Incident: Misrepresentation of Chinese-Origin Surveillance Equipment Sold to US Government

Published Date: 2019-11-07

Postmortem Analysis
Timeline 1. The software failure incident involving Aventura Technologies happened last year when a service member on an Air Force base noticed that an Aventura body camera displayed Chinese characters on the screen [92263]. 2. Published on 2019-11-07. 3. The software failure incident likely occurred in 2018.
System The software failure incident in Article 92263 involved the failure of the surveillance equipment sold by Aventura Technologies. The specific systems that failed in this incident were: 1. Surveillance cameras 2. Body cameras 3. Automated turnstiles 4. Other security equipment These products were found to have been made in China despite being marketed and sold as American-made products, leading to vulnerabilities that could be exploited for espionage purposes [92263].
Responsible Organization 1. Aventura Technologies and its employees [92263]
Impacted Organization 1. United States military [92263] 2. Government agencies, including the Army, Navy, and Air Force [92263]
Software Causes 1. The software failure incident was caused by the Aventura Technologies selling equipment that was made in China but falsely labeled as "Made in the U.S.A." [92263]
Non-software Causes 1. Deception by Aventura Technologies in falsely claiming their products were made in the U.S.A. when they were actually made in China [92263]. 2. Money laundering conspiracy by the owners of Aventura Technologies [92263]. 3. Use of shell companies for illegal activities and money laundering [92263]. 4. False representation of Aventura's chief executive to obtain government contracts set aside for small businesses owned by women [92263].
Impacts 1. The software failure incident led to the discovery that the surveillance equipment sold by Aventura Technologies to the United States military, which was believed to be American-made, was actually manufactured in China, raising concerns about potential espionage risks [92263]. 2. The incident resulted in criminal charges being filed against Aventura Technologies and seven of its current and former employees for lying to American customers about the Chinese origins of the products, leading to charges of conspiracy to commit wire fraud and illegal importation [92263]. 3. The failure incident impacted national security officials in the United States, highlighting the longstanding worry about Chinese telecommunications equipment being used for espionage, with more than 80% of economic-espionage cases involving China since 2012 [92263]. 4. As a consequence of the incident, President Trump moved to ban American firms from installing foreign-made equipment that could pose a national security risk, effectively barring the Chinese telecom giant Huawei from doing business with American companies without government approval [92263]. 5. The incident led to the authorities removing the vulnerable equipment from government facilities to prevent potential unauthorized access to networks, emphasizing the grave concern of compromised infrastructure by hardware and software made in China [92263].
Preventions 1. Implementing strict supply chain verification processes to ensure that products are sourced from trusted and verified manufacturers [92263]. 2. Conducting regular security audits and vulnerability assessments on all equipment and software used in critical government facilities [92263]. 3. Enforcing stricter regulations and oversight on companies that provide security equipment to government agencies to prevent fraudulent claims about product origins [92263].
Fixes 1. Implementing strict supply chain verification processes to ensure that products are manufactured in the declared location [92263]. 2. Conducting thorough security assessments and audits on all equipment and software installed in government facilities to identify and mitigate vulnerabilities [92263]. 3. Enforcing regulations and penalties for companies that deceive customers about the origin of their products, especially in sensitive sectors like national security [92263].
References 1. Federal prosecutors in Brooklyn [Article 92263] 2. United States officials 3. President Trump 4. Richard P. Donoghue, the United States attorney in Brooklyn

