DHS: Imported Tech Devices May Contain Spy Tools

A Department of Homeland Security (DHS) source has confirmed that technology made overseas and imported to the US has been known to contain spy tools. There's also a threat from counterfeit hardware.

The confirmation came during a hearing by a House of Representatives committee into cyber security. It was discussing ways in which private companies can be encouraged to work alongside the government in tackling security threats.

Damage, Spying Both A Threat

Greg Schaffer, who works in the National Protections and Programs section of the DHS, did not go into great detail about the spying tools, but did confirm he was aware of instances where foreign-made technology was shipped with malicious software already installed.

In some cases, this wasn't simply software that would cause damage to machines, but could also be used for espionage. Notably, Schaffer didn't discuss how widespread such incidents are. (Source: fastcompany.com)

Hardware and Software Able to Spy

While Schaffer was short on detail, the hearing also discussed the possibility that such tools are being included in hardware rather than just software.

The discussion marks a change in the conversation: previously, officials have expressed concern over government agencies being sold counterfeit hardware by foreign suppliers, most notably a batch of bogus network routers billed as being from Cisco. Routers are responsible for allowing, denying, and routes all traffic in and out of a network. A maliciously programmed router could allow a hacker direct access to a computer, for example.

That said, the concern now is that the counterfeiting of hardware (such as bogus routers) might allow the installation of security threats in a way that wouldn't be possible with equipment from the genuine manufacturer. (Source: abcnews.go.com)

Targeting Tactics a Point of Contention

There's now debate about the best way to tackle the issue.

Schaffer suggests it would take a government-wide effort to monitor the entire hardware and software supply chain in the US to try to identify potential risks. However, the White House has previously argued it would be more productive to try to track down particular threats, as foreign powers will most likely attempt highly targeted attacks.

It also argued that the government shouldn't be distracted from tackling more traditional espionage techniques.

The hearing is likely to re-awaken arguments about the use of foreign technology by government sources, particularly the debate about whether the cost savings of buying overseas outweigh the loss of direct control over the manufacturing process.