
Identifying Risky Counterfeit Intel Gigabit CT Network Adapters - 2bluesc
https://www.servethehome.com/identifying-risky-counterfeit-intel-gigabit-ct-network-adapters/
======
jaclaz
Maybe it is just me, but I fail to see any evidence that a counterfeit card is
necessarily a security risk.

It is IMHO more likely that it has inferior performance or even more probably
a shorter lifetime due to inferior quality of components and/or sub-standard
manufacturing.

About the:

>When our reader tried using iPXE, a network booting tool, with the NIC, it
failed even though genuine cards work without issue.

knowing how picky PXE and iPXE are, I would like to see some details of the
tests performed.

Since the actual reproduction of markings was so poor, and given that the
actual PCB traces run differently, it is likely a no-brand or "bulk" item
marked as Intel, as an example, have a look at this one:

[https://italian.alibaba.com/product-detail/pci-e-pci-
express...](https://italian.alibaba.com/product-detail/pci-e-pci-express-
gigabit-ethernet-network-card-adapters-slot-rj45-nic-10-100-1000m-diskless-
lan-card-62084565969.html)

It seems _a lot_ like it.

~~~
ryanmercer
>Maybe it is just me, but I fail to see any evidence that a counterfeit card
is necessarily a security risk.

Even if it isn't a security risk from a data theft/malicious code standpoint,
it could be substandard in quality and be exponentially more likely to fail.

A failure could just be an annoyance, taking Jim Bob's pornoputer off the home
network and causing him to be unable to connect to the YouPorns until his
nephew can come fix the boobie-box.

A failure however could take down a mission-critical computer in an emergency
response center where even minutes could mean the difference in life or death
for someone. Substandard components could also result in a fire, perhaps not
in a NIC, but larger capacitors in something larger could overvolt and catch
fire.

Worse, I've long had the thought that a hostile government could create ICs
that effectively brick themselves when they receive a certain command. With a
NIC, in theory, you could have the NIC radio home a small packet occasionally
to report the IP. With the list of IPs you could very casually probe which of
a handful of pre-determine ports are open, you could get tens of thousands, or
even millions, of these chips in the wild looking perfectly normal just
waiting for a command. Then say as a foreign government you want to launch an
attack on the United States, you filter all the IPs in your database by
location, which will remove the bulk of the machines in other countries from
the list, and you have a bunch of servers in a bunch of countries get segments
of the IP list and they start sending the kill signal at the same time (and if
you get really crafty you make the compromised hardware actually start a timer
before it bricks, so you can get the instruction out to as many as possible
before the bricking causes widespread disruption of the internet). If you've
waited long enough you'll have your trojan horse IC in businesses, homes,
government offices of varying levels. If you manage to get even 100,000 taken
offline, you've probably caused enough disruption to impact the NYSE as well
as cause a good deal of disruption and mayhem. You may have even taken mission
critical systems offline at power generation and transmission facilities.
You've caused some economic damage at a minimum and based on how things go
down you may have just made it much easier to launch a physical attack,
especially if you have already trickled special forces soldiers into the
country on tourists visas or via smuggling routes (United States special
forces actually train to go into countries ahead of common forces to cause
disruption and/or train local resistance) and can cause further disruption by
causing mass panic with shootings/bombings/attacking first responders.

There is more to it than "oh someone can spy on my data now".

~~~
magduf
>especially if you have already trickled special forces soldiers into the
country on tourists visas or via smuggling routes (United States special
forces actually train to go into countries ahead of common forces to cause
disruption and/or train local resistance) and can cause further disruption by
causing mass panic with shootings/bombings/attacking first responders.

