Where are you getting this info from...?
I know for a fact that the DoD uses chip CACs...and they've been using them, oh...for about 10-15 now, with PW access having been eliminated for quite awhile.
That may not apply to Congress as they are not part of the DoD...but I don't see how if a chip CAC was wanted because the systems used chip CACs...then how would a magstripe CAC with a painted chip be used for a year "before anyone realized it"...???
I mean...how would the magstripe CACs even work for a year without anyone noticing if chip CACs were what their systems required?
It was the access control system. The badge they used to get into the building. Not the most important system, surely, but still, how does your gov get fooled into paying far too much for a magstripe card with the photo of a chip on it?
And it worked because it still used the magstripe reader. That still worked because not all access gates had been updated yet.
The entire sec community was laughing their asses off when it got out. MSM was ignoring it completely as it doesn't fit into their reality.
AFA China...well, most of their high-end technology came from the USA...so then why wouldn't the USA also have it...???
I think maybe people read too many stories from media outlets that are more in the business of creating content than providing truth.
A lot of China's tech is developed by the Chinese. They copy a lot of stuff too as that is the summum of flattery in China. If you have a good design, someone will copy it. And you, as a good designer, shouldn't cry about it. You're on your next great design, aren't you. And most crypto is European/Israeli/Russian.
And since you talk about DOD. How come DOD servers have been repeatedly hacked by teenagers, from a "Hacking for absolute beginners" book? The DOD should be hiding their heads in shame. In stead, they want to put these teenagers in jail. Pitiful.
Another example: the US army spent billions developing planes and ships that have a near invisible radar profile. The Chinese spent millions developing a quantum radar that renders all of that completely useless.
The point about that router wasn't that the firmware was copied. The point was that some US agency found the backdoor, accused the Chinese, resulting in the Chinese company getting barred from selling in the US while it was another US agency that put the backdoor in in the first place. Of course, we don't know if the backdoor was put in to spy on the Chinese. It was probably put in to spy on everyone.
And it's not the only example. The Russians got into big trouble some years ago, because the US software they copied to manage gas- and oil pipelines, was booby-trapped by some US agency. Fortunately, they found out before thousands of people died. Similarily, the Iranian nuclear enrichment plants were taken out by dodgy controller software that made the centrifuges spin out of control once in a while. That was US software, manipulated by the Duqu virus, provided by Israel. When analyzed, Israel's signature was all over and DUQU even means "reconnaissance" in ancient Hebrew.
Not saying that chip credit cards are not a bit late here in the USA...but then, the USA probably has more retail merchants than all of Europe combined...so as much as government wants to push technology, it also has to be cognizant of how easily the transition can occur without total disruption of retail services.
It's the public's reluctance to pin codes and OTP's that keeps amazing me. Sure, CC's are insured, so the public has an image that they'll never loose their money because of CC fraud. Until they do. And they don't keep into account that the cost of insurance is included in the products they buy.
And, no, the number of retail merchants in the US is simply dwarfed by the number in China. Over there, almost all of them have the latest payment methods and chip card readers. There's even several chains operating without any personnel in the store. Full automatic. And I'm not talking about guns
There's another example how things are severely rotten in the states. A while ago, the DHS and NSA offered the states to do a pentest on their servers. Four states declined the offer, mainly because they already had a sec solution from the private sector. Possibly also because they didn't trust NSA/DHS. Their servers were pentested anyway and the DHS/NSA got caught immediately. Result: nothing. It seems DHS/NSA can operate illegally, even inside the USA.
Border control is one of the agencies that has had scanners for electronic ID's for years. Apparently, they never get used, because nobody knows how and because there's no connection to a central computer system to verify data. Meanwhile, Canada is warning it's citizens travelling to the US not to take any cash, as they are likely to get robbed by... the police...
That sort of fraud (suppliers selling systems to the gov they know don't work) happens all over the world. It's certainly not US specific. But the way it happens in the US, without ever changing anything, is surprising, to put it mildly. I'm not surprised your elections got hacked. I'm only surprised only the Russians got caught doing it. I mean, why would China, Israel or North Korea not be involved? These election systems are so unsafe, you could only conclude it is by design. If not, it is an incredibly bad design.
Over here, election computers' software is open source. It has been vetted by four universities, two of them specialise in crypto. One of those discovered the flaws in Intel processors. And these possible backdoors have been found even in ancient Atom processors. It seems everything coming after the 80286 has them. Stupidity? Or clever design? That's a product with a known backdoor (Intel Management Engine) with hardcoded hidden accounts in it and at least four other, well hidden backdoors...
The other thing is that countries like China or Russia don't tell when they've been hacked too quickly or easily...they will deny even when it happens.
The USA hacks them back probably as much as they hack the USA...they just don't let on they've been hacked, especially China.
Also...everyone wants to hack the USA, because it has most of what everyone wants.
All these hacking stories lead to the same conclusion: industrial espionage. Remember the Airbus/Boeing controverse of some years ago? Everyone knew that some US agency copied Airbus' mails. It resulted in a court case, but of course you can't prove anything cyber related beyond reasonable doubt.
The funny thing is, all this knowledge is out there. Free for anyone to study. And even for the mildly interested, there are things like Norkring's worldwide attack page. You can see what's going on:
Norse Attack Map
Funny to watch.
