dslreports logo
 
    All Forums Hot Topics Gallery
spc
view:
topics flat nest 
Comments on news posted 2012-10-09 09:43:53: The U.S. ..

prev · 1 · 2 · 3 · next

AnonFTW
@rr.com

AnonFTW to buckweet1980

Anon

to buckweet1980

Re: China owns us

said by buckweet1980:

We come out against some of their companies, yet where is the outrage about how China owns the US.. We are so in debt to them right now.

China only owns $1 trillion of our total debt. The biggest holder of US debt is, ta-da, the Federal Reserve. China's position is actually trending down. Overall, China only holds about 6% of our total debt. You probably pay a larger percentage to your cell phone provider every month.

»finance.yahoo.com/news/b ··· ebt.html
openbox9
Premium Member
join:2004-01-26
71144

openbox9 to Chubbysumo

Premium Member

to Chubbysumo

Re: Frightening

said by Chubbysumo:

Again, its 99% hype and maybe 1% truth.

I'm guessing it's more than 1% truth.
said by Chubbysumo:

I would more worry about questionable smaller makers rather than larger ones

I'm sure the IC is worried about all of them.
said by Chubbysumo:

but, since most of the stuff we use here is made overseas, this report is nothing but fearmongering.

Or the beginning of a wake up call.

El Quintron
Cancel Culture Ambassador
Premium Member
join:2008-04-28
Tronna

El Quintron to FFH5

Premium Member

to FFH5
said by FFH5:

The real risk to be worried about isn't phoning home. It is that, in a time of war, a signal could be sent that would cause the Chinese built hardware to self destruct, thereby turning off a huge part of US communications infrastructure.

This assumes that you're asking the same group of people to build both the hardware and software, and that they'll be doing all the subsequent support afterwards to cultivate the vulnarability through multiple firmware revisions.

I'm not saying I trust a foreign corporation, with ties to a foreign government to be 100% clean, but it would seem that basic precautions here would eliminate most if not all threats.

KodiacZiller
Premium Member
join:2008-09-04
73368

1 recommendation

KodiacZiller to battleop

Premium Member

to battleop
said by battleop:

"there are a few targets of interest,"

That's exactly it. If you have ever read about or watched some of the things the US did to the Russians during the cold war you would understand why they are cautious.

The Chinese government doesn't care about the average citizen but there is quite a reward in being able to sniff traffic that may contain data going to and from Obama's special Blackberry.

Not likely. For one, Obama's blackberry is encrypted with Top Secret Type I ciphers. Second, most of our really sensitive systems are not going to be run on such commodity hardware (or even on the public Internet at all). NSA has its own chip manufacturing plant for this reason. I am not worried about really sensitive systems inside the government -- they are going to either manufacture it themselves or strictly oversee contractors who do.

This is more about the Chinese ripping off the Apple's and Microsoft's and Boeing's of the world. Corporate espionage is what they are concerned about. They also worry, of course, about public networks (AT&T, Verizon, etc.) But really, the horse is already out of the barn -- the Chinese have been ripping off American corporate secrets for decades and they haven't needed subverted hardware to do it. They even stole the Stealth fighter from us, FFS.

What's worse is there are ZERO American companies that can make LTE gear. 60 minutes ran a story about this the other day. In their report, they interviewed one guy from Kansas who wanted to expand his town's 4G LTE network. He looked at all American companies (including Cisco). He found out that NONE of them made the 4G gear so he was forced to go to Huawei. A while later he got a visit from guys in dark suits (he wouldn't identity the agency they were with). He said "they were concerned about Huawei." He was pretty ticked off about the whole matter and wouldn't talk in any detail about it.

According to the 60 minutes episode, there are only 3 companies worldwide who make all the gear needed for a 4G network -- Ericsson, Alcatel-Lucent, and Huawei. Swedish, French, Chinese.

That's really the problem. American manufacturing, while once the best in the world (especially at networking, routers, telco gear, etc.) is now at the bottom of the barrel. America invented packet switching and the Internet and now we can't even manufacture any of it. Sad. And these small towns looking to upgrade 4G are going to use Huawei over Ericsson or Alcatel because they are undoubtedly cheaper.

But the irony in all of this, as has been noted, is how the government is worried so much about backdoors. They know that they themselves are the best in the world at backdooring systems (NSA is notorious for it). So I guess it's kind of like a bank robber giving a course on bank security.

I don't doubt Huawei is spying, but it's just ironic coming from the House Intelligence Committee (who oversees NSA's spying program).
modifiy
join:2001-04-13
Minneapolis, MN

1 recommendation

modifiy

Member

Anyone see 60 mins on this?

