* Tainted electronics make their way to U.S.-Rep. Langevin
* Says it “a real challenge” to deal with this threat (Adds details on previous infections of electronics parts)
By Jim Finkle
PROVIDENCE, Rhode Island, July 11 (Reuters) - The United States needs to be more wary of computers and other electronics imports that could be laden with malicious software, according to a leading congressional expert on cyber security.
Hackers are injecting bad codes into components at overseas manufacturing plants, planting tools to help them launch cyber attacks on the United States, Representative Jim Langevin told Reuters after speaking at a cyber security event in Rhode Island.
He said the problem affects consumer electronics as well as corporate technology systems, which can hold secret corporate and government data.
“Corrupting hardware and software is embedded in the supply chain,” he said. “We have a real challenge on our hands to better secure the supply chain.”
So far only a handful of cases of tainted components reaching the United States have been reported.
Dell Inc DELL.O last year disclosed that it had sold computer servers infected with a virus designed to steal private data. It issued replacement motherboards.
The Department of Homeland Security’s U.S. Computer Emergency Readiness Team in March 2010 warned that software distributed by Energizer (ENR.N) to optimize battery charging had a back door that could allow hackers to take remote control of a PC.
In May of last year International Business Machines Corp (IBM.N) distributed tainted USB thumb drives to security professionals attending a conference sponsored by Australia’s Computer Emergency Readiness Team.
Corrupted supply chain components are a growing threat to the United States, particularly in military operations, said Doug White, a cyber security expert and professor at Roger Williams University.
“It’s not something that a lot of people have thought about in the past. They should have thought about it,” he said.
“What if you went on a battlefield and hit a button and everything stopped working? It’s pretty scary stuff,” White added.
Langevin and White spoke at a news conference in Providence on a new state program to combat cyber threats, the Rhode Island Cyber Disruption Team.
Langevin sits on the U.S. House of Representatives committees on Armed Services and Intelligence and is privy to information about cyber threats that the government has not publicly disclosed.
He is sponsor of the Executive Cyberspace Coordination Act of 2011, one of the most closely watched cyber security bills in Congress. The areas it addresses include providing U.S. government assistance to utilities and other companies that manage key U.S. infrastructure projects.
Embedded malware is just one of many challenges that the U.S. government and businesses face in fighting cyber attacks, said Alan White, director of security and risk consulting for Dell’s SecureWorks computer security division.
“The public and private sector is constantly attacked by hackers,” he said. (Reporting by Jim Finkle; Editing by Richard Chang and Tim Dobbyn)