INTL440 - Assignment#2 - Case Study - Patterson, Megan
docx
keyboard_arrow_up
School
American Public University *
*We aren’t endorsed by this school
Course
440
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
8
Uploaded by DeanGalaxy14946
1
Operation Cisco Raider:
Exploring China’s Backdoor into the U.S.
Megan Patterson
Cyber Warfare
Course number: INTL440
15 January, 2023
2
Introduction
As technology rapidly progresses, cyber threats have defined the nature of modern warfare. The options available for achieving victory span a broad range of actions, and it could be considered that victory resides in control of critical adversarial components as opposed to outright killing. The digital age presents a relatively unrestricted access node directly to a country’s nerve center, fundamentally shifting the battlefield and blurring the lines between war and peace time (Ventre 2010). Further, globalization has paved the way for
porous supply chains and inroads to target adversary networks and critical infrastructure. China has repeatedly been accused of sourcing major cyber-attacks and criminal cyber activity and has demonstrated intention and capability of employing information and cyber warfare across the international stage. In 2010, the U.S. Department of Justice and the Department of Homeland Security stated that law enforcement agencies had seized more than
$143 million in counterfeit network hardware made in China, resulting in 30 convictions (Homeland Security Newswire 2010). The case of counterfeit Cisco equipment highlights the
threats apparent in U.S. government procurement processes and the potentially catastrophic risks in a defense industry which utilizes the lowest bidder.
The Attack – Counterfeit Hardware
Circa 2008, reports were circulated regarding the discovery of a large number of counterfeit Cisco equipment that had been installed in critical U.S. infrastructure and utilized throughout government facilities. The equipment included various models of routers, switches, GigaBit Interface Converters (GBIC), and WAN Interface Cards (WIC), all of which had tell-tale signs of counterfeit production such as “dirty” welding, out-of-place components, and incorrect coloring. However, these items were significantly less expensive than their genuine counterparts. An example included in an official Federal Bureau of Investigation (FBI) document lists a counterfeit 1721 Router at $234 while the genuine 1721
3
Router would cost $1,375. Much of this counterfeit network hardware could be traced back to
China, and Cisco was a logical target as it owned 80% of the market share in the early 2000’s
(Mister.old.school 2008). At the start of the twentieth century, the level of digital sophistication considered commonplace by today’s standards was just starting to unfold. With that growth and evolution, cyber security standards and industry best-practices were a step behind and, unfortunately, the market was left vulnerable to attack. While the initial case of counterfeit Cisco equipment highlighted threats to the supply chain and production standards, the threat itself has long been, and continues to be, an appealing attack vector for persistent access or disruption of critical networks. Should the potential remaining counterfeit products, or any future products which are introduced into critical infrastructure, contain malware for zero-day
exploits, the resulting effects could prove catastrophic for the U.S. Efforts are ongoing to address supply chain issues throughout the U.S. defense industry and abroad (Edwards 2022).
