Can you trust Chinese computer equipment?

full story here

China bugs and burgles Britain

 

What is bad is that those business people accepted the unsolicited so called presents. Of course MI5 does not stoop to such behavior, they offer much better ones

 

True. I can't imagine MI5 or MI6 are any cleaner ethically than the Chinese secret services.

 

Nor is the CIA, NSA or any other special intelligence service. Intelligence is not a place to "play by the rules". They would never get anywhere. You think they have a tendency to foul up now? Wait until they start doing things the way (I'll use my own country as an example) Congress wants them to do it. We citizens would be knee deep in horse manure so fast our heads would spin until they flew off our shoulders and up into the sky.

Intelligence is a dirty, downright filthy cheaters kind of game. Sometimes you have to be buddy buddy with lesser evils to get to the greater evils. It's just the way it is. As far as this equipment trusting deal, the U.S is doing it, Britain is doing it, why shouldn't the Chinese? If you've read any of my past posts, you'll know that I always say what one country is doing to gather intelligence, so are other countries. It's always been this way. Again, it is a dirty, low down game.

Here's a question for you. We all know about the various ways our governments are eroding privacy day by day. We all know that whomever controls data, controls all. We know now about the ability to bug computer components to gather intelligence, and we know that at least one country has been proven to do it. Read over this post, and look down at your system case. Do you trust the spinning disks, the microscopic chips busily transferring data back and forth?

I'm not asking you to run your little antimalware apps. I'm talking about playing with the big boys now. Can you say 1000% that there is absolutely nothing in your system right now that is not compromised? *Plays with his tin foil armor and winks*

 

If there is some type of backdoor in the firmware, chipset drivers etc, the only way to detect it that I know of will be to detect it's backdoor behavior. That would require monitoring all traffic in and out of that PC for an extended period. Chances are that such a backdoor would only send data when it receives a certain signal. Since most PCs are behind some form of modem/router that blocks unsolicited inbound, that signal would have to be solicited, aka, compromised web sites like Google or a service like the time servers, unless there's something that will go through a router that we're not aware of.

 

Provided the router/modem is not one of the compromised components. But yes, it would take analyzing traffic very carefully to catch this sort of thing, and home users won't have that kind of system in place...unless they are one of us Wilders members

 

This is a very well known and very old concern. In fact, the U.S. government will ask for copies of the firmware in specialized hardware and the microcode of CPU's before it allows them to be used in sensitive areas. That is, they will either inspect the code with their own experts or will hire somebody to clear it. I read about a specific example of this some months back, but unfortunately cannot recall where. It seems like it had something to do with hardware used in fighter jets.

But as for your run of the mill desk jockey at the CIA running a typical Windows box, this could be a real problem. However, the adversaries who are planting the trojans will find it difficult to predict exactly what software will be running on the machine, and this is important if one wants to awaken the trojan in the field.

But the opposite is true too. The NSA, CIA, and probably MI5/6 are also interested in doing this to the enemy, you can bet on that. In fact I read an article about this just the other day. Quote:

If you don't think the US military, with all of its billions of spending on the Cyber Command, hasn't already contemplated how to put trojans in hardware, then I have a bridge to sell ya.

 

What you can trust isn't bound by borders. Who is the enemy?

As do some big businesses and contractors sometimes a prerequisite due to contract, insurance or law.

 

Flylogic Engineering performs hardware and software security analysis of semiconductors.

 

Call me crazy, but I do not trust hardware made by Lenovo. However, I do sometimes use software made in China, like for example Maxthon browser, Orbit Downloader and GOM Player.

 

Your crazy.

 

I have to agree with Peter. I trust Chinese hardware and software.

 

I wouldn't automatically dismiss the possibility that new PCs being compromised at the factory, or label it as paranoid. Too much of what was considered paranoid thinking a few years ago is reality today. Ten years ago, no one would have believed that criminals would control botnet armies of over 100,000 or that they could be used to knock entire nations offline. Given the damage cyber warfare could do, I would find it very hard to believe that the military of many nations didn't sit up and take notice. In a closed or controlled society where much of the industry is under government control, what makes you think that nations government wouldn't make use of such an opportunity, with their potential enemies willingly buying the weapons that will turn on them? Spying and data theft might be the least of our problems if such a scenario is true. Think of the possibilities if new computers started launching DDOS attacks from within our own borders, possibly coming from the very infrastructure we're trying to protect. The potential consequences are too great to just call this paranoid and disregard it.

Then we come to the operating system that's installed on this potentially compromised hardware, the one that the NSA "helped secure". The hardware spying for one nation while the OS spies for another. Throw in a few rootkits and trojans for the criminals. Anyone else need access to my PC?