I watched that one Sunday and thought they were missing a few main points. The only company in the US that makes this gear is Cisco, which doesn't have all the tech it needs to do a full implementation like Huawei apparently. The other problem is all their equipment is manufactured in China (like everyone else).

I still find it odd with the Gov stepping in and saying "don't use them because they could spy on us" while they are doing that same thing right now. Maybe Huawei's equipment doesn't have backdoors like the other vendors do for the US to spy on it citizens. Wouldn't that be funny?

jseymour
join:2009-12-11
Waterford, MI

1 recommendation

jseymour to Chubbysumo

Member

to Chubbysumo

Re: Frightening

said by Chubbysumo:

Health care plans are an investment in your employees, knowing that 99% will likely never use it, and those that will, will use it to keep themselves healthy, ...

Hahahahahahaha! In the country that invented the obesity epidemic, you claim the people will use their health care plans to "keep themselves healthy?" Hahahahaha!

Most people don't need either an expensive health care plan or expensive (western) medical "care" to "keep themselves healthy." They just need a balanced, nutritious diet and to get a bit of regular exercise. No health care plan in the world, "free" or not, can compensate for failing to do those things.

Jim
Wilsdom
join:2009-08-06

Wilsdom to El Quintron

Member

to El Quintron

Re: Security logistics

How would they know if their equipment lies to them? They probably could look closer, but that costs money and probably violates their contracts with the NSA.

KodiacZiller
Premium Member
join:2008-09-04
73368

1 recommendation

KodiacZiller to El Quintron

Premium Member

to El Quintron

Re: Frightening

said by El Quintron:

said by FFH5:

The real risk to be worried about isn't phoning home. It is that, in a time of war, a signal could be sent that would cause the Chinese built hardware to self destruct, thereby turning off a huge part of US communications infrastructure.

This assumes that you're asking the same group of people to build both the hardware and software,

Uh, if you have subverted the hardware, then the software is inconsequential. Own the metal, you own the software too. If Intel put a backdoor into their chips, it wouldn't matter if you ran Windows, OSX, Linux, Unix, AIX, IRIX, whatever. It would still have ultimate control and could do all sorts of hard (or impossible) to detect things.

El Quintron
Cancel Culture Ambassador
Premium Member
join:2008-04-28
Tronna

El Quintron to Wilsdom

Premium Member

to Wilsdom

Re: Security logistics

said by Wilsdom:

How would they know if their equipment lies to them? They probably could look closer, but that costs money and probably violates their contracts with the NSA.

That's not impossible but it would have to mean that their own infrasture at the backend (presumably not my by ZTE or Huwei) would have to be compromised as well... which again they would know about.

dnoyeB
Ferrous Phallus
join:2000-10-09
Southfield, MI

dnoyeB

Member

Irony?

Does anyone else see the irony in the US government trying to influence US companies not to use products from these Chinese companies under the premise that said companies would be influenced by the Chinese government?

KodiacZiller
Premium Member
join:2008-09-04
73368

KodiacZiller to cableties

Premium Member

to cableties

Re: China owns us

said by cableties:

Do you think ANY government would allow its citizens full privacy with communications? See Iridium.

No I don't. I know that no government wants its citizenry having access to highly secure communications. That's a given. We know NSA has taps at at least a dozen telco fiber optic switching stations. They are building a data center in Utah to store every bit of data that traverses the Internet. This is why I think the House Intelligence Committee is being a bit hypocritical here.

As a private (non-corporate) citizen, I would much rather have the Chinese spy on me than my own government.

El Quintron
Cancel Culture Ambassador
Premium Member
join:2008-04-28
Tronna

El Quintron to KodiacZiller

Premium Member

to KodiacZiller

Re: Frightening

said by KodiacZiller:

It would still have ultimate control and could do all sorts of hard (or impossible) to detect things.

Again I'm not a security expert, but, if I'm running a network and there's a bunch of encrypted layer 2 communications that I'm not familiar with happening on my network I'd be asking questions pretty quickly.

I'd also be communicating with the vendor to plug up those holes ASAP, if the vendor didn't cooperate then I'd be litigating the hell out of them.

Lastly wouldn't firmware updates (which is what I should've said when I was referring to software) resolve this irrespective of the original intent of the hardware?

KodiacZiller
Premium Member
join:2008-09-04
73368

KodiacZiller to openbox9

Premium Member

to openbox9

Re: FUD

said by openbox9:

Maybe a little less concern, but I imagine the reviews will still happen...especially for critical infrastructure hardware/software.

I am skeptical how much such analysis can achieve, especially when done by hobbyists. They simply don't have the equipment. Transistors are extremely small now (~ 25 nm). You can hide a lot of malicious stuff at such a microscopic level. NSA might be capable of properly dissecting it, but not many other people have the expertise or the equipment necessary.

