Wednesday, October 22, 2008

And now the Manchurian microchip

The geniuses at Homeland Security who brought you hare-brained procedures at airports (which inconvenience travelers without snagging terrorists) have decreed that October is National Cyber Security Awareness Month. This means The Investigator -- at the risk of compromising national insecurities -- would be remiss not to make you aware of the hottest topic in U.S. counterintelligence circles: rogue microchips. This threat emanates from China (PRC) -- and it is hugely significant.

The myth: Chinese intelligence services have concealed a microchip in every computer everywhere, programmed to "call home" if and when activated.

The reality: It may actually be true.

All computers on the market today -- be they Dell, Toshiba, Sony, Apple or especially IBM -- are assembled with components manufactured inside the PRC. Each component produced by the Chinese, according to a reliable source within the intelligence community, is secretly equipped with a hidden microchip that can be activated any time by China's military intelligence services, the PLA.

"It is there, deep inside your computer, if they decide to call it up," the security chief of a multinational corporation told The Investigator. "It is capable of providing Chinese intelligence with everything stored on your system -- on everyone's system -- from e-mail to documents. I call it Call Home Technology. It doesn't mean to say they're sucking data from everyone's computer today, it means the Chinese think ahead -- and they now have the potential to do it when it suits their purposes."

Discussed theoretically in high-tech security circles as "Trojan Horse on a Chip" or "The Manchurian Chip," Call Home Technology came to light after the Defense Advanced Research Projects Agency (DARPA) launched a security program in December 2007 called Trust in Integrated Circuits. DARPA awarded almost $25 million in contracts to six companies and university research labs to test foreign-made microchips for hardware Trojans, back doors and kill switches -- techie-speak for bugs and gremlins -- with a view toward microchip verification.

Raytheon, a defense contractor, was granted almost half of these funds for hardware and software testing.

Its findings, which are classified, have apparently sent shockwaves through the counterintelligence community.

"It is the hottest topic concerning the FBI and the Pentagon," a retired intelligence official told The Investigator. "They don't know quite what to do about it. The Chinese have even been able to hack into the computer system that handles our Intercontinental Ballistic Missile system."

Another senior intelligence source told The Investigator, "Our military is aware of this and has had to take some protective measures. The problem includes defective chips that don't reach military specs -- as well as probable Trojans."

A little context: In 2005 the Lenovo Group in China paid $1.75 billion for IBM's PC unit, even though that unit had lost $965 million the previous four years. Three congressmen, including the chairman of the House Armed Services Committee, tried to block this sale because of national security concerns, to no avail. (The PRC embassy in Washington, D.C., maintains a large lobbying presence to influence congressmen and their staffs through direct contact.)

In June 2007, a Pentagon computer network utilized by the U.S. defense secretary's office was hacked into -- and traced directly back to the Chinese PLA.

A report presented to Congress late last year characterized PRC espionage as "the single greatest risk to the security of American technologies." Almost simultaneously, Jonathan Evans, director-general of MI5, Britain's domestic security and counterintelligence service, sent a confidential letter to CEOs and security chiefs at 300 UK companies to warn that they were under attack by "Chinese state organizations" whose purpose, said Mr. Evans, was to defeat their computer security systems and steal confidential commercial information. ... -cryptome

No comments: