At a remarkable conference held at the Aspen Institute in 2011, Gen. Michael Hayden, a former head of both the National Security Agency and the Central Intelligence Agency, said something very interesting. In a discussion of how to secure the "critical infrastructure" of the United States, he described the phenomenon of compromised computer hardware — namely, chips that have hidden "back doors" inserted into them at the design or manufacturing stage — as "the problem from hell." And, he went on, "frankly, it's not a problem that can be solved."
Hayden is an engaging, voluble, likable fellow; he's popular with the hacking crowd because he doesn't talk like a government suit. But sometimes one wonders if his agreeable persona is actually a front for something a bit more disingenuous. Earlier in the Aspen discussion, for example, he talked about the Stuxnet worm — which was used to destroy centrifuges in the Iranian nuclear program — as something that was obviously created by a nation state. But he affected not to know that the United States was one of the nation states involved.
Given Hayden's background and level of security clearance, it seems inconceivable that he didn't know who built Stuxnet. So already one had begun to take his contributions with a modicum of salt. Nevertheless, his observation about the intractability of the problem of compromised hardware seemed incontrovertible. This is because covertly modified hardware is hard to detect — much more so than dodgy software. The hardware in a computer can do things like access data in ways that are completely invisible even to the machine's security software. At the Black Hat security conference in August 2012 in Las Vegas, for example, a researcher named Jonathan Brossard demonstrated software that can be burned into the hardware of a PC, creating a back door that would allow secret remote access over the Internet. And — here's the really scary bit — the secret entrance couldn't even be closed by switching off the computer's hard disk or reinstalling its operating system.
With your current subscription plan you can comment on stories. However, before writing your first comment, please create a display name in the Profile section of your subscriber account page.