Friday, August 27, 2010

The silent enemy within

News broke this week which revealed that back in 2008, the US Pentagon was infiltrated by a virus which made its way onto supposedly secure systems by way of an infected USB drive.

Before this malware was detected and eradicated, it's possible that confidential data had already been transmitted to persons-unknown, leaving the US administration with egg on its face.

As a result of this event, significant changes have been made to the protocols surrounding the use of such devices on Pentagon and other important government networks, with assurances given that a repeat of this fiasco would be most unlikely.

However, some are not so sure.

When an array of Western companies found their computer systems under attack earlier this year, it was reported that those attacks came from China, most likely sponsored by the Chinese Government. It is sobering therefore to realise that a surprisingly high number of peripheral devices and the chips contained in them are now manufactured in China.

While it has been fairly easy to mitigate the risk posed by malware infected USB drives, how can any organisation be sure that similar threats are not quietly lurking inside the chips which perform otherwise mundane tasks in components such as network cards, disk controllers, modems, routers, etc?

If any government or other organisation was seeking to gain access to data stored on computers used by Western governments or businesses, it would be quite feasible to insert the required trojan programming into the micro-code used in these specialist chips and activate it in response to a specific trigger.

The fact that we haven't seen any instances of this to date is no indication that it hasn't already been done. Such attacks may have not yet been detected and even if they were, it's quite possible that just as in 2008 at the Pentagon, they have been hushed-up so as to avoid embarrassment or to make it easier to determine where the data is going and who is responsible.

As the demand for some components grows at a pace which seems to outstrip the primary manufacturer's ability to supply, a door is opened to second-tier suppliers who may be willing to allow a little extra code to be added in return for a significant back-hand payment from nefarious parties.

It will be interesting to see what unfolds in the months and years ahead -- but when it does happen, remember this column.

No comments:

Post a Comment