Attacks/Breaches
11/20/2008
06:11 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

China Targets U.S. Computers For Espionage, Report Warns

The 2008 Annual Report to Congress urges tighter computer security measures to prevent data loss or corruption.

The USCC report also warned about the risks posed by IT hardware manufactured abroad.

"The global supply chain for telecommunications items introduces another vulnerability to U.S. computers and networks," the report says. "Components in these computers and networks are manufactured overseas -- many of them in China. At least in theory, this equipment is vulnerable to tampering by Chinese security services, such as implanting malicious code that could be remotely activated on command and place U.S. systems or the data they contain at risk of destruction or manipulation. In a recent incident, hundreds of counterfeit routers made in China were discovered being used throughout the Department of Defense. This suggests that at least in part, Defense Department computer systems and networks may be vulnerable to malicious action that could destroy or manipulate information they contain."

Such concerns have been circulating for years in government security circles. But action may be at hand. On Tuesday, civilian and defense procurement groups published a notice in the Federal Register seeking comment on whether federal acquisition rules should be revised to require that "contractors selling information technology (IT) products (including computer hardware and software) represent that such products are authentic."

In February, the FBI announced that its ongoing anti-counterfeiting campaign had resulted in more than 400 seizures of fake Cisco equipment worth more than $76 million. A five-page FBI PowerPoint presentation dated Jan. 11, 2008, summarizes some of the agency's findings in its investigation of fake Cisco gear. It notes that fake hardware is vulnerable to supply chain subversion and attack, and could allow others to access to systems meant to be secure.

For more security insights, InformationWeek has published its 2008 Strategic Security Survey. Download the report here (registration required).

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7876
Published: 2015-03-31
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via unknown vectors.

CVE-2015-0900
Published: 2015-03-31
Cross-site scripting (XSS) vulnerability in schedule.cgi in Nishishi Factory Fumy Teacher's Schedule Board 1.10 through 2.21 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVE-2015-0901
Published: 2015-03-31
Cross-site scripting (XSS) vulnerability in the duwasai flashy theme 1.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2015-2106
Published: 2015-03-31
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial of service via unknown vectors.

CVE-2015-2108
Published: 2015-03-31
Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.