Schneier on Security
A blog covering security and security technology.
« The Problems with Data Mining |
| Movie Clip Mistaken for Al Qaeda Video »
May 24, 2006
Counterfeit Electronics as a Terrorist Tool
Winning my award for dumb movie-plot threat of the week, here's someone who thinks that counterfeit electronics are a terrorist tool:
Counterfeit Electronics as Weapons of Mass Disruption?
Some customers may consider knockoff clothing and watches to be good values, but counterfeit electronics can be devastating. What would happen, then, if some criminal element bent on wreaking havoc and inducing public panic were to intentionally introduce such a bogus product into the electronics supply chain -- malfunctioning printed-circuit boards in a critical air-traffic-control system, say, or faulty parts into automobile braking systems? Even the suggestion that such an act had occurred might set off a wave of recalls and might ground suspect systems.
EDITED TO ADD (6/2): Here's another article:
"Many attacks of this kind would have two components. One would alter the process control system to produce a defective product. The other would alter the quality control system so that the defect wouldn't easily be detected," Borg says. "Imagine, say, a life-saving drug being produced and distributed with the wrong level of active ingredients. This could gradually result in large numbers of deaths or disabilities. Yet it might take months before someone figured out what was going on." The result, he says, would be panic, people afraid to visit hospitals and health services facing huge lawsuits.
Deadly scenarios could occur in industry, too. Online outlaws might change key specifications at a car factory, Borg says, causing a car to "burst into flames after it had been driven for a certain number of weeks". Apart from people being injured or killed, the car maker would collapse. "People would stop buying cars." A few such attacks, run simultaneously, would send economies crashing. Populations would be in turmoil. At the click of a mouse, the terrorists would have won.
Posted on May 24, 2006 at 11:57 AM
• 39 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Like what if they made all the tires for Ford SUVs blow out at high speed killing your whole family.
Or what if the power cord for the Xbox burned down your house...
The real world is way ahead of the Terrorist.
Obviously, this would-be anti-terrorism adviser doesn't know that this has ALREADY HAPPENED.
The scenario was the formula for the electrolyte in capacitors. Stolen it was, but without a crucial secret ingredient. Billions of capacitors and a year or so later, they start to leak or even explode. Owners of early Apple Airports will know what I mean.
As to air-traffic control systems, I think they have a little better handle on their component acquisition chain than midnight shopping at Bob's Bargain Barn for Happy Panda Air-Traffic Control Systems. The author clearly knows nothing at all about MIL-spec parts, or even redundancy engineering in systems.
This isn't even a dumb movie-plot threat. It's just dumb.
As if major aircraft and automotive manufacturers would by counterfeit electronics, or implement any vendor's product without extensive internal testing!
I laughed so hard at this, my sides hurt (and the author owes me one new keyboard).
Its not like the CIA was ever rumored to have inserted problem code into pirated components destined for a Soviet pipeline control facility......
Truth or fiction, it has been thought of before.
I laugh because you mention the braking system of a car. I own a Mercedes which has the SBC braking system, a drive by wire system that has been very problematic. Multiple failures have been reported. We didn't need terrorists to make these braking systems fail, we just needed plain old engineers trying to make a useful product.
And the United States government is going to avoid buying laptops from the Chinese company Lenovo, since the product line was sold to them by IBM. The government is worried that Lenovo, at the behest of the Chinese government, will sneak in spy technology.
a critical air-traffic-control system
Wouldn't that still require manufacturing counterfeit vacuum tubes?
I worked for a large helicopter company recently, which had three mailboxes to report part and equipment failure around the world. Helicopters are falling apart ALL the time.
A crash in Brazil was determined to be caused by a faulty rotor gear #3 (whatever that is).
An investigation started into why this rotor gear failed. The interesting and topical part of the story was the rotor gear had been pulled out of another helicopter 8 years earlier after it failed an inspection. Someone decided instead of throwing it out put it back on the shelf and sell it.
We don't need terrorist to insert faulty parts greed does it for us.
>Wouldn't that still require manufacturing counterfeit vacuum tubes?
And secretly inserting a tiny explosive device into each and every one, that when detonated unleashed the vacuum confined within the tube, sucking up a tiny amount of vital air in the process. When all detonated at once, the resulting large-scale vacuum would suck the air right out of the lungs of the air-traffic controllers, causing them to pass out, and all the airliners they were controlling would then collide in spectacular mid-air collisions.
The horror, oh god, the HORROR!
