Old Trick Threatens the Newest Weapons

Eugen Leitl eugen at leitl.org
Tue Oct 27 12:19:42 EDT 2009 

http://www.nytimes.com/2009/10/27/science/27trojan.html?8dpc=&pagewanted=all

Old Trick Threatens the Newest Weapons

By JOHN MARKOFF

Published: October 26, 2009

Despite a six-year effort to build trusted computer chips for military
systems, the Pentagon now manufactures in secure facilities run by American
companies only about 2 percent of the more than $3.5 billion of integrated
circuits bought annually for use in military gear.

That shortfall is viewed with concern by current and former United States
military and intelligence agency executives who argue that the menace of
so-called Trojan horses hidden in equipment circuitry is among the most
severe threats the nation faces in the event of a war in which communications
and weaponry rely on computer technology.

As advanced systems like aircraft, missiles and radars have become dependent
on their computing capabilities, the specter of subversion causing weapons to
fail in times of crisis, or secretly corrupting crucial data, has come to
haunt military planners. The problem has grown more severe as most American
semiconductor manufacturing plants have moved offshore.

Only one-fifth of all computer chips are now made in the United States, and
just one-quarter of the chips based on the most advanced technologies are
built here, I.B.M. executives say. That has led the Pentagon and the National
Security Agency to expand significantly the number of American plants
authorized to manufacture chips for the Pentagon s Trusted Foundry program.

Despite the increases, semiconductor industry executives and Pentagon
officials say, the United States lacks the ability to fulfill the capacity
requirements needed to manufacture computer chips for classified systems.

 The department is aware that there are risks to using commercial technology
in general and that there are greater risks to using globally sourced
technology,  said Robert Lentz, who before his retirement last month was in
charge of the Trusted Foundry program as the deputy assistant defense
secretary for cyber, identity and information assurance.

Counterfeit computer hardware, largely manufactured in Asian factories, is
viewed as a significant problem by private corporations and military
planners. A recent White House review noted that there had been several
 unambiguous, deliberate subversions  of computer hardware.

 These are not hypothetical threats,  the report s author, Melissa Hathaway,
said in an e-mail message.  We have witnessed countless intrusions that have
allowed criminals to steal hundreds of millions of dollars and allowed
nation-states and others to steal intellectual property and sensitive
military information. 

Ms. Hathaway declined to offer specifics.

Cyberwarfare analysts argue that while most computer security efforts have
until now been focused on software, tampering with hardware circuitry may
ultimately be an equally dangerous threat. That is because modern computer
chips routinely comprise hundreds of millions, or even billions, of
transistors. The increasing complexity means that subtle modifications in
manufacturing or in the design of chips will be virtually impossible to
detect.

 Compromised hardware is, almost literally, a time bomb, because the
corruption occurs well before the attack,  Wesley K. Clark, a retired Army
general, wrote in an article in Foreign Affairs magazine that warns of the
risks the nation faces from insecure computer hardware.

 Maliciously tampered integrated circuits cannot be patched,  General Clark
wrote.  They are the ultimate sleeper cell. 

Indeed, in cyberwarfare, the most ancient strategy is also the most modern.

Internet software programs known as Trojan horses have become a tool of
choice for computer criminals who sneak malicious software into computers by
putting it in seemingly innocuous programs. They then pilfer information and
transform Internet-connected PCs into slave machines. With hardware, the
strategy is an even more subtle form of sabotage, building a chip with a
hidden flaw or a means for adversaries to make it crash when wanted.

Pentagon executives defend the manufacturing strategy, which is largely based
on a 10-year contract with a secure I.B.M. chipmaking plant in Burlington,
Vt., reported to be valued as high as $600 million, and a certification
process that has been extended to 28 American chipmakers and related
technology firms.

 The department has a comprehensive risk-management strategy that addresses a
variety of risks in different ways,  said Mitchell Komaroff, the director of
a Pentagon program intended to develop a strategy to minimize national
security risks in the face of the computer industry s globalization.

Mr. Komaroff pointed to advanced chip technologies that made it possible to
buy standard hardware components that could be securely programmed after they
were acquired.

But as military planners have come to view cyberspace as an impending
battlefield, American intelligence agency experts said, all sides are arming
themselves with the ability to create hardware Trojan horses and to hide them
deep inside the circuitry of computer hardware and electronic devices to
facilitate military attacks.

In the future, and possibly already hidden in existing weapons, clandestine
additions to electronic circuitry could open secret back doors that would let
the makers in when the users were depending on the technology to function.
Hidden kill switches could be included to make it possible to disable
computer-controlled military equipment from a distance. Such switches could
be used by an adversary or as a safeguard if the technology fell into enemy
hands.

A Trojan horse kill switch may already have been used. A 2007 Israeli Air
Force attack on a suspected partly constructed Syrian nuclear reactor led to
speculation about why the Syrian air defense system did not respond to the
Israeli aircraft. Accounts of the event initially indicated that
sophisticated jamming technology was used to blind the radars. Last December,
however, a report in an American technical publication, IEEE Spectrum, cited
a European industry source in raising the possibility that the Israelis might
have used a built-in kill switch to shut down the radars.

Separately, an American semiconductor industry executive said in an interview
that he had direct knowledge of the operation and that the technology for
disabling the radars was supplied by Americans to the Israeli electronic
intelligence agency, Unit 8200.

The disabling technology was given informally but with the knowledge of the
American government, said the executive, who spoke on the condition of
anonymity. His claim could not be independently verified, and American
military, intelligence and contractors with classified clearance declined to
discuss the attack.

The United States has used a variety of Trojan horses, according to various
sources.

In 2004, Thomas C. Reed, an Air Force secretary in the Reagan administration,
wrote that the United States had successfully inserted a software Trojan
horse into computing equipment that the Soviet Union had bought from Canadian
suppliers. Used to control a Trans-Siberian gas pipeline, the doctored
software failed, leading to a spectacular explosion in 1982.

Crypto AG, a Swiss maker of cryptographic equipment, was the subject of
intense international speculation during the 1980s when, after the Reagan
administration took diplomatic actions in Iran and Libya, it was widely
reported in the European press that the National Security Agency had access
to a hardware back door in the company s encryption machines that made it
possible to read electronic messages transmitted by many governments.

According to a former federal prosecutor, who declined to be identified
because of his involvement in the operation, during the early  80s the
Justice Department, with the assistance of an American intelligence agency,
also modified the hardware of a Digital Equipment Corporation computer to
ensure that the machine   being shipped through Canada to Russia   would work
erratically and could be disabled remotely.

The American government began making a concerted effort to protect against
hardware tampering in 2003, when Deputy Defense Secretary Paul D. Wolfowitz
circulated a memorandum calling on the military to ensure the economic
viability of domestic chipmakers.

In 2005, the Defense Science Advisory Board issued a report warning of the
risks of foreign-made computer chips and calling on the Defense Department to
create a policy intended to stem the erosion of American semiconductor
manufacturing capacity.

Former Pentagon officials said the United States had not yet adequately
addressed the problem.

 The more we looked at this problem the more concerned we were,  said Linton
Wells II, formerly the principal deputy assistant defense secretary for
networks and information integration.  Frankly, we have no systematic process
for addressing these problems. 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list