If you add up the pieces, the evidence is beginning to mount that America’s tech giants have been compromised from within, as Mike McLauglin and I argued in a piece in November in the National Interest.
Item No. 1 is this article in today’s New York Times. It seems that two major recent cyberattacks succeeded because the bad guys used servers inside the United States run by Amazon, GoDaddy and smaller providers. Amazon’s China subsidiary is registered as a Chinese company, meaning that it has to comply with the edicts of the Ministry of Public Security and the Ministry of State Security. They could have gone through Amazon Web Services’ systems in China to penetrate the servers inside the United States without anyone noticing. The traffic would have appeared to be Amazon in China communicating with Amazon in America.
Item No. 2 is an article in the Wall Street Journal Saturday that is hidden behind a pay wall. But I will summarize: Microsoft is investigating whether the hackers obtained sensitive information from private disclosures it made to its security partners, including 10 in China. In this particular attack, entities linked to China’s government obtained tools that allowed them to infect computers all over the world running Microsoft’s Exchange email server. Microsoft distributed proof of concept attack code to antivirus companies and other security partners on Feb. 23, including an unspecified number in China. Then that information was somehow leaked and used in the second wave of the hack. No one seems to know how the critical information got out, but what if the Chinese government told one of Microsoft’s Chinese partners–“we want it.” They would have no choice but to comply because of China’s national security laws.
I suspect that all this is part of a pattern we first started seeing in 2018 when BusinessWeek reported that the People’s Liberation Army had planted tiny microchips on motherboards, that were assembled into servers sold by Super Micro, a California-based company. The article said both Apple and Amazon were using the servers, but both denied it in the most extreme terms and demanded retractions, which were not forthcoming.
Could it be that the Chinese have reached the point of sophistication that they can use the electronic pathways and highways that America’s technology giants have created without those companies knowing it? Or do the companies know it and don’t dare blow the whistle because it would compromise their sales in China?
We are in the midst of a national crisis regarding the security of our IT infrastructure and it’s time for some tough conversations between the US. government and U.S. technology companies about hardening our targets. The companies, in the ultimate analysis, bear some responsibility for national security. It is not just the government’s problem.