Actually we DO have a problem with bogus airplane parts :-(
Stu Savory, CFII
You're right, it's a decent article. Sadly, the sidebar really erodes the credibility of the main article. It makes me wonder how something so obviously goofball could end up in such an otherwise serious discussion.
It's like engaging in a serious discussion with, say, a security expert, who brings up lots of thoughtful and useful information, but as soon as, say, squid is mentioned, the apparent expert starts making suggestions about how to squid-proof all the computer systems and network connections located in coastal cities, and ESPECIALLY the ones located in major aquariums, because ya know, squid are so clever, and their tentacles can manipulate switches, and their eyes are 3X more efficient than even a night-vision assisted human, and octopuses have even been known to escape their tank and invade nearby tanks of especially attractive prey creatures. It's not that it wouldn't be an amusing sidebar, but it would make me wonder about the credibility of the recommendations that came before.
how to squid-proof all the computer systems
Now *there's* a movie plot threat for you!
The problem w/ MilSpec has already caused a problem when "mis-marked" bolts and nuts got into the supply chain.
If that's an example of terrorism, why weren't the CEOs and CFOs of the companies involved (and the board members) taken to a bullet-pocked wall and shot? After all, these are the folks exhorting those below them to "find economies" in order to maximize shareholder value!
Heck, look at hiring illegal immigrants-- d'you really think a low-level manager is going to even consider taking such a chance unless he's under pressure to minimize costs?
The hell of it is that counterfeiting of "better" parts isn't anything new, but some folks want to draw a line and say "from this day forward it's a terrorist instead of a white-collar criminal".
"One of the most effective forms of industrial or military sabotage limits itself to damage that can never be thoroughly proven - or even proven at all - to be anything deliberate. It is like an invisible political movement; perhaps it isn't there at all. If a bomb is wired to a car's ignition, then obviously there is an enemy; if public building or a political headquarters is blown up, then there is a political enemy. But if an accident, or a series of accidents, occurs, if equipment merely fails to function, if it appears faulty, especially in a slow fashion, over a period of natural time, with numerous small failures and misfirings- then the victim, whether a person or a party or a country, can never marshal itself to defend itself."
Philip K. Dick "A Scanner Darkly"
Yeh, what if the terrorists put lead in paint and polluted the cities for many years affecting the health of kids? Doh! oh right, greed head corporations...
Oh how about selling an addictive drug that ups the health care costs breaking the treasury of the USA doh! oh right, the tobacco companies ...
What if the terrorists put a chemical in our water supply to poison us...
yeah the gas companies already put the MTBE in there.
What if the terrorists put a micro filament into our consumer goods to poison us.. Oh yeah, asbestos companies.....
what if the terrorists encouraged us to use a dangerous source of energy instead of oil that could destroy vast tracts of land.. Oh yeah GE and nucular power already did that....
How bout if they sold candy to babies and it made them fat and gave em sacher-krank (diabetes) oh yeah the soda companies and corn syrup - sugar industry did it.
How bout a dangerous system of transport with many catastrophic failures that kill 40-50 thousand a year!
doh, the auto industry is way ahead of them terrorists.
Face it, the terrorists cant even give us more than a few deaths/year over the decades. Our corperations do in hundreds or thousands each day at our expense and their profit.
So who is the enemy?
Hmm. Sounds familiar. While searching for a writeup of the incident where the US sold a buggy control system for an oil pipeline, I found this link back to SOS.
Bravo on adding the preview as well.
What if the terrorists put faulty software into voting machines thereby allowing them to 'elect' anyone they wanted regardless of who the public actually voted for?! That would be awful!
clint: What if the terrorists didn't rig the elections?
This quote from Philip DIck, by 'scnnr darkly':
"One of the most effective forms of industrial or military sabotage limits itself to damage that can never be thoroughly proven - or even proven at all - to be anything deliberate."
provoked a couple of thoughts. On the one hand, in discussions elsewhere of the purported risks of open-source software, I have argued that a super-secret three-letter spy agency -- like the KGB in the former USSR -- would be much more likely to try to muck around with the hardware than with O/S software, because hardware backdoors would be much harder to detect. So if someone wants to do something secretly -- perhaps just cause economic mischief -- than maybe this works.
On the other hand, in a curious way, that makes mucking with hardware much less suitable as a tactic for terrorism. As Bruce has frequently pointed out, the objective of terrorism is to cause terror: panic, and the breakdown and disruption of ordinary civil society. It seems to me that means that, for maximum impact, the terrorists must be able to plausibly claim credit for any damage. But, as other previous comments have said, there are so many everyday failures due to incompetence, greed, and stupidity, it might be hard for a terrorist to get anyone's attention.
