Should We Be Concerned That The Military Will Use Counterfeit Routers Bought Off eBay?

from the it's-not-pretty dept

There was a story last week that got a lot of press about how the FBI discovered that the military was using a ton of counterfeit technology equipment, including thousands of fake Cisco routers. Dan Wallach has an excellent writeup looking at the security implications of what happened. From the description, it certainly doesn't sound like any of the equipment was found to include any kind of questionable technology for spying, but the point is that it would have been easy enough if someone had wanted to do so. Basically, the background is that while the government only buys equipment from approved vendors, those vendors can subcontract out the actual tech purchases to anyone. That leads to situations where (no joke) one subcontractor purchased a bunch of fake routers off of eBay and then resold them to the government via an authorized vendor. Or, try to follow the details of the case of the US Navy contracting with Lockheed Martin for equipment. Lockheed outsourced the deal to an unauthorized Cisco reseller as a subcontractor. That subcontractor turned to its own subcontractor who (yup, you guessed it) hired another subcontractor who shipped the equipment straight to the Navy. If you lost count, that's five layers deep, with most of those layers having no real oversight on what they did. You would think the government (and especially the military) would be a bit more careful in where it sourced its products from, but it certainly doesn't seem as though that's the case at all. Given all that, it's almost difficult to believe that compromised equipment hasn't been sold to the government at some point.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 14 May 2008 @ 9:19am

    All encryption is decipherable.
    All equipment is or can be potentially compromised.
    All ur bases r belong 2 us.

    Clearly this breakdown of government contractors needs to be investigated and addressed, but one large lesson learned is the value of end-to-end encryption. Cryptography that stays technologically ahead of attempts to thwart it.

    I hate to say that "obscurity" is the best solution, but if we continue to shake up our encryption protocols, dilute sensitive information in a flood of nonsensical garbage and challenge authenticity ultimately end to end, the equipment in the middle of a cloud is less of an attractive target.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.