Highlights

– US Department of Justice announces seizure of $76 million worth of counterfeit network hardware
– Counterfeit hardware has reportedly caused network failures
– Fear that counterfeit network hardware could also be used as a backdoor into US government and military networks

On February 28, 2008, the US Department of Justice (DOJ) announced the seizure of more than 400, “counterfeit Cisco network hardware and labels with an estimated retail value of more than $76 million. It is being led by [Immigration and Customs Enforcement] ICE, [Customs Border Patrol] CBP and the [Federal Bureau of Investigation] FBI working in conjunction with the Criminal Division’s Computer Crime & Intellectual Property Section, U.S. Attorney’s Offices across the country, and the RCMP (Royal Canadian Mounted Police).” It has been reported that Chinese manufacturers produced much of the seized counterfeit networking equipment.

According to Assistant Attorney General Alice S. Fisher, “counterfeit network hardware entering the marketplace raises significant public safety concerns and must be stopped.” Fisher further noted, “it is critically important that network administrators in both private sector and government perform due diligence in order to prevent counterfeit hardware from being installed on their networks (source).”

The Prevalence of Counterfeit Equipment

According to Nick Tidd, managing director of 3Com Canada Inc. and formerly the president of the Alliance for Gray Market and Counterfeit Abatement, forged network equipment have been sneaking into supply chains since early 2004 (source). Media reports of catastrophic network failures elucidate the threat posed by counterfeit Cisco network equipment. In October 2006, Network World reported that MortgageIT, a residential mortgage banking company, suffered severe network failures resulting in days of downtime across its enterprise as a result of counterfeit Cisco network equipment (source).

The threat to public safety is evident as critical components of our infrastructure are highly dependent on Internet connectivity. For example, should the computer network of a power plant or electricity transmission grid crash, engineers will have an increasingly difficult time monitoring and maintaining the generation and supply of electrical power.

China’s Backdoor

Additional reports indicate that the FBI is also investigating the possibility that counterfeit Cisco networking equipment produced in China may also be used by the Chinese government to access backdoors into US government and military computer networks. FBI investigations have revealed that counterfeit Cisco networking equipment has been purchased by a number of US government and military organizations.

It has been speculated that some of these counterfeit pieces of networking equipment may have also been produced for reasons other than profit. For example, some security experts point out that a counterfeit Cisco router placed on a US government system could be used by Chinese hackers to siphon off sensitive US government data.

While the fear of network disruption is certainly realistic, as evidenced by the example of MortgageIT’s network failure, it is unlikely, though not impossible, that the Chinese government is using counterfeit networking equipment to spy on the US government and military.

A Red Herring

Previously reported incidents of cyber espionage attributed to Chinese hackers have for the most part followed a pattern. Hackers have penetrated various US government networks, as well as the networks of private sector defense contractors via the use of virus laden phishing emails. According to media reports many of these attacks have been successful.

The success of the phishing email strategy to some degree obviates the need to invest in the more costly and less reliable strategy of counterfeiting networking equipment. The counterfeit equipment strategy is a less reliable means of espionage as the Chinese government would not have any means of reliably forcing specific US government organizations to procure the corrupted networking hardware.

In contrast, espionage via phishing allows for precise and targeted attacks and is also far less costly as it doesn’t require the manufacture of physical goods. Therefore, these type of attacks can be launched repeatedly with little cost.

Further, the inherent unreliability of counterfeit networking equipment makes it an unsuitable espionage platform. Each time one of these counterfeit devices fails a source of intelligence would be burned. In contrast, phishing emails are unlikely to cause network wide failures. Further, as US government network administrators constantly patch their networks clean out Chinese controlled Trojan horses Chinese hackers can simply and easily re-launch a new phishing attack and quickly regain their access.

As such it should be expected that hackers sponsored by China, as well as other nation states, will continue to use the phishing attack route as a preferred means of attack.