Just imagine: Osama bin Laden releases a video claiming he's responsible for the latest security flaw affecting Windows PCs. Yawn.
I know something about counterfeited goods. My speciality is in pharmaceuticals but I keep up to date on other areas as well.
I have not seen anything on terrorists introducing counterfeit or adulterated good to our system. I do know that there is a tremendous problem with stuff as mundane as nuts and bolts. They will come in rated for a certain tensile strength and fail at considerably less.
More counterfeit WD-40 lubricant is sold arond the world than legitimate product. It's why they have shaped cans, to try to reduce this.
Items as complex as complete Honda motorcycles are being counterfeited and sold.
Counterfeiting IS a serious problem for every manufacturer. It is a serious potential problem for any buyer.
Purposeful adulteration is fairly easy to do and could easily cause a nationwide panic. Look what happened with Tylenol in 82.
So what does this bode for our outsourcing the construction of military components to Dubai?
The idea that "regular" domestic corporations are already committing acts along the lines (see Joe Soda Drinker's examples above) is interesting. What if we could actually label these explicitly as "terrorist" acts? (After all, we seem to be able to call pretty much anything a "terrorist" act these days.) Perhaps we could turn all this madness to our advantage and clean up a lot of our environmental and health issues this way.
> how to squid-proof all the computer systems
8^) The answer is Astroturf. For some reason, cephalopods can't crawl over it or grip it. So aquaria suffering from excessive cephalopod somnambulence line the lip of the tank with Astroturf. So, more furry green consoles!
Back to topic: the article as presented does really seem quite dumb. But seen in the context of the paragraph from which it was linked it isn't quite so obviously silly:
"The bill's goal was to ensure that the Pentagon had secure suppliers, but had it become law, it also would have had the effect of controlling bogus parts [see sidebar, "Counterfeit Electronics as Weapons of Mass Disruption?"]. "
In other words, the claim is not that terrorists might use bogus electronics to attack consumers, but that foreign companies controlled by hostile governments might engineer well-hidden trapdoors for nefarious purposes (espionage being perhaps more likely than sabotage).
This is not so improbable because several such examples are known to have actually occurred. There are obvious countermeasures. For example, you could reverse-engineer every new mod of every chip supplied, and x-ray, say, 10% of all received chips to ensure they do not deviate from the one you examined. However this would be far more expensive than using a trustworthy supplier, and even then you could not guarantee that the supplier could not outsmart you somehow, with features which do not show up on the x-ray, or which your reverse engineers do not understand.
"one possibility is a time-delayed defect, designed to cause a product to fail after some predictable period."
that's called planned obsolescence, and it was invented by our auto industry. the "predictable period" is about one month longer than the warranty period.
The term for such covert hardware tampering is 'chipping'.
It's discussed in the book 'Information Warfare', by Winn Schwartau, in chapter nine.
Malicious code, embedded in the chips mass-produced by states like China, with which we have current economic dealings with, but may also have possible future military confrontations with, pose a risk.
Flaws that are so subtle as to be considered just poor quality-control, could have much deeper implications.
Imagine very common circuit components, like IC opamps or timer chips, manufactured to make them extremely susceptible to EMP, far more so then normal.
Nothing important, right? But given how common these IC's are, and in how many products they're used in, you can kiss most modern technology goodbye from a single near-space nuke blast.
To anyone who tests them, they'd simply think "Cheap chinese junk". To the chinese military, they're stragetic assets in case of a war.
Sun Tzu is a required reading for their military strategists, and one of his precepts in the importance of spies and traitors in the enemies camp.
How insidious is a 'traitor' that you never suspect? Like the one in your phones, cars, computers, hospital life support, railroad switchs, etc. etc.
>What would happen, then, if some >criminal element bent on wreaking havoc >and inducing public panic were to...
-find a way to make oxygen poisonous to humans.
-make water dissolve mammals.
-get humanity to abandon Microsoft.
FUD. FUD. FUD.
These senarios sound remarkably similar to the way non-counterfeit electronics are designed and manufactured.
Electronic components are designed to fail after a certain lifetime; it increases sales (and makes manufacturing cheaper).
How about microprocessors designed to fail/give erroneous data/spy on you? Doesn't it sound alot like the horror stories we've all been hearing about TPM for the past few years?
I don't think components are purposely designed to fail, I think they are cheaper that way. Consider long life alkaline batteries vs conventional. It's cost, is all.
