Counterfeit chips may hobble advanced weapons

of risks in different ways,” said Mitchell Komaroff, the director of a Pentagon program intended to develop a strategy to minimize national security risks in the face of the computer industry’s globalization.

Komaroff pointed to advanced chip technologies that made it possible to buy standard hardware components that could be securely programmed after they were acquired.

Markoff writes that as military planners have come to view cyberspace as an impending battlefield, American intelligence agency experts say that all sides are arming themselves with the ability to create hardware Trojan horses and to hide them deep inside the circuitry of computer hardware and electronic devices to facilitate military attacks.

In the future, and possibly already hidden in existing weapons, clandestine additions to electronic circuitry could open secret back doors that would let the makers in when the users were depending on the technology to function. Hidden kill switches could be included to make it possible to disable computer-controlled military equipment from a distance. Such switches could be used by an adversary or as a safeguard if the technology fell into enemy hands.

The September 2007 attack on Syria’s reactor
This brings us back to the September 2007 Israeli attack on the Syrian nuclear reactor, as Markoff notes that a Trojan horse kill switch may already have been used. “A 2007 Israeli Air Force attack on a suspected partly constructed Syrian nuclear reactor led to speculation about why the Syrian air defense system did not respond to the Israeli aircraft,” he writes. Accounts of the event initially indicated that sophisticated jamming technology was used to blind the radars. Last year, however, a report in an American technical publication IEEE Spectrum cited a European industry source in raising the possibility that the Israelis might have used a built-in kill switch to shut down the radars.

Separately, an American semiconductor industry executive told Markoff in an interview that he had direct knowledge of the operation and that the technology for disabling the radars was supplied by Americans to the Israeli electronic intelligence agency, Unit 8200.

The disabling technology was given informally but with the knowledge of the American government, said the executive, who spoke on the condition of anonymity. His claim could not be independently verified, and American military, intelligence, and contractors with classified clearance declined to discuss the attack.

Trojan horses
The United States has used a variety of Trojan horses, according to various sources. In 2004, Thomas Reed, an Air Force secretary in the Reagan administration, wrote that the United States had successfully inserted a software Trojan horse into computing equipment that the Soviet Union had bought from Canadian suppliers. Used to control a Trans-Siberian gas pipeline, the doctored software failed, leading to a spectacular explosion in 1982.

Crypto AG, a Swiss maker of cryptographic equipment, was the subject of intense international speculation during the 1980s when, after the Reagan administration took diplomatic actions in Iran and Libya, it was widely reported in the European press that the National Security Agency (NSA) had access to a hardware back door in the company’s encryption machines that made it possible to read electronic messages transmitted by many governments.

According to a former federal prosecutor, who declined to be identified because of his involvement in the operation, during the early 1980s the Justice Department, with the assistance of an American intelligence agency, also modified the hardware of a Digital Equipment Corporation computer to ensure that the machine — being shipped through Canada to Russia — would work erratically and could be disabled remotely.

Markoff writes that The American government began making a concerted effort to protect against hardware tampering in 2003, when Deputy Defense Secretary Paul Wolfowitz circulated a memorandum calling on the military to ensure the economic viability of domestic chipmakers.

In 2005 the Defense Science Advisory Board issued a report warning of the risks of foreign-made computer chips and calling on the Defense Department to create a policy intended to stem the erosion of American semiconductor manufacturing capacity.

Former Pentagon officials said the United States had not yet adequately addressed the problem. “The more we looked at this problem the more concerned we were,” Linton Wells II, formerly the principal deputy assistant defense secretary for networks and information integration,” told Markoff. “Frankly, we have no systematic process for addressing these problems.”