The New York Times is reporting today on a FBI investigation into counterfeit network hardware:

The new law enforcement and national security concerns were prompted by Operation Cisco Raider, which has led to 15 criminal cases involving counterfeit products bought in part by military agencies, military contractors and electric power companies in the United States. Over the two-year operation, 36 search warrants have been executed, resulting in the discovery of 3,500 counterfeit Cisco network components with an estimated retail value of more than $3.5 million, the F.B.I. said in a statement.

No malicious code or changes to hardware were found but the Pentagon is concerned enough to conduct a test by planting their own Trojans in hardware distributed to military contractors working on the Trusted Integrated Circuits program to see how well the tampering can be detected.

A real concern is that the hardware supply chain becomes compromised and that even Trusted Computing Platform (TCP) devices can be corrupted before they reach the end user. We've recognized over the past several years that distributed applications have punched so many holes in network perimeters that the blocking functions the perimeter once served can no longer be taken for granted. Counterfeit hardware could become such a problem that the idea of starting with a secure, new device can no longer be taken for granted either. We're not there yet but this is just one more topic to watch.