This specific case brought attention to the subcontracting process and supply chain routing of government acquisitions. Very often a U.S. Government contractor may utilize an approved U.S. General Services Administration (GSA) information technology (IT) vendor to
purchase equipment. However, the process by which that approved vendor acquires its equipment is often through multiple layers of subcontractors. Without a firm supplier code of conduct or means of reporting for liability, these subcontractors were able to effectively counterfeit items (Menz 2018). Furthermore, the supply chain itself was targeted with inroads
directly from China, through foreign countries, and even via eBay. Some of the open-source examples presented from FBI investigations include eGlobe Solutions Inc., Syren Technology, and MortgageIT. eGlobe Solutions Inc. and Syren Technology were both indicted for trafficking counterfeit products, and both companies sold to various U.S. military
and government entities to include the FBI, Federal Aviation Administration, Defense
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
Contractors, Raytheon, and more. Taking this issue a step further, Lockheed Martin, a well-
known American aerospace, arms, defense, and information security corporation, won a bid for a U.S. navy project and, upon failing to use a GSA IT vendor or authorized Cisco reseller,
discovered it had purchased and used over $250,000 worth of counterfeit equipment. Additionally, it was discovered that non-government organizations were targeted as well, and
even authorized resellers were selling counterfeit equipment (Mister.old.school 2008). Desired Outcome
This persistent attack highlights the threat of low-cost Cisco equipment providing a vector for future system exploits via network penetration. As for the desired outcome of the attack, it is difficult to determine considering the many levels of operation, various individuals and corporations involved, vast amount of equipment effected, and one critical intelligence gap in particular: was this for profit or state-sponsored? Despite the lack of insight on the adversary’s desired outcome in this particular instance, there are many viable concerns which arise from this threat vector. At the most basic level, flooding the market with counterfeit products is a relatively simple method of conducting illegal business, and it is one that is very likely to continue for the foreseeable future due to low investment and processing costs. This is especially true for products which carry a well-known and trustworthy brand name and typically sell at premium
prices. Not only do such events result in a loss of revenue for the targeted company as well as
a loss in consumer confidence, it can also reveal critical security flaws (Janushkevich 2020). Theft of intellectual property can lead to enhanced knowledge of sensitive technologies and applications, increasing the capability of adversary to reverse engineer critical components and better understand potential vulnerabilities present in networked systems. While the case of counterfeit Cisco equipment could have been as simple as opportunistic and illegal profit, the origin of the materials and the widespread nature of the attack (i.e. multiple vendors,
5
purchasers, corporations, and various IT products), raises concerns regarding the likelihood of security risks lurking behind the scenes. In late 2008, the Chinese government reportedly had plans for a mandatory security accreditation for IT products developed by foreign firms, requiring those companies to disclose their software source code. Access to this sensitive form of intellectual property raised the question of whether the Chinese government merely wanted to assess vulnerabilities to malware and viruses, or if it would go so far as to make changes to products
without the knowledge or consent of the intellectual property’s owner (Michael 2008). Either way, it shows a clear concern in assumption of unknown risks inherent in the use of digital electronic products, especially should those products be counterfeit. The fact that the Chinese
government would consider taking such steps could indicate its own fear of such risks, or it could have been a means to increase access to information. Backdoor access and unreliable IT hardware not only poses a potential security concern, but also presents risks with respect to health and safety. Consider a hospital or pharmaceutical company using a counterfeit Cisco network hardware component that subsequently malfunctions or fails to operate altogether. In such environments, an equipment failure could be catastrophic and cause real harm to life (Claburn 2008). Malicious software or firmware could leave a network vulnerable to attacks, whether from a nation-state or an independent hacker, and allow for persistent control or disruption of critical networks (Edwards 2022). Despite a statement from a Cisco spokesman claiming an investigation into the seized counterfeit gear had not revealed any backdoor access, the inability of law enforcement to fully remove all counterfeit products leaves this as a plausible threat at large (Homeland Security Newswire 2010). Therefore, the overall intent behind the attack could potentially be for financial gain, malicious cyber activity, or both. Regardless of the intent, this attack could be considered successful across the board considering the U.S. and its global
6
partners are still struggling to define the scope of this attack and rectify issues throughout the supply chain and within procurement processes.
Concealing Tracks and Victim Response
Concerns were raised by the FBI and U.S. intelligence community with respect to the Chinese origin of the Cisco equipment and subsequent proliferation. These concerns paved the way for the FBI’s multi-agency counter-counterfeiting initiative called Operation Cisco Raider. Through the efforts of this operation, law enforcement estimated the number and value of counterfeit equipment to be much higher than what was reported. Customs and Border Protection (CBP) only seized registered items – if there was no label, there was no seizure – and it is simply not possible to check every shipping container. Additionally, the FBI noted that items were arriving via Chinese postal service, meaning much smaller shipments. Often these shipments were of separate hardware and software which were then assembled in the U.S. (Mister.old.school 2008). Even if the attackers were not intentionally working to cover their tracks, the sheer magnitude of literal moving pieces and various applications was enough to obfuscate years’ worth of malicious activity.
