White House: Imported computer components contain embedded Malware

by Steven Mostyn - Jul 12 2011, 09:14

Evidently looking to sidestep safety protection added to computer platforms post-purchase, it would appear cyber criminals are embedding malicious software into computer hardware and other electronic gadgets prior to hitting U.S. retail stores.

That’s according to The White House’s recent Cyber Policy Review, which has discovered samples of imported “supply chain” hardware and software that are being deliberately infected with spyware and malware before being imported.

“The challenge with supply chain attacks is that a sophisticated adversary might narrowly focus on particular systems and make manipulation virtually impossible to discover,” warns the report.

“Foreign manufacturing does present easier opportunities for nation-state adversaries to subvert products; however, the same goals could be achieved through the recruitment of key insiders or other espionage activities,” it adds.

Although the official review fails to name and shame markets outside of the U.S. that are guilty of supplying infected computer components, media reaction has placed China firmly in the crosshairs as the most likely culprit.

Greg Schaffer, deputy undersecretary of the Dept. of Homeland Security (DHS) National Protection and Programs Directorate, has said a special investigative task force has been drafted by the DHS and Dept. of Defense (DoD) to delve into the matter.

Around the Web