Trojans in Microchips / CPUs?!

OK, we're normally a pretty computer security oriented lot around here, but a post we came across today at DailyArtisan.com has us even more concerned than normal. :-(

Trojan Microchips from China is the theme, and if true, it's downright alarming. Even if only partially true, it should raise the hair on the back of all our necks.

The gist of the piece is that Robert Eringer, a former FBI spy, has claimed that China has planted trojans in the microprocessors -- the actual CPUs themselves mind you -- of many computers on the market today and that chances are high your computer may have one of these trojans.

We say "may" because we want to be cautious about laying too much blame where none has yet been definitively established.

Nevertheless, if true, this is ugly stuff. Really ugly stuff in fact.

"'It is there, deep inside your computer, if they decide to call it up,' the security chief of a multinational corporation told The Investigator.

'It is capable of providing Chinese intelligence with everything stored on your system — on everyone’s system — from e- mail to documents.

'I call it Call Home Technology. It doesn't mean to say they're sucking data from everyone's computer today, it means the Chinese think ahead — and they now have the potential to do it when it suits their purposes.'"

Obviously, the identity of the source of this statement is being protected, but given that it's "security chief of a multinational corporation," chances are high this isn't just some chump making idle claims.

Whatever the case, we're going to continue to follow this story.

The question we'll no doubt be getting from many is, "What do I do?"

It's unclear what can be done at this point, but we'd hope that most decent antivirus software--especially that which also includes a firewall--would help you detect any unauthorized connections and allow you to prevent them from happening.

Given that these are the CPUs themselves that Eringer claims have been infected, it's impossible for us to say for sure if the software would detect these connections or if such connections would sneak out unnoticed.

 The best thing to do, we believe, is to be aware of threats such as these and take reasonable precautions--like running  good antivirus software you can afford--and to do your best to be aware of what your security software is actually telling you.

Read the warning messages and do your best to learn what they mean and if you're genuinely at risk or if it's a false alarm.

Years ago, when I personally first began getting interested in computer security, I learned,

"The most dangerous thing you can say to yourself in assessing risk is, 'It's not like....' because as soon as you've told yourself, 'It's not like....' you've just given someone the means by which to attack your system.

 "The smart thing to do is to assess risks honestly and to instead say, 'This is unlikely to be a risk because....' That way you're at least allowing yourself the mental capacity to go back and reassess things again later whereas if you say, 'It's not like....' you're actually closing that mental door altogether. Not smart."

In other words, don't just ignore your antivirus / firewall software when it complains about something! Be smart, listen to it, and learn what it's trying to tell you. What you learn from it in a few minute might just shock you.