By 2012, the rising prevalence of counterfeit parts proliferated throughout the defense
supply chain had become a national security concern. A bipartisan amendment – passed as section 818 of the 2012 National Defense Authorization Act – stated the intent to “stop the importation of counterfeit electronic parts in the United States, address weaknesses in the defense supply chain and to promote the adoption of aggressive counterfeit avoidance practices by the DOD and the defense industry” (Menz 2018). While section 818 provided improved regulations and guidance for ensuring compliance in reporting requirements for contractors and subcontractors, it failed to provide guidance for reviewing, assessing, or validating these various systems. Since the widespread discussion and awareness of the counterfeit Cisco equipment, the U.S. Department of Justice has collaborated with the
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
7
Immigration and Customs Enforcement (ICE) as part of the Homeland Security Enterprise along with the FBI to combat the demand for purchase and sales of counterfeit products. This
includes education efforts led by the National Intellectual Property Rights Coordination Center (IPR Center) for the public regarding intellectual property theft.
Conclusion
While the case of counterfeit Cisco products has become a metric for number of items
confiscated and convictions, the extent of the damage done and the ongoing threat to the supply chain remains an unanswered concern. Is it possible there are zero-day exploits waiting inside firmware of equipment yet to be discovered, or backdoor access points being used to collect sensitive information? Unfortunately for the U.S. military and government, these concerns weren’t assuaged following multiple convictions and the introduction of various new laws and best practices. Instead, this threat vector is a persistent challenge and the lessons learned from Operation Cisco Raider continue to serve as an important reminder of cyber security practices and the true costs of network reliability to this day.
8
References
Claburn, Thomas. 2008. “Operation ‘Cisco Raider’ Nets $76 Million in Fake Gear.” Information Week, February 29, 2008. https://www.informationweek.com/it-
life/operation-cisco-raider-nets-76-million-in-fake-gear
Edwards, John. 2022. “How to Combat Counterfeit Network Gear: Spotting Phony Gear Can Be Tricky. Here’s How to Avoid Buying Fake Gear and What to Do If You Discover Counterfeit Devices on Your Network.” Network World (Online)
Homeland Security Newswire. 2010. “Operation targeting counterfeit network hardware from China yield convictions, seizures.” China Syndrome, May 12, 2010. https://www.homelandsecuritynewswire.com/operation-targeting-counterfeit-
network-hardware-china-yield-convictions-seizures?page=0,0
Janushkevich, Dmitry. 2020. “The Fake Cisco: Hunting for Backdoors in Counterfeit Cisco Devices.” F-Secure Consulting, Hardware Security Team. July 15, 2020. https://labs.withsecure.com/publications/the-fake-cisco
Menz, Ronald. 2018. “Can We Defend The Defense Supply Chain? Lessons Learned From Industry Leaders in Supply Chain Management.” Naval Postgraduate School, Homeland Security Affairs
Michael, Bret. 2008. “Are Governments Up to the Task?” IEEE Security & Privacy 6 (6): 4–
5. https://doi.org/10.1109/MSP.2008.137
Mister.old.school. 2008. "FBI Fears Chinese Hackers Have Back Door Into US Government & Military." Above Top Secret, April 21, 2008. http://www.abovetopsecret.com/ forum/thread350381/pg1 Tilley, Aaron. 2019. “Cisco Wins Legal Challenge in Battle Against Chinese Counterfeits; Networking-Gear Giant Seeks to Enlist Rivals to Fight Knockoffs.” The Wall Street Journal. Eastern Edition, 2019
Ventre, Daniel. 2010. "Chinese Information and Cyber Warfare." E-International Relations, April 13, 2010. http://www.e-ir.info/?p=3845