Also most of the firmware/microcode on these chips is not open source. That's another problem. It makes it that much harder to reverse engineer.
KodiacZiller

KodiacZiller to El Quintron

Premium Member

to El Quintron

Re: Security logistics

said by El Quintron:

I'm no security expert, but it seems to me that there's a bit of hype here.

Even with the rudimentary network knowlege that I do possess, I have to ask the following: Would a network operator (eg: Bell, VZW, AT&T) not know that information was being reported back to China? Network operators are usually pretty good at identifying traffic patterns in order manage their networks so why would this be any different?

If the hardware itself is subverted at the bare metal, then no. As Wilsdom said, the hardware can merely lie to you. If you own the hardware, you own everything, including third party software running on top.
KodiacZiller

KodiacZiller to modifiy

Premium Member

to modifiy

Re: Anyone see 60 mins on this?

said by modifiy:

I still find it odd with the Gov stepping in and saying "don't use them because they could spy on us" while they are doing that same thing right now. Maybe Huawei's equipment doesn't have backdoors like the other vendors do for the US to spy on it citizens. Wouldn't that be funny?

----- Begin Tin-foil Hat Transmission -----

What if the government was so against Huawei because they know that they are *not* putting NSA approved backdoors in their systems (like everyone else does)? What if this is all about their concern over their own spying operations going dark wherever Huawei systems are deployed?

----- End Tin-foil Hat Transmission -----
openbox9
Premium Member
join:2004-01-26
71144

openbox9 to KodiacZiller

Premium Member

to KodiacZiller

Re: FUD

said by KodiacZiller:

especially when done by hobbyists.

Luckily for us the analysis isn't being done by hobbyists.
said by KodiacZiller:

Also most of the firmware/microcode on these chips is not open source. That's another problem. It makes it that much harder to reverse engineer.

It just takes longer.
Sammer
join:2005-12-22
Canonsburg, PA

1 edit

Sammer to rradina

Member

to rradina

Re: Afraid of competition?

said by rradina:

I'm not taking sides because the US does a lot of corporate welfare in the form of deductions that are designed to encourage certain behavior.

The so called "green energy" industry (including Obama campaign contributors) now receives tens of $Billions in subsidies while the traditional fossil fuel industry now receives less than $5 Billion and regardless of where the money goes much of it is borrowed money. Some corporations such as GE don't seem to pay any federal income tax and don't think there aren't government contracts awarded as political payoffs (by incumbents of both parties) rather than strictly on merit. Then there is the whole matter of the regulated effectively writing the regulations (often to the detriment of the American public) and that's a huge one for the U.S. telecommunications industry.

Whether or not Huawei became a telecommunications giant legitimately or through infringing intellectual property and help from the Chinese government is a fair trade and antitrust concern. Too bad our (no longer for the people) government has very little high moral ground left to stand on.

El Quintron
Cancel Culture Ambassador
Premium Member
join:2008-04-28
Tronna

El Quintron to KodiacZiller

Premium Member

to KodiacZiller

Re: Security logistics

said by KodiacZiller:

If the hardware itself is subverted at the bare metal, then no. As Wilsdom said, the hardware can merely lie to you. If you own the hardware, you own everything, including third party software running on top.

Again I'm no networking expert, but assuming you have some ZTE/Huwei radios, with a Cisco or Mikrotik backend, then even if the radio isn't reporting that it's phoning home, then the backend would still detect unknown traffic originating from the device no?

Chinaaaa
@rr.com

Chinaaaa

Anon

USA

Do it our way or no money for you!
MaynardKrebs
We did it. We heaved Steve. Yipee.
Premium Member
join:2009-06-17

MaynardKrebs to openbox9

Premium Member

to openbox9

Re: Frightening

So maybe the government says to Cisco, Juniper, HP, etc.... that they WILL manufacture at home in giant shared factories - in order to on-shore manufacturing and reap some economies of scale.

But then those companies will say...."The US market is tiny compared to the rest of the world market, and we can still manufacture cheaper in China so that's where we're going to make our stuff for ALL markets."

fifty nine
join:2002-09-25
Sussex, NJ

fifty nine to Angrychair

Member

to Angrychair
said by Angrychair:

The humorous part is that the American government does exactly what they're accusing the Chinese government of doing - intercepting everything and allowing nothing to be private communication. I'm sure it's not a good idea for American interests to use Chinese gear that would spy on them, but for a small potato such as myself I'm not sure I see where it would matter for me.

I'm against both our own Gov't and foreign ones like China, Russia and Israel (yes they spy on us) spying on us. But at least our Government is elected by us... the Chinese, not so much.
fifty nine

1 recommendation

fifty nine to 88615298

Member

to 88615298
said by 88615298:

said by fifty nine:

There's really no escape. Since we don't build anything here anymore

If we did people would bitch about high prices. People want these factory jobs back in America at the old $25-$30 an hour wages with full pension and fully paid health care for life, but still want these goods at "made in China" prices. Not realistic.

