BusinessWeek Finds Persistent Pattern of Chinese Hacking Through SuperMicro

This article is hidden behind a pay wall but it is so important that I will provide a summary. Entitled “The Long Hack: How China Exploited a U.S. Tech Supplier,” the same two journalists who wrote “The Big Hack” in 2018, Jordan Robertson and Michael Riley, describe how what they earlier discovered was just a piece of a broader pattern.

In 2018, they reported that Amazon and Apple had discovered a tiny semiconductor in servers sold by Super Mico Computer Inc., a California-based company headed by a Taiwanese CEO. The servers included motherboards assembled in China and it turned out that the People’s Liberation Army had implanted the chips in a way that the finished product, i.e. the servers, could communicate with the PLA in China. Both Amazon and Apple angrily denounced the article and called for a public retraction.

Now Robertsosn and Riley are reporting that the problem is much larger. I quote:

“In 2010, the U.S. Department of Defense found thousands of its computer servers sending military network data to China–the result of code hidden in chips that handled the machines’ startup process.

“In 2014, Intel Corp. discovered that an elite Chinese hacking group breached its network through a single server that downloaded malware from a supplier’s update site.

“And in 2015, the Federal Bureau of Investigation warned multiple companies that Chinese operatives had concealed an extra chip loaded with backdoor code in one manufacturer’s servers.

“Each of these distinct attacks had two things in common: China and Super Micro Computer Inc., a computer hardware maker in San Jose, California. They shared one other trait: U.S. spymasters discovered the manipulations but kept them largely secret as they tried to counter each one and learn more about China capabilities.”

In other words, the Chinese government is almost certainly engaged in a massive pattern of penetrating the computer equipment that is assembled or sourced at least in part in China. “Supermicro is the perfect illustration of how susceptible American companies are to potential nefarious tampering of any products they choose to have manufactured in China,” the article quotes Jay Tab as saying. Tabb was the executive assistant director of the FBI’s national security branch until retiring in 2020. “Silicon Valley in particular needs to quit pretending that this isn’t happening.”

As Mike McLaughlin of the Pentagon’s CYBERCOMMAND and I documented in a piece for the National Interest, the Chinese are increasingly relying on software updates that are routinely issued to plant malware on American computer systems in use in China and around the world. This also squares with the pattern of hacking and espionage that I chronicled in The New Art of War, available here.

It’s time for the United States, indeed long past time, to acknowledge that the Chinese have deeply penetrated our computer systems. It is a national security crisis that will take years to correct. But if we are to maintain our very soverignty, we must start the process.

 

 

 

 

Share this article

  • Facebook
  • Twitter
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS