08 Jul 2011

Computer security threatened by pre-installed components

A Department of Homeland Security official has acknowledged imported computer components are arriving in the United States already compromised by programs and parts designed to facilitate cyber attacks.

Fast Company was the first media outlet to report on the admissions made during a July 7 hearing of the House Oversight and Government Reform Committee by Greg Shaffer, acting Homeland Security Deputy Undersecretary for National Protection and Programs. Republican Representative Jason Chaffetz of Utah asked Shaffer if software and hardware built overseas is coming to U.S. markets already embedded with malicious components. Shaffer said some cases of this have been discovered.

Shaffer did not specify what machines or programs have, to DHS's knowledge, been affected. MSNBC singled out key-logging software, systems to link computers to botnets and software to thwart antivirus programs as possibilities.

According to Fast Company, Shaffer said a coordinated, government-wide effort would be needed to ensure American computer systems remain secure, given this threat of supply-chain exploitation.

Last month, Bloomberg reported DHS had conducted a test that found many government workers putting their computers at risk for infection. This week, DHS said the Bloomberg article was inaccurate and denied any report on the supposed test was forthcoming, according to Computerworld.