Recently the US Department of Homeland Security has notified that some hardware was shipped from foreign parts containing malware and spyware pre-installed.
Although the industry might think that the problem could have the advantage of cutting out the intermediary, the representative of the Department of Homeland Security admitted that the issue is getting worse.
Greg Schaffer, the acting deputy undersecretary for national protection and programs, had a talk to the House Oversight and Government Reform Committee, which is currently thinking about an Obama-backed proposal to enforce stricter monitoring on computer equipment shipped to the US for critical government and communications infrastructure.
Meanwhile, the US Department of Homeland Security didn't specify if they were talking about end-user consumer hardware, such as retail laptops, DVDs and media players, or really serious business computers that government departments leant on. It is actually the first time that the country has officially confirmed that consumer technology is arriving in the US from abroad already loaded with malware like botnet components, key-logging software, and even software specifically designed for defeating security programs installed on the same PC.
Greg Schaffer received a question from Jason Chaffetz, who was worrying that using both software and hardware manufactured overseas would run the risk that the parts could be embedded in them already. In response, Schaffer tried to get a bit woolly, saying that the issue was important to the President. However, Jason Chaffetz cut him off and restated the question, now asking him if he was aware of any software or hardware being shipped to the country that already had security risks embedded into those parts. That time Schaffer took a pause before admitting he was aware that there have been cases of such shipments.
However, he didn’t specify that there have been cases with software being infected by malware at the plant before being shipped. The matter is that this had little to do with an effort to spy on the machines – it was more likely just the disk image infected by mistake. In case hardware is being tinkered with, this is completely another matter. Meanwhile, thus far there have been no official cases of this happening.