But putting back door trapdoors into software makes sense because the cost is so low and the product doesn't fail till you want it to.
Like the French attacking the Argentines in the Malvinas/Falklands by crashing the software for the Exocet cruise missiles. That might have happened, but it hasn't been confirmed in an official publication, like the attack on Russia in the pipeline explosion.
--"So who is the enemy?"
While your overall point is good, I'd suggest some different spins on several of the examples you give. Such as MBTE, which is certainly not something to blame on the gas companies, who pretty much hate it because -- among other things -- it really messes with their logistics. They'd quite happily drop it if it were legal to do so.
Similar problems attend the others, but I think I'll stay out of arguing things like nuclear power here.
Like the French attacking the Argentines in the Malvinas/Falklands by crashing the software for the Exocet cruise missiles. That might have happened, but it hasn't been confirmed in an official publication, like the attack on Russia in the pipeline explosion.
That didn't happen. Out of the 5 airlaunched Exocet on hand, 2 struck MV Atlantic Conveyor and 1 HMS Sheffield, one failed to launch, and one was seduced by chaff/ECM.
If the French were somehow interfering with the software (how? - not networked), they can't have been very good at it. 80% of them flew, and 75% hit their targets, 100% of which sank. That's with interference? What would they have been like without?
FUD, FUD, FUD, 'til daddy took the bullshit away...
Remember in The Stand - the plague is unleashed when the containment system gets a faulty-made component installed into it, and subsequently fails when the carrier escapes the military base with his family.
But what a bunch of crap. Screw with my power stations or water supply and I will get a whole lot more scared - low-tech terror isn't all that difficult to perpetrate.
A foreign pc manufaturer ships millions of its latest box to the U.S. market. Each has a specialy modified power supply capable of a controled duration shortcircuit to the line side. The firmware (bios) is setup so that on a certain time and date, the power supply "pings" the line side with a brief (10 msec) short and listens for other units to ping. The million boxes then cordinate their shorting cycles, along with any compromised appliances (TVs, microwaves, etc.) to execute a 'DOS' attack on the power grid, causing a cacading failure of the whole thing. The individual pulses are kept short enough so that the appliances and pc's don't fail or blow any local fuses/breakers, and return to normal operation if/when power is restored.
(Also, IP conections may play a part...)
While I don't disagree with you that the story is unlikely as given, I'd like to make a couple of minor corrections:
> If the French were somehow interfering with the software (how? - not networked)
French technicians were working in Argentina from November 1981 till the end of the war, outfitting and servicing the missiles. The most common version of the claim is that they sabotaged the control software directly.
It *has* been claimed that it was done with "secret codes" -- but only by Mitterand's psychoanalyst, who is not regarded as an expert in missile control. Notably someone who does know what he was talking about, Sir John Nott (British Secretary of State for Defence during the war) has claimed in his memoires that France helped British intelligence to thwart Argentina's attempts to source grey-market replacement Exocets. Conceivably it is a reference to this which Mitterand's psychoanalyst overheard.
Secondly, "how? - not networked" -- well, Exocets have active radar terminal guidance. That means they have a (powerful, specialised) radio transceiver. And while I don't know it for a fact, I would be very surprised if this radar did not include EFF capabilities. I don't think that anything like that was done because it would have been far more effective, but it certainly is not technically impossible.
>... MV Atlantic Conveyor and 1 HMS Sheffield ...
Your numbers don't seem quite right; what about HMS Glamorgan, the third British ship hit (which was moderately damaged by fire, but did not sink because the warhead failed to explode)? Oh, I see, the attack on HMS Glamorgan was launched from a shore battery (of two missiles salvaged from the damaged ARA Guerrico's ship-borne launchers) and you're restricting it to "airlaunched Exocet". OK, but for the purposes of this analysis it is obviously irrelevant whether the Exocets where ground, ship or air launched (the Argentinians eventually had all 3), unless there is an argument that the French technicians only had access to airlaunched missiles. However, even accounting for that your list doesn't seem to accord with most accounts.
> 80% of them flew, and 75% hit their targets, 100% of which sank
I make that 86% of known launch attempts flew, with 6 successful launches; 50% of those (3) hit targets (in one case not the intended target); of those 67% (2) (possibly 100%) failed to explode; and of the three hits on ships one (33%) directly resulted in sinking, one (33%) indirectly resulted in sinking during a storm a week later, and one (33%) did NOT sink and was not even crippled.
