This week, the FBI released information on “Operation Network Raider“. The FBI arrested 30 people and confiscated over 143 Million dollars of network gear from an international counterfeiting ring. The equipment is made overseas, China being one source, and then sold as “new” product. According to the press release:
Today, as a part of this joint initiative, Ehab Ashoor, 49, a Saudi Citizen who resides in Sugarland, Texas, was sentenced in the Southern District of Texas to 51 months in prison and ordered to pay $119,400 in restitution to Cisco Systems. A federal jury found Ashoor guilty on Jan. 22, 2010, of charges related to his trafficking in counterfeit Cisco products.
According to evidence presented at trial, Ashoor purchased counterfeit Cisco Gigabit Interface Converters (GBICs) from an online vendor in China with the intention of selling them to the U.S. Department of Defense for use by U.S. Marine Corps personnel operating in Iraq.
The computer network for which the GBICs were intended is used by the U.S. Marine Corps to transmit troop movements, relay intelligence and maintain security for a military base west of Fallujah, Iraq. The case was investigated by ICE and the Defense Criminal Investigative Service and was prosecuted by the U.S. Attorney’s Office for the Southern District of Texas.
Several red flags appear when you read this quote from the FBI’s statement.
- The suspect is from Saudi Arabia
- He is selling counterfeit equipment made in China
- The equipment was for the US military in Iraq
- The devices would be used to communicate troop movement, intelligence and security
China now does a lot of our manufacturing. One would have to ask the question, how hard is it to put a back door into networking equipment when you are manufacturing it? Spying using hardware is nothing new. During the cold war, the US installed cameras inside Xerox machines that were installed at the Russian embassy.
Also, what better way to compromise a network than to infiltrate equipment that has backdoors in it? Cisco recently made news by a security flaw in its built in backdoor called Lawful Intercept. This allows law enforcement to view data on the device without leaving any trace that the device had been monitored. Could the counterfeit equipment have this feature tampered with?
I just find it very disturbing that someone from Saudi Arabia is trying to sell the military counterfeit equipment to be sent into an area of operation. It begs the question, is equipment that has been compromised already placed in military and government locations?