China: land of technological opportunity – opportunity that citizens don’t always use “for good.” That’s the lesson in a recent Bloomberg report that reveals Chinese entities successfully used a tiny embedded chip to hack into, weaponize, and steal data from technology belonging to at least 30 American companies. For the first time ever, the China-America supply chain has officially been compromised.
• According to Bloomberg’s new report, a group within China’s People’s Liberation Army (PLA) infiltrated Supermicro motherboards by planting a tiny access chip on them during production. While the motherboards aren’t typically found on consumer computers, they are a common component of enterprise server systems all across America.
• Once in use, the chip allows the group to remote in and access (or steal) data from the company using the motherboard itself. The access includes nearly all internal data stored on the server as well as, in some cases, data stored on networked computers or servers within the company’s intranet.
• Victims include some of the largest and most successful enterprises in existence, including Amazon and Apple. All have expressly denied being aware of the presence of such a chip, and are alleging that Bloomberg’s reporters were falsely informed.
• The originally identified chip dates back nearly three years, to a time when Amazon AWS was first involved with creating a secure system for the CIA. As they worked to create the high-security cloud service, they quietly partnered with a company called Elemental – but initial security investigations into Elemental’s technology raised suspicions.
• Amazon had Elemental’s equipment sent out for special testing to identify the source of the troubling red flags. What they found was a tiny rice-grain sized microchip installed after the point of sale.
• Here’s where things get really scary: our own government uses Elemental server systems across many departments. The Department of Defense’s data centers, the Navy’s onboard warship networks, and even the CIA’s hush-hush hidden drone investigation controls all rely on Elemental’s technology.
• But Elemental is just one tiny slice of the pie. Supermicro has thousands of other clients in the United States, many of which fall under our own government’s control and some of which may include intelligence operations. The illegal access has the potential to put consumers and the entire country at risk.
• A top-secret investigation showed that the chip permitted attackers to open a backdoor access portal into confidential internal networks. Essentially, any computer directly linked to a computer with compromised Supermicro parts could be illegally passing information to Chinese hackers.
• Nearly every investigatory attempt showed that the parts were successfully compromised in China, well before they made it into American hands. Given that China is directly responsible for manufacturing 90 percent of the world’s computers, and 75 percent of our smartphones, we should be deeply concerned.
• Altogether, thousands of systems are likely affected. At least one major bank was compromised, as well as a long list of government contractors. Exactly what they were after isn’t clear; at least one American official told Bloomberg that it was “high-value corporate secrets and sensitive government networks.”
• Whether it was stealing your credit card info or compromising Homeland Security and our national integrity, the fact that our over-reliance on Chinese parts led to a leak of this magnitude is a big problem. Perhaps it’s time to bring PC and smartphone production back home to the United States for good.