The repeated failures to launch and 50% failure to hit (or 67% failure to hit intended target) could be blamed on software sabotage, although I doubt that was the case. The 67% failure to hit intended target could be attributed to very effective RN ECM, which may possibly have been assisted by the French providing detailed specifications of the guidance system. However the very high rate of failing to explode (possibly as high as 100%) appears to be an inherent flaw in the missile's design, as it was also observed with the much larger numbers of Exocets fired in the Iran-Iraq war.
In detail, most accounts list the Exocets fired as:
* multiple, repeated failures with the launch mechanism, nearly all of which were eventually rectified and Argentina ended up firing all the airlaunched Exocets it possessed plus one shore-launched naval one (most naval ones were lost when the General Belgrano was sunk);
* 2 airlaunched Exocets fired at HMS Sheffield (mistaken for HMS Hermes) on 4th May 1982, of which one passed by HMS Yarmouth without locking on and crashed at sea, and one struck HMS Sheffield but failed to explode, causing a severe fire which resulted in HMS Sheffield sinking a week later when struck by a gale whilst under tow;
* 2 airlaunched Exocets fired at HMS Invincible on 25th May, of which one crashed at sea (possibly after being hit by antiaircraft fire), while the second was decoyed with chaff but relocked onto MV Atlantic Conveyor, hit it, may or may not have exploded (witness accounts differ), and started a severe fire which caused it to sink later the same day;
* 1 airlaunched Exocet fired at HMS Invincible on 30th May, which the Argentinians claimed as a hit but Britain reported the missile was shot down by antiaircraft fire. Certainly if it was a hit -- which seems extremely unlikely -- then it did very little damage and caused no loss of life. The missile attack was followed up by iron bomb and cannon attacks by Argentinian Skyhawks, which apparently actually hit the hulks of other vessels which had already been damaged by bomb attacks.
* 1 ground launched Exocet fired at HMS Glamorgan on 12th June, hit, missile failed to explode, a fire was started but brought under control. The ship returned to the UK under its own power and was returned to service after a few months. Second missile in the same battery possibly failed to launch.
* Despite the great concern for the capabilities of the Exocet and new French built Super Etendards, far more damage was done by iron bombs mostly delivered by 30 year old Skyhawks. Overall 4 other RN ships (HMS Coventry, HMS Ardent, HMS Antelope, and RFA Sir Galahad) were sunk by iron bombs, and 7 others damaged.
What sources are you using for this information?
Most of what you quote agrees with stuff I've read, except for the bits about Exocets being "fired at HMS Invincible".
My understanding was that the aircraft carriers were never fired on -- the (Exocet-carrying) Super Etendards tended to fire on the first ship they saw, rather than trying to penetrate the escort screen. Consequently, they only ever targeted outlying destroyers and frigates.
This is (IIRC) according to Rear Admiral Sandy Woodward (the UK naval task force commander during the war), in his book "One Hundred Days".
@Roger and me
I believe that the Atlantic Conveyor was hit after the frigate that was actually targeted fired chaff and evaded -- the missiles then acquired the next target they saw along the flight line, which was the Conveyor. Apparently, Invincible was the next ship in line after that, so it's just as well (for the UK) that the Atlantic Conveyor was there to soak up the missiles.
The report of hitting the Invincible with an Exocet and following up with iron bomb attacks is attributed by Woodward to a contemporary Argentine newspaper report, presumably taken from the returning Argentine pilots' reports. However, he describes it as "the least accurate report of the war", saying that the attacks were made against one of the outlying escort frigates (I forget which), which was not hit by the Exocet (although the pilots may have mistaken the smoke from the frigate's 4.5 inch gun -- with which she was defending herself against the incoming aircraft -- as Exocet-induced fires).
Consider the real number of incidents related to bogus parts: the numbers are shockingly low.
There's no real meat to this and Barry Glassner knows it.
If you spend time on a search like google I just looked at several industry sites and mainly the problem is some pirated or bogus parts right up to parts with a short life and then go out.
I am doing a college report and its like you just screwed in the fuse and in 1 minute it blows out, looking at the package you though you saved money and what you did is bought a fake package of fuses that were made in a country that produced the junk, and they know some unwitted person was gullible enough to buy them.
so same for any part made to look alike cars right on to the cheapo head set you bought for your ipod.
you betcha you thought you saved money instead you wasted it on a cheap peice of junk.
any of you that posted spent some time doing research on what you just said ?
I did I went to some manufacturers web sites and other industry and engineering links, meanwhile back to the Term Paper.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.