SAN FRANCISCO--Computer equipment is arriving on stores shelves in the United States with viruses and other malicious software, but industry insiders said at the RSA conference on Tuesday that they don't know whether it's the result of intentional manipulation or just poor manufacturing processes overseas.
In 2007 and last year, digital photo frames sold around Christmas time were found to be infected with malware, and in previous years GPS devices, hard drives, laptops from Toshiba, iPods, and USB keys that accompany Hewlett-Packard servers were found to have similar problems, said Marcus Sachs, executive director of national security policy at Verizon Business.
The Defense Department temporarily banned the use of thumb drives last year after USB memory sticks still in their packaging were found pre-infected with malware and in recent weeks there have been reports of ATMd that were modified before shipping to include a backdoor, he said.
"Can we guarantee that what's being built off shore when it comes to our country is exactly what we think it is?" he asked. "Today, if the conflict is going to be in cyberspace, our weapons are being built by our potential enemies."
The U.S. government has poisoned products used by enemies, he said. In the 1980s, the CIA fed software to Russia that had a logic bomb in it to sabotage the trans-Siberian pipeline, Sachs said.
"That shows that our own government in the United States is willing to do this," he said. "We have done this. We have poisoned the supply chain for critical infrastructures in other countries."
He asked a panel of industry leaders and government officials whether they thought such problems were the work of nation states purposely targeting the United States or whether it's merely a problem with "dirty manufacturing processes", like those that have led to recalls of all sorts of products that were manufactured in China.
No one had an answer. In fact, panelists said they were more focused on preventing software piracy.
"It's a fairly new world for our company and frankly other companies to deal with. We've cared about supply chain from an intellectual property perspective," said Tiffany Jones, director of government relations for the Americas at Symantec.
"I personally believe that much of what we see are...violations of norm of intellectual property which is in the counterfeit space," said Mitchell Komaroff, director of the Defense Department's globalization task force.
Later, he acknowledged the threat, saying: "The development products are already tainted with viruses...all of these are things a sophisticated adversary can take advantage of."
This article was first published as a blog post on CNET News.
Play video
There are currently no comments for this post.