Software Taxonomy of Faults

Category Option Rationale
Recurring unknown The articles do not provide information about a specific software failure incident happening again at the same organization or at multiple organizations. Therefore, the requested information is 'unknown.'
Phase (Design/Operation) design, operation (a) The software failure incident in the article is related to the design phase. Aventura Technologies sold surveillance equipment to the United States military, claiming the products were made in the U.S.A. However, it was later discovered that the equipment was actually made in China and was vulnerable to hacking, potentially allowing China to spy on American government agencies [92263]. (b) The software failure incident is also related to the operation phase. The equipment sold by Aventura was installed throughout government agencies, including on aircraft carriers and a Department of Energy facility. The fact that the equipment had vulnerabilities that could allow others to access the networks indicates a failure in the operation or use of the system [92263].
Boundary (Internal/External) within_system (a) within_system: The software failure incident in this case can be categorized as within_system. Aventura Technologies sold equipment to the United States military that was made in China but falsely labeled as "Made in the U.S.A." This deception led to the installation of vulnerable software in government agencies' security networks, potentially allowing for spying by China [92263]. The failure originated from within the system, where the company knowingly misrepresented the origin of their products and installed compromised software within the U.S. infrastructure.
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident in this case was primarily due to non-human actions, specifically the vulnerability of the equipment made in China that was sold by Aventura Technologies to the United States military. The equipment was found to have Chinese origins and was vulnerable to hacking, potentially allowing for spying by China [92263]. (b) Human actions also played a significant role in this software failure incident. The defendants, including the owner of Aventura, were accused of lying to their American customers for more than a decade about the Chinese origins of the company's products. They were charged with conspiracy to commit wire fraud and illegal importation, with some also facing charges of money laundering conspiracy [92263].
Dimension (Hardware/Software) hardware, software (a) The software failure incident in this case is related to hardware. The surveillance equipment sold by Aventura Technologies, which included cameras and other security devices, was found to have been made in China despite being marketed as American-made products. This hardware was vulnerable to hacking, potentially allowing for espionage by China [92263]. (b) The software failure incident is also related to software. The software that was installed in the surveillance equipment sold by Aventura Technologies was known to have vulnerabilities that could be exploited to access networks. This software, which was put into U.S. systems, raised concerns about compromising infrastructure with hardware and software made in China [92263].
Objective (Malicious/Non-malicious) malicious (a) The software failure incident in this case is malicious in nature. Aventura Technologies sold equipment to the United States military that was actually made in China and vulnerable to hacking, potentially allowing for spying by China [92263]. The company and its employees were accused of lying to their American customers for more than a decade about the Chinese origins of the products, indicating a deliberate attempt to deceive and compromise the security networks of American government agencies [92263]. The scheme's mastermind, Mr. Cabasso, was portrayed as a serial con man with a long criminal history, including using shell companies to launder money and making false representations to obtain government contracts [92263]. The incident involved intentional deception and manipulation for financial gain and potentially espionage purposes.
Intent (Poor/Accidental Decisions) poor_decisions, accidental_decisions The software failure incident involving Aventura Technologies selling Chinese-made equipment as American-made to U.S. government agencies can be attributed to both poor decisions and accidental decisions: (a) poor_decisions: The incident involved poor decisions made by Aventura Technologies and its employees to lie to their American customers for more than a decade about the Chinese origins of the company's products. This deliberate deception led to the installation of vulnerable software in security networks that could potentially be used for spying by China [92263]. (b) accidental_decisions: The incident also involved accidental decisions or mistakes, as the customers who purchased the products believed they were manufactured in the United States, paying a premium for products they thought were American-made. Company executives reassured customers that the cameras were made in America when, in fact, they were manufactured in China [92263].
Capability (Incompetence/Accidental) development_incompetence, accidental (a) The software failure incident in this case can be attributed to development incompetence. Aventura Technologies and its employees were accused of lying to their American customers for more than a decade about the Chinese origins of the company's products. The equipment sold by Aventura, including surveillance cameras, was made in China and was vulnerable to hacking, potentially allowing for spying by China [92263]. (b) Additionally, the incident can also be categorized as accidental, as the customers who purchased the products from Aventura believed they were buying American-made products, but it was later revealed that the equipment was manufactured in China. This accidental misinformation led to the installation of potentially compromised software in various government agencies and facilities [92263].
Duration permanent (a) The software failure incident in this case appears to be permanent as the equipment sold by Aventura Technologies was made in China and was vulnerable to hacking, potentially allowing for spying by China [92263]. This indicates that the contributing factors introduced by all circumstances led to the failure, making it a permanent issue.
Behaviour other (a) crash: The software failure incident in this case did not involve a crash where the system lost state and did not perform any of its intended functions. The failure was related to the software being vulnerable to hacking due to its Chinese origins, potentially allowing for spying by China [92263]. (b) omission: The software failure incident did not involve the system omitting to perform its intended functions at an instance(s). Instead, the failure was related to the misrepresentation of the origin of the products, leading to potential security vulnerabilities [92263]. (c) timing: The software failure incident was not related to the system performing its intended functions correctly but too late or too early. The issue was more about the software being susceptible to hacking due to its Chinese origins, raising concerns about espionage [92263]. (d) value: The software failure incident did not involve the system performing its intended functions incorrectly in terms of the software's functionality. The failure was more about the misrepresentation of the products' origin and the potential security risks associated with using software from China [92263]. (e) byzantine: The software failure incident did not involve the system behaving erroneously with inconsistent responses and interactions. The issue was more about the security implications of using software with Chinese origins in government agencies [92263]. (f) other: The behavior of the software failure incident in this case could be categorized as a misrepresentation of the origin of the products, leading to potential security risks and concerns about espionage. The failure was more about the deception regarding the products' true origins rather than a technical malfunction of the software itself [92263].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property, non-human, theoretical_consequence (property) The consequence of the software failure incident in this case was related to property. The software failure incident involved Aventura Technologies selling equipment to the United States military that was actually made in China and vulnerable to hacking, potentially allowing for spying by China [92263]. This incident impacted the American government agencies that had installed the equipment in their security networks, raising concerns about compromised infrastructure by hardware and software made in China [92263]. Additionally, the company's customers paid a premium for products they believed were manufactured in the United States, indicating a financial impact due to the deception regarding the origin of the products [92263].
Domain government (a) The failed system was intended to support the government industry, specifically government agencies including the Army, Navy, and Air Force, as well as a Department of Energy facility. The surveillance equipment sold by Aventura Technologies was installed throughout these government agencies [Article 92263].

Sources

Back to List