Computer hardware arriving to customers infected with various malware out of the box are being reported, but industry experts at the RSA security conference are unsure whether it is merely a case of shoddy manufacturing or an intentional sabotage of US-bound products.

 Some digital photo frames sold during Christmas last year have been found to contain malware, and other products known to have been infected even before being used included GPS devices, hard drives, iPods, some Toshiba laptops, and USB keys that came with HP servers. There have also been reports of ATMs that had been infected with backdoor malware prior to shipping, and the Department of Defense temporarily banned thumb drives last year, after brand new USB thumb drives have been found infected out of their package.

 Marcus Sachs, executive director for national security policy for Verizon Business, is worried that with many of the United States’ electronic and computer devices being built outside the country, the national cyber security situation maybe compromised. According to Sachs, the United States had engaged in similar activities in the past, such as feeding malicious software with an embedded logic bomb to Russia in order to sabotage the trans-Siberian pipelines back in the 1980's. By setting up a precedent, similar attacks may be attempted against the United States. 

 However, other security experts are still open to the possibility that these products infected with malware maybe a result of improper industry manufacturing processes rather than a deliberate attempt on American security. But even if that is so Mitchell Komaroff, director of the globalization task force set up by the Department of Defense, says that any third party with malicious intent may take advantage of these lax production procedures

 James Abrams, director of technical education and anti-virus firm ESET, suspects that in cases such as the infected iPods, the machines used for testing during quality assurance may have been connected to the internet and could have accidentally infected the devices. In fact, according to Abrams, the infected iPods were those that had undergone quality assurance.

Abrams believes that the majority of pre-infected products are results of improper manufacturing procedures rather than espionage. He says that manufacturers abroad should understand that in the digital age, critical hardware used for product testing should not be connected to the Internet.