- Email: [email protected]
UK initiative to combat chip re-labelling
FEATURE
UK Initiative to Combat Chip Re-labelling Elspeth Wales and Thomas Kaneshige
new UK initiative has announced its plans to ombat the rapidly escalating international problem of chip theft, a problem that’s leading to business questioning the credibility and authenticity of its supplies. The Joint Action Group (JAG), run by the London Metropolitan Police Service, earlier this year set up a computer crime sub-committee specifically to investigate the rapidly escalating problem of chip theft at the request of a group of multi-national companies, including IBM, Intel and BT.
AC
JAG’s members now include other computer manufacturers such as Compaq Computer MFG Ltd, Digital Equipment Co. Ltd, Apple Computers UK Ltd and ICL Beaumont, which has manufacturing plants in Germany, Finland and the UK. Computer crime and chip theft has been rife in the US for some years, is now believed to have reached epidemic proportions in the UK and is working its way through the rest of Europe, notably France, Sweden and Ireland. Stolen chips are recycled into new equipment either in the country in which they are stolen, or they are shipped abroad for recycling. Chips are now a highly sought-after commodity. “They are small, easy to conceal - you can get an awful lot into a sports bag - and they are worth more, weight for weight than the current value of gold”, insists Commander Tom Brown, Chairman of JAG.
product details are removed and re-etched with new, false details of a faster, more superior chip as these then, obviously, fetch more money. Part of JAG’s investigations into the problem involved the British part of Interpol questioning other European police forces about the existence and extent of the problem there. “The outcome was that forces in France and Sweden said they have problems with this sort of Chief crime”, says Detective Inspector (DCI) James Perry, who runs JAG. “But we think that a lot of computer crime is reported as business burglaries and that if these were analysed they [the police] would probably find that the theft of chips was common to many of the cases.” In mid-October Perry presented to IBM France’s board of directors to try to enlist their support in tackling the problem.
“they are worth more, weight for weight than the current value of gold”
Chips are selling for anything from f80 for a 386 or 486 processor up to f400 for a top quality Pentium. The highest prices are paid for SIMMS and RAMS. “There is an insatiable demand for memory modules. Memory is the feature that PC users are most likely to buy to upgrade the performance of their machine”, says Trevor Littlecott, IBM country security manager. “An 8MB memory module worth about f300 is sold for half by the thieves, a 16BM retails for f700 and a 32MB module for 0200-1400, so you can see the attraction.” Hard drives are also on the thieves’ shopping list and this can cause problems to small businesses in particular. “If their hard drive is stolen and it holds all their customer and sales data then that business is in trouble. We know of a few which have been put out of business because of this,” says Perry.
“Some of these stolen chips go to European countries and are sold in auctions of this type of electronic equipment while some go to the Far East where they are recycled”, he confirms. “What certainly happens is that they very quickly get back into the legitimate marketplace via a grey market.”
The chip thieves initially targeted manufacturers plants. When they subsequently tightened security they next targeted the distributors warehouses. In turn these operations have improved security to deter burglars, so they are targeting businesses. Repeat crimes are common, some premises have been burgled a dozen times because the thieves know the business will have to re-equip quickly, before security measures can be taken. They watch, wait and take their chance.
Not only are these stolen chips put into new equipment, they are also often ‘skimmed’ or ‘relabelled’, the original
As a result of this, one of JAG’s main drives is to focus on crime prevention, giving advice to businesses that may
Computer Fraud 81Security 0 1995 Elsevier Science Ltd
November 1995
17
FEATURE be at risk and another is to encourage the computer and chip manufacturing industries to build in security features to their products. JAG’s The Crime Prevention Group, which is represented by JAG members, British Airways plc, ICL, ABI, BT, Prudential Corporation plc, IBM (UK) Ltd, ACPO (Alarms Group), Smith Kline Beecham and two London police forces, has devised a three-tier strategy. In the short term they will -try to raise the awareness of PC users of the of their computer value equipment giving common-sense advice, like: keep your equipment away from a window so it can’t be seen from the outside and be vigilant about visitors to the premises are they genuine visitors or ae they ‘casing the joint’? Laptops are at risk too and when not in use these should be locked away, in their case and in a safe place.