Exactly how does this work? Wouldn't this require your troops to somehow blend
into the populace and not stick out like a sore thumb? If the US were planning
to invade Germany or Britain, this would work fine, but for some other parts
of the world (esp. east/SE Asia), US special forces are going to be instantly
recognizable as foreigners because they generally don't look anything like the
locals.

~~~
ryanmercer
> but for some other parts of the world (esp. east/SE Asia), US special forces
> are going to be instantly recognizable as foreigners because they generally
> don't look anything like the locals.

Not everyone in the United States is a blond haired, blue eyed white person.

Also, simply adopting the local dress is often enough in many countries where
immigration has been a thing for decades now. You also can adopt local hair
styles, this is why you'll see a lot of the special forces community with long
hair and beards in Afghanistan and similar countries.

If you dress the part, walk the part, speak the part (the DLIFLC alone teaches
24 languages) you can blend in to a city pretty easily. Will you stand out
like a sore thumb in a remote village, almost certainly, can you stroll
through a town of tens of thousands of people with very little attention paid
to you, usually.

With previous U.S. actions though it is usually go into a country mostly-
overtly and just train local fighters (or fly them to the United States for
training) but the Special Forces community has many instances of infiltration
in advance of regular military units, as well as ongoing humanitarian efforts
(which helps build awareness of local cultures and customs and dialects).
Green Beret medics for example have been used in multiple African countries to
provide medical aid, just doing general health checkups on villages and the
like, a buddy of mine that was an 18D (Army - special forces medical sergeant)
mentions it in his book Love Me When I'm Gone (by Robert Patrick Lewis) as
well as a lot of training with foreign military in their country, in his case
Germans.

\---

Say the Asian country of Makebeleivia wanted to get special forces in place
into a country that was largely caucasian prior to a proper attack to disrupt.
How do they do it? You send some people in as tourists on various commercial
flights, you can use multi-national companies you control or have some
coercion over to bring workers over on work visas (and might actually do work
for weeks or months), you get some in on student visas, you can pay coyotes to
sneak some in, you can sneak some in yourself if there is a coast by deploying
them via submarine and having them slip into tourist towns as tourists or with
fake identification. Then you use any number of means to arm them with
conventional firearms and if you want to cause mayhem you have your
demolitions experts cook up crude explosives. The purpose here would be to
create panic and tie up first responders, this also puts the national
government agencies on edge thinking there is some sort of terrorist attack
and is more likely to distract than make them think "oh hey a military
invasion might be underway". You can either go after relatively 'usless'
targets like crowded public places or you can go after more strategic targets
like damns, ill-protected power plants, substations, key bridges in and out of
large cities or bridges that create strategic issues for moving heavy
equipment, etc.

\---

A somewhat good example of foreign agents operating on foreign soil, although
in a different capacity, is Mossad. They've done a lot of kidnappings on
foreign soil to bring war criminals back to stand trial, assassinations
abroad, kidnapping defectors to stand trial, etc

Find some examples here
[https://en.wikipedia.org/wiki/Operations_conducted_by_the_Mo...](https://en.wikipedia.org/wiki/Operations_conducted_by_the_Mossad)

One of the more high profile things Mossad has done is going after Black
September, for the Munich bombings. The 2005 film Munich is about this.

Also, Sayeret Matkal, which is basically Israeli's Delta Force - they've
sabotaged airliners, done kidnappings and raids, assassinations, done physical
evidence gathering in Syria.

------
Doxin
For anyone trying to spot counterfeit products in general, a good place to
look is at the FCC logo. On the counterfeit card in the article the FCC logo
is wrong. The real logo ends with two concentric circles with a pie-slice out
of them forming the "cc" while the counterfeit logo clearly has a different
shape.

~~~
neilv
A different article, linked by the HN post one, shows much better quality
screen-printing logos on a counterfeit card than on the counterfeit in the
immediate article:
[https://forums.servethehome.com/index.php?threads/comparison...](https://forums.servethehome.com/index.php?threads/comparison-
intel-i350-t4-genuine-vs-fake.6917/)

Though I can't see an FCC logo in the different article's photos. (I also
can't see an FCC logo on the different model of supposedly-Intel quad-gigabit
PCIe card of mine I just looked at.)

~~~
Doxin
It's a general quick way to check, it'll not always work. A bodged FCC logo
means it's almost certainly a counterfeit. A proper or missing FCC logo means
near nothing. I just noticed the bodged FCC logo in the original article,
that's all.

 _sometimes_ you can spot similar shenanigans based on the CE logo but that's
more rare.

~~~
neilv
Thanks. Sometimes, with counterfeits of various kinds of electronics products,
I've wondered whether there was ever an intentional telltale indicator. So
that country or other entity never accidentally got a counterfeit into a
supply chain where they really didn't want it to be. (For example, not into
the parts supply chain of a high-profile device manufactured there. Nor to
ruin domestic markets for prestige luxury brand products, or other products
for domestic consumption for which quality/integrity is considered very
important.)

------
LUmBULtERA
Will official Intel drivers work on a counterfeit card? It seems like Intel
would bake some authentication into the drivers and authentic hardware such
that the drivers would not work if the card is counterfeit.

~~~
rasz
>authentication

Where? Intel sells network chips to OEMs, one of the more shady ones decided
to directly clone Intel PCB.

~~~
LUmBULtERA
In this case, are you saying the answer is "Yes, official Intel drivers will
work on a counterfeit card," and it is not possible for Intel to include
anything in the driver or hardware that can perform authentication? I was
asking because I don't know.

~~~
blackflame7000
They could but its simply too expensive to add something like a secure enclave
to a device this cheap. Maybe on your high-end 10-100 GBe adapters that sell
for 100s of dollars, it makes sense. I just don't think they are aware of the
problem to the degree that they would make such big changes.

------
earthstabber
Coincidentally, I just put a used intel gb ct up for sale, along with an
unrelated note to the fcc. I’ll double check the nic now to confirm
authenticity. My voice is my passport. Verify me.

