A high ranking official at the Department of Homeland Security admitted to Congress that foreign made hardware and software sold in the U.S. are sometimes laced with spyware, malware, and other foul components that can compromise security. The revelation came from Greg Schaffer, acting deputy undersecretary of the DHS National Protection and Programs Directorate, who testified before the House Oversight and Government Reform Committee.
Schaffer didn't go into great detail about compromised hardware and software being imported into the U.S., but did reluctantly admit to being aware of instances where items were purposely embedded with security risks.
Possibly related to Schaffer's testimony, FastCompany.com, which first reported the story, dug up a couple of interesting paragraphs in the White House's Cyberspace Policy Review the site thinks is an admission that the Executive Branch knows there's something fishy going on with imported tech. The paragraphs read:
"The emergence of new centers for manufacturing, design, and research across the globe raises concerns about the potential for easier subversion of computers and networks through subtle hardware or software manipulations. Counterfeit products have created the most visible supply problems, but few documented examples exist of unambiguous, deliberate subversions.
A broad, holistic approach to risk management is required rather than a wholesale condemnation of foreign products and services. The challenge with supply chain attacks is that a sophisticated adversary might narrowly focus on particular systems and make manipulation virtually impossible to discover. Foreign manufacturing does present easier opportunities for nation-state adversaries to subvert products; however, the same goals could be achieved through the recruitment of key insiders or other espionage activities."
That was written several months ago, and it would appear that Homeland Security has since found examples of what the White House was worried about all along.