DOJ: Company Sold Gear With Security Flaws to US MilitaryProsecutors Allege Firm Sold Chinese Surveillance Tech That Contained Vulnerabilities
Federal prosecutors have charged a Long Island company, along with seven of its employees, with selling vulnerability-laden Chinese technology to the U.S. military and other agencies for a decade and passing the gear off as American made.
See Also: The Essential Guide to Data
Over more than 10 years, the owners of Aventura Technologies made more than $20 million from federal contracts by selling video equipment and other surveillance gear for the U.S. military as though it was made in America, according to a Thursday announcement from the Department of Justice. But prosecutors allege that the company imported all of its products from unnamed Chinese manufacturers.
The U.S. Navy, Army and Air Force all bought equipment from Aventura, according to prosecutors. In addition, the Department of Energy purchased surveillance gear from the company.
On Thursday, prosecutors arrested and charged Jack Cabasso, who led the company as its de facto CEO, his wife, Frances, and four other executives with conspiracy to commit wire and bank fraud as well as unlawful importation of technology, according to the U.S. Attorney's Office for the Eastern District of New York, which is overseeing the case.
Prosecutors allege that Jack Cabasso disguised his role as the company's chief executive, which allowed his wife to say she operated the company. This enabled Aventura Technologies to pose as a woman-owned small business, which opened it up to additional government contracts under a federal program, authorities say. The couple faces additional charges of money laundering.
A seventh person was also charged in the case but not arrested on Thursday, prosecutors say.
FBI agents raided the offices of Aventura Technologies and the home of Jack and Frances Cabassos, seizing a 70-foot yacht. Prosecutors also froze approximately $3 million in 12 financial accounts belonging to the couple and the company, authorities say.
"As alleged, the defendants falsely claimed for years that their surveillance and security equipment was manufactured on Long Island, padding their pockets with money from lucrative contracts without regard for the risk to our country's national security posed by secretly peddling made-in-China electronics with known cyber vulnerabilities," U.S. Attorney Richard Donoghue says.
"As alleged, the defendants falsely claimed for years that their surveillance and security equipment was manufactured on Long Island, padding their pockets with money from lucrative contracts without regard for the risk to our country's national security," stated USA Donoghue.— US Attorney EDNY (@EDNYnews) November 7, 2019
Representatives of Aventura Technologies could not be reached for comment.
Serious Security Flaws
In addition to passing off these cameras and surveillance gear as made in the U.S., prosecutors allege that much of the equipment contained security vulnerabilities that had previously been identified as a danger by the Department of Homeland Security. For instance, flaws in the firmware of some cameras could allow a hacker to gain remote access of the equipment, according to the federal indictment.
In addition, investigators found that some camera firmware contained a vulnerability that would allow an attacker to access any of the data recorded by the gear, according to the indictment. Such equipment was then installed to help secure facilities used by the Air Force, Navy, Army and Energy Department, prosecutors say.
The Justice Department alleges this scam started in 2006, with the company selling gear ranging from body cameras to networked-automated turnstiles, and continued until earlier this year when the U.S. Navy ordered a $13,500 laser-enhanced night vision camera from Aventura Technologies. In April, federal agents intercepted equipment coming from a manufacturer in China and matched it with the gear that Aventura sold to the Navy and other military and federal agencies, prosecutors say.
During this time, the company's owners and some executives hid that the gear was made in China, and they would even paste America flags and "Made in the USA" logos on the equipment, prosecutors say.
Before Thursday's announcement of charges against Aventura Technologies, several federal and military agencies had started to investigate security flaws within their IT infrastructure that originated with third-party suppliers.
In August, an audit report by the Defense Department's Office of the Inspector General revealed that several computers, printers and security cameras, as well as networking equipment, purchased by the military contained cybersecurity vulnerabilities (see: Pentagon Buys Equipment With Known Vulnerabilities: Audit ).
According to the audit report, the security vulnerabilities stemmed primarily from IT equipment made by companies in China that have strong ties to that country's government and the military.
Tighter Security Controls
The arrests come at a time of increased scrutiny over Chinese products and whether this equipment is used to spy on U.S. government agencies.
In 2018, President Donald Trump signed the 2019 Defense Authorization Act which banned U.S. government agencies from using certain components and gear from a number of China-based firms, including Huawei, ZTE, Hytera Communications, Hangzhou Hikvision Digital Technology Co. and Dahua Technology Co.
In October, a bipartisan group of lawmakers introduced a bill to help U.S. telecommunications providers "rip and replace" any Chinese-built networking equipment. The move comes as many experts warn that using Huawei or ZTE 5G equipment poses an unacceptable national security risk (see: Support for Expunging Huawei Gear From Carrier Networks Grows ).