No one will work for $8-$10 an hour for maybe a 6% match in a 401k( meaning the worker actually has to contribute to his own retirement god forbid ) and a health care plan that requires the worker to pay some of that cost and ends when he retires.

And even in that scenario costs of goods would go up.

Bullshit. If CxOs can making millions and billions we can damn well pay workers a decent wage.

Honda, Toyota, Hyundai and others make cars here. The workers are paid reasonably well and the cars are of good quality. Why can't we do that with electronics?
openbox9
Premium Member
join:2004-01-26
71144

openbox9 to MaynardKrebs

Premium Member

to MaynardKrebs
Trusted foundries exist and they don't necessarily need to be in the US. The access to them needs to be broadened to allow access by our critical infrastructure partners (i.e., some of the manufacturers that you mentioned). Yes, it costs money.

AnonFTW
@rr.com

AnonFTW to openbox9

Anon

to openbox9

Re: FUD

said by openbox9:

Perhaps you missed what Carlos Slim is doing down in Mexico with profitability? This is about US companies purchasing foreign manufactured equipment, not foreign companies entering the US to compete with domestic service providers.

I'm referring to the overall market as a whole, including service providers and equipment suppliers. Verizon and AT&T both have much higher revenue with far less subscribers than American Movil.

Regardless, who do you think it is that supplies those companies with gear? Qualcomm, Ericcson, Nortel, Alcatel-Lucent, etc. The government is trying to protect the $100B+ annual revenue of those companies. They don't want ZTE and Huewai entering the market and undercutting the domestic suppliers, which is exactly what would happen.
BosstonesOwn
join:2002-12-15
Wakefield, MA

BosstonesOwn to El Quintron

Member

to El Quintron

Re: Frightening

Nope, look at intel microcode updates as a prime example, they had to patch microcode to make up for some die errors at some points in production.

There is always the possability of an asic embedded in there to self destruct circuits and such and all it takes is a magic packet to wake it up.

El Quintron
Cancel Culture Ambassador
Premium Member
join:2008-04-28
Tronna

El Quintron

Premium Member

said by BosstonesOwn:

Nope, look at intel microcode updates as a prime example, they had to patch microcode to make up for some die errors at some points in production.

There is always the possability of an asic embedded in there to self destruct circuits and such and all it takes is a magic packet to wake it up.

Self-destruct is bad, but less so than continual harvesting of information. I'm glad someone confirmed that this would be possible.

It lends credence to a "known vendors" argument.
BosstonesOwn
join:2002-12-15
Wakefield, MA

BosstonesOwn to El Quintron

Member

to El Quintron

Re: Security logistics

You can hide the traffic by masking it as udp traffic bound for a spoofed address, you can also hide it as traffic encrypted and bound for say a management station that has a "updater" there are all sorts of ways to hide traffic, I have been doing security work for over 13 years now , and it never amazes me how these guys figure out ways to hide traffic, some of them I only found by being nosy and wanting to know why a link light was blinking fairly rapidly while the interface said it was only moving a small bit of data.

Oh_No
Trogglus normalus
join:2011-05-21
Chicago, IL

1 recommendation

Oh_No to fifty nine

Member

to fifty nine

Re: Frightening

said by fifty nine:

said by Angrychair:

The humorous part is that the American government does exactly what they're accusing the Chinese government of doing - intercepting everything and allowing nothing to be private communication. I'm sure it's not a good idea for American interests to use Chinese gear that would spy on them, but for a small potato such as myself I'm not sure I see where it would matter for me.

I'm against both our own Gov't and foreign ones like China, Russia and Israel (yes they spy on us) spying on us. But at least our Government is elected by us... the Chinese, not so much.

The president is not elected by us. If it was Bush would not have been president in 2001.
The electoral college elects the president.

El Quintron
Cancel Culture Ambassador
Premium Member
join:2008-04-28
Tronna

El Quintron to BosstonesOwn

Premium Member

to BosstonesOwn

Re: Security logistics

said by BosstonesOwn:

You can hide the traffic by masking it as udp traffic bound for a spoofed address, you can also hide it as traffic encrypted and bound for say a management station that has a "updater" there are all sorts of ways to hide traffic,

Fair enough, how does the UDP traffic get around the router seeing as it originates behind the network firewall (eg: carrer class routers) ?
rdmiller
join:2005-09-23
Richmond, VA

rdmiller

Member

Consider the source

The House Intelligence Committee is made up of some of the greatest minds in the Universe.
prev · 1 · 2 · 3 · next