“some premises have been burgled a dozen times”
JAG members and computer/chip manufacturers, IBM, ICL, and Intel, are also leading by example to make safeguard their products from theft. “At IBM we are adding security features to our products including lockable casings for PCs, optional securing points to deter physical removal, a sensing trigger on the larger IBM PCs which activates when the casing is compromised, shutting the machine down, leaving the ROM unusable and the machine unable to boot up”, says Littlecott. IBM, and other manufacturers, also has a Security Consultancy Team which can advise customers about security. “On the latest PC models we have started component labelling and tracking, where components are barcoded and tagged to the serial number of the unit which will help identification where thieves have removed the normal serial number on the box.” Intel for its part has started a pilot program to laser-etch identifiers (similar to serial numbers) on its Pentium and 486 processors. Once the database is in place, Intel will be able to track the chips throughout the distribution channel. Said Intel, the etching was the easy part, the tracking of chips was far harder to execute. In the long term, other technological measures being considered include “the use of a spray to mark equipment
18
enabling DNA type fingerprinting, and the development of a tamper-proof chip that’s coded in a similar way to car radios, making them unusable once removed”, says John Almonds, BT’s Director of Security. Because the re-labelling of stolen chips is becoming so rampant, US business is beginning to question the credibility of its suppliers and the authenticity of the equipment they are selling. There is little evidence yet that business users on this side of the Atlantic are worried, possibly because the European media has not made them aware that there is a reasonable chance that the chips in many of their clones - especially those manufactured or assembled in the Far East - might not be the ones they thought they had bought. Yet US users are growing increasingly more concerned. In an effort to rectify the problem Chase is minimizing its exposure to chip-theft by dealing directly with only a handful of PC vendors, including Compaq, IBM, and AT&T. In Europe calls to users such as the insurance giant General Accident and to high-end resellers such as Hoskyns and Logica were greeted with responses that no-one knew and (implicitly) cared about chip re-labelling. Neither Logica nor Hoskyns could provide a spokesperson to discuss re-labelling. All said they only used reputable resellers or reputable sources. Michelle Batty, managing director of Watford Computers, knows there is a market for stolen computer components. “We have often had people ringing up and coming in offering cheap by the year hard drives for cash. We don’t take cash deals and tell 2000” them that. We buy our chips through a reputable UK supplier and if I had any that failed [because of re-labelling] I would dump the stock back on them. Customers must go to a reputable company, that’s the only answer,” she said.
“US$200 billion
According to a study by the American Electronics Association, chip theft alone had cost the industry US$40 million in lost revenues for 1993. Thefts in all high tech hardware reached US$g billion and is projected to cost the global market US$200 billion by the year 2000. In the UK insurance companies say the annual cost of replacing the damaged or stolen equipment alone stands at f250 million, but that the true cost, in terms of lost data and lost business, adds up to billions.
Computer Fraud 81 Security November 1995 0 1995 Elsevier Science Ltd
UK Initiative to Combat Chip Re-labelling Elspeth Wales and Thomas Kaneshige
new UK initiative has announced its plans to ombat the rapidly escalating international problem of chip theft, a problem that’s leading to business questioning the credibility and authenticity of its supplies. The Joint Action Group (JAG), run by the London Metropolitan Police Service, earlier this year set up a computer crime sub-committee specifically to investigate the rapidly escalating problem of chip theft at the request of a group of multi-national companies, including IBM, Intel and BT.
AC
JAG’s members now include other computer manufacturers such as Compaq Computer MFG Ltd, Digital Equipment Co. Ltd, Apple Computers UK Ltd and ICL Beaumont, which has manufacturing plants in Germany, Finland and the UK. Computer crime and chip theft has been rife in the US for some years, is now believed to have reached epidemic proportions in the UK and is working its way through the rest of Europe, notably France, Sweden and Ireland. Stolen chips are recycled into new equipment either in the country in which they are stolen, or they are shipped abroad for recycling. Chips are now a highly sought-after commodity. “They are small, easy to conceal - you can get an awful lot into a sports bag - and they are worth more, weight for weight than the current value of gold”, insists Commander Tom Brown, Chairman of JAG.
product details are removed and re-etched with new, false details of a faster, more superior chip as these then, obviously, fetch more money. Part of JAG’s investigations into the problem involved the British part of Interpol questioning other European police forces about the existence and extent of the problem there. “The outcome was that forces in France and Sweden said they have problems with this sort of Chief crime”, says Detective Inspector (DCI) James Perry, who runs JAG. “But we think that a lot of computer crime is reported as business burglaries and that if these were analysed they [the police] would probably find that the theft of chips was common to many of the cases.” In mid-October Perry presented to IBM France’s board of directors to try to enlist their support in tackling the problem.
“they are worth more, weight for weight than the current value of gold”
Chips are selling for anything from f80 for a 386 or 486 processor up to f400 for a top quality Pentium. The highest prices are paid for SIMMS and RAMS. “There is an insatiable demand for memory modules. Memory is the feature that PC users are most likely to buy to upgrade the performance of their machine”, says Trevor Littlecott, IBM country security manager. “An 8MB memory module worth about f300 is sold for half by the thieves, a 16BM retails for f700 and a 32MB module for 0200-1400, so you can see the attraction.” Hard drives are also on the thieves’ shopping list and this can cause problems to small businesses in particular. “If their hard drive is stolen and it holds all their customer and sales data then that business is in trouble. We know of a few which have been put out of business because of this,” says Perry.
“Some of these stolen chips go to European countries and are sold in auctions of this type of electronic equipment while some go to the Far East where they are recycled”, he confirms. “What certainly happens is that they very quickly get back into the legitimate marketplace via a grey market.”
The chip thieves initially targeted manufacturers plants. When they subsequently tightened security they next targeted the distributors warehouses. In turn these operations have improved security to deter burglars, so they are targeting businesses. Repeat crimes are common, some premises have been burgled a dozen times because the thieves know the business will have to re-equip quickly, before security measures can be taken. They watch, wait and take their chance.
Not only are these stolen chips put into new equipment, they are also often ‘skimmed’ or ‘relabelled’, the original
As a result of this, one of JAG’s main drives is to focus on crime prevention, giving advice to businesses that may
Computer Fraud 81Security 0 1995 Elsevier Science Ltd
November 1995
17
FEATURE be at risk and another is to encourage the computer and chip manufacturing industries to build in security features to their products. JAG’s The Crime Prevention Group, which is represented by JAG members, British Airways plc, ICL, ABI, BT, Prudential Corporation plc, IBM (UK) Ltd, ACPO (Alarms Group), Smith Kline Beecham and two London police forces, has devised a three-tier strategy. In the short term they will -try to raise the awareness of PC users of the of their computer value equipment giving common-sense advice, like: keep your equipment away from a window so it can’t be seen from the outside and be vigilant about visitors to the premises are they genuine visitors or ae they ‘casing the joint’? Laptops are at risk too and when not in use these should be locked away, in their case and in a safe place.
“some premises have been burgled a dozen times”
JAG members and computer/chip manufacturers, IBM, ICL, and Intel, are also leading by example to make safeguard their products from theft. “At IBM we are adding security features to our products including lockable casings for PCs, optional securing points to deter physical removal, a sensing trigger on the larger IBM PCs which activates when the casing is compromised, shutting the machine down, leaving the ROM unusable and the machine unable to boot up”, says Littlecott. IBM, and other manufacturers, also has a Security Consultancy Team which can advise customers about security. “On the latest PC models we have started component labelling and tracking, where components are barcoded and tagged to the serial number of the unit which will help identification where thieves have removed the normal serial number on the box.” Intel for its part has started a pilot program to laser-etch identifiers (similar to serial numbers) on its Pentium and 486 processors. Once the database is in place, Intel will be able to track the chips throughout the distribution channel. Said Intel, the etching was the easy part, the tracking of chips was far harder to execute. In the long term, other technological measures being considered include “the use of a spray to mark equipment
18
enabling DNA type fingerprinting, and the development of a tamper-proof chip that’s coded in a similar way to car radios, making them unusable once removed”, says John Almonds, BT’s Director of Security. Because the re-labelling of stolen chips is becoming so rampant, US business is beginning to question the credibility of its suppliers and the authenticity of the equipment they are selling. There is little evidence yet that business users on this side of the Atlantic are worried, possibly because the European media has not made them aware that there is a reasonable chance that the chips in many of their clones - especially those manufactured or assembled in the Far East - might not be the ones they thought they had bought. Yet US users are growing increasingly more concerned. In an effort to rectify the problem Chase is minimizing its exposure to chip-theft by dealing directly with only a handful of PC vendors, including Compaq, IBM, and AT&T. In Europe calls to users such as the insurance giant General Accident and to high-end resellers such as Hoskyns and Logica were greeted with responses that no-one knew and (implicitly) cared about chip re-labelling. Neither Logica nor Hoskyns could provide a spokesperson to discuss re-labelling. All said they only used reputable resellers or reputable sources. Michelle Batty, managing director of Watford Computers, knows there is a market for stolen computer components. “We have often had people ringing up and coming in offering cheap by the year hard drives for cash. We don’t take cash deals and tell 2000” them that. We buy our chips through a reputable UK supplier and if I had any that failed [because of re-labelling] I would dump the stock back on them. Customers must go to a reputable company, that’s the only answer,” she said.
“US$200 billion
According to a study by the American Electronics Association, chip theft alone had cost the industry US$40 million in lost revenues for 1993. Thefts in all high tech hardware reached US$g billion and is projected to cost the global market US$200 billion by the year 2000. In the UK insurance companies say the annual cost of replacing the damaged or stolen equipment alone stands at f250 million, but that the true cost, in terms of lost data and lost business, adds up to billions.
Computer Fraud 81 Security November 1995 0 1995 Elsevier Science Ltd