An investigative report by Bloomberg on Friday (Feb. 12) said Beijing has used the technology supply chain to conduct a long-running spying campaign against the United States.
U.S. media reported Friday (12) that the Chinese Communist Party has used technology suppliers to carry out long-term intelligence work, hiding malicious programs in the chips of U.S. government computer servers that U.S. intelligence has long known about but has not made public in an attempt to launch counterintelligence efforts. A former Federal Bureau of Investigation (FBI) official noted that the situation reflects a widespread crisis in the global supply chain.
The report said San Jose, California-based computer hardware maker SuperMicro Computer Corp. had malicious code and chips planted in server motherboard equipment made in China by the Chinese Communist Party, which had been used by U.S. companies and some government departments.
For example, the report said the U.S. Department of Defense discovered in 2010 that thousands of computer servers were transmitting military network data to China, and an investigation later found that this was due to malicious code hidden on the chips running the machines’ startup programs. 2014, Intel Corp. discovered that a Chinese hacking group had compromised their network through a server that downloaded malicious software from the supplier’s SuperMicro update website. In 2015, the FBI warned several companies that Communist spies had planted a chip with embedded backdoor code on a server at Metso Micro.
The Bloomberg report said the U.S. intelligence community did not make public the specifics of the situation, but instead launched an investigation and counterintelligence effort to try to get to the bottom of the Chinese Communist Party.
Bloomberg said it was unclear whether the investigation was continuing and the full findings, but the FBI had hired a private agency in 2018 to analyze the US Supermicro devices that were implanted with the chip.
Jay Tabb, a former senior FBI official, told Bloomberg that the Metsumicro incident demonstrates the broad risks in the global supply chain and “perfectly illustrates the vulnerability to potentially malicious tampering of any product that a U.S. company chooses to manufacture in China.”
He added: “The Chinese government has been doing this for a long Time, and companies need to recognize that the Communist Party is still doing it.”
Bloomberg quoted former U.S. officials as saying that neither US Supermicro nor any of its employees have been charged with illegal conduct and that the company is not the target of a counterintelligence investigation.
Bloomberg reported in 2018 that server motherboards made by US Supermicro in China were implanted with microchips by Communist Party spies, affecting about 30 companies and some U.S. government departments, including Apple and Amazon, two U.S. tech giants.
Bloomberg said the latest report was based on interviews with 50 people from law enforcement, the military, Congress, intelligence agencies and the private sector. The report quotes Frank Figliuzzi, a former assistant director of counterintelligence at the FBI, as saying the U.S. Super Micro incident is a wake-up call for the industry.
If you think it’s just one company, you’re missing the point,” he said. For everyone in the tech supply chain, this is a ‘don’t let this happen to you’ moment.”
James Lewis, director of the strategic technology program at the Center for Strategic and International Studies (CSIS), a Washington think tank, told Voice of America, “The Chinese Communist Party is the most aggressive spying adversary the United States faces, and China has spied on U.S. companies for years. China’s government Hackers are getting more sophisticated every year. It’s like a Chinese version of Sunwind – a massive supply chain hacking operation that exposes thousands of targets.”
The Sunwind he’s referring to is the one in which Russia is accused of hacking Sunwind’s surveillance software, Orion, to hijack the network, violating up to 18,000 Sunwind customers, including sensitive federal agencies.
Recent Comments