult to believe that compromised equipment hasn't been sold to the government at some point.
If you liked this post, you may also be interested in...
- Malware Hunts And Kills Poorly Secured Internet Of Things Devices Before They Can Be Integrated Into Botnets
- Self Driving Taxis Are Going To Be A Nightmare To Secure, Warns Ex-Uber Security Researcher
- The Teddy Bear And Toaster Act Is Device Regulation Done Wrong
- Command Line Interface Copyright Case: Not Fair Use... But Not Infringing Thanks To Scenes A Faire
- EFF Wants Cisco Held Responsible For Helping China Track, Torture Falun Gong Members