
CIA Agent Warns Against Chinese Trojan Horse Microchip - rockstar9
http://www.dailyartisan.com/news/and-now-the-manchurian-microchip/
======
grouchyOldGuy
This article was heavy on FUD and speculation, and light on facts (expected
that). The trojan (if it exists) would either have to work with the O/S, in
which case it would either work in *nix or Windows, but not both; or it would
talk directly to the hardware bypassing the O/S, so encrypting your data
stored on your hard drive should protect it. Keyloggers are a different story
though and I see where a keylogger could send data by talking directly to the
hardware and bypassing the O/S. I wonder if you might get more protection from
that by not using your motherboard's Ethernet interface at all and install a
separate network card instead? Then the trojan would need to have its own
TCP/IP stack and drivers for the NIC, and that's less likely (I hope).

------
josefresco
The subject matter of the article is sound, however the execution leaves me
skeptical that this isn't just hobbled together FUD for the sake of
traffic/audience. The last two paragraphs sealed the deal for me.

I just hope our geeks are working just as hard as their geeks.

~~~
electromagnetic
There's a simple solution to things like this. If you have data you'd consider
top-secret, why the fuck is it on an internet-available PC. I mean if I need
it stored on a PC, I'd store it on a non-networked PC and it's safe from all
virus, Trojans and whatever else.

------
cpr
I see a lot of skepticism in the original article's comments about whether
this is possible or not.

Yes, it'd be hard to hide a whole TCP/IP stack in hardware (though perhaps it
could be in ROM if we're talking about CPUs), but how hard would it be to hide
a simple UDP-based key logger?

Look at the hundreds of thousands of pwned machines that are part of spam
botnets. Clearly, machines can be co-opted.

And we have plenty of evidence that China is involved in a (asymmetric) full-
out cyberwar with us.

