“In the year 2010 computers are the new superpowers. Those who control them control the world.” This ominous snippet introduces the plot of CyberNation, a novel by famed author Tom Clancy. The book tells a tale of a world beholden to The Machine and a nefarious cast who exploit that reliance to dominate the globe. Well, it’s 2018…do you think computers are the new superpower? Do you believe maleficent actors could purpose our collective computers to gain political power or control of nations? China may think so.

The Accusation
Recently, Bloomberg Businessweek thrust China into the headlines with an accusation of subterfuge and sabotage seemingly borne from the pages of a political cyber thriller. And though the Chinese Foreign Ministry and the businesses involved vehemently declare the story a work of fiction, the highly respected, long-standing business journal staunchly defends its exhaustive research and reporting. Curiously, the FBI has no comment. American politicians are opening their own investigation…as did a major American telecommunications company that found further evidence against the communist nation.

So what malicious act did China allegedly commit?
According to Bloomberg, a unit of the People’s Liberation Army covertly inserted computer microchips into server motherboards manufactured by Super Micro Computer Inc (Supermicro). The American company, which uses a Chinese third-party manufacturer, produces a large portion of the world’s servers. In its most basic definition, a server is essentially a massive computer that manages a network of smaller computers.

How were the foreign microchips discovered?
Elemental, one of Supermicro’s customers, submitted some of its servers for testing back in 2015. During the inspection, testers found tiny, unfamiliar microchips nested within the motherboards. It was confirmed they were not part of the original design, and investigators determined the chips were secretly placed inside Supermicro’s third-party manufacturing facility in China.

Who are the victims of the apparent sabotage?
Quite realistically, the entire world. Supermicro provides servers to government entities, such as the U.S. Department of Defense (DoD) data centers, U.S. Navy warships, CIA drones; and major corporations, such as Apple Inc. and Amazon.

What’s the significance of the unauthorized microchips in these servers and what threats could they pose?
Investigators confirmed the unsanctioned chips grant their architects a hidden backdoor entry into any server in which the chips reside. Ultimately this awards the dark actors free rein to steal data from or hijack control of the servers, their assigned networks, and connected hardware. They’re at liberty to perform unauthorized, possibly nefarious actions, completely undetected, whenever they so choose. Shutting down a region’s power grid is just one example.

What makes the attack even more damning is its permanence. ‘Hit and run’ attacks using malware can be handily halted or wiped away electronically. Hardware manipulation, by contrast, is an