China’s Alleged Hidden Chip for Espionage Exposed
Espionage is a normal function of a powerful state, as even the United States have the controversial Prism controversy as exposed by Edward Snowden five years ago. Cloud services like Amazon Web Services have a long wielding Terms of Service that no one really read, have provisions about data collection. Google, Microsoft, and Apple have similar data collection controversies hidden away with their own services’ Terms and Conditions document.
China has been accused of embedding malicious logic boards (integrated circuits) with the electronic products it ships to the United States. The products with secret chips were consigned with Apple and Amazon, many of which were already purchased by unsuspecting customers. Allegedly speaking, while China’s prime goal with their massive exports of electronic is to expand their economy to become the biggest in the world, cyber espionage is also a worthwhile undertaking for any state actors do.
Supermicro, a known supplier of electronic circuits used in motherboards and other printed circuit boards did some audits of China-fabricated electronic boards. “Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to US authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers,” said the Supermicro representative.
Bloomberg, in their investigative journalism, has also floated in the news about China’s espionage tactics through their exported circuit boards. However, both Apple and Amazon have denied the allegation. “It’s untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental,” explained the Amazon’s representative. “On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server,” said the Apple’s representative.
As of this writing, no one representing Beijing has answered or commented on the issue. With SuperMicro, they expressed the possibility of China may even be a victim as well. “Supply chain safety in cyberspace is an issue of common concern, and China is also a victim,” said SuperMicro’s representative.
State agencies like the CIA and the NSA are on the case, but they have not publicly disclosed their feedback on the news. Supply chain attacks and espionage through it is a sure way to reach everyone. Electronic equipment and devices are very common, almost everyone uses one, a penetration of rogue secret devices by a state is a huge advantage with information gathering.
Internet technologies certainly breed proprietary and/or confidential information theft. IT managers must work to protect the company by adequately securing the network and setting effective policy. Most valuable information today is contained in electronic form and since those computers are networked, online or otherwise accessible through wires, the IT manager plays a key role in defending the enterprise against espionage activities – and stopping activities when they are discovered. While the corporate espionage incidents can likely not be eradicated, enterprises can modify security strategies to minimize incidents and the losses resulting from those incidents.
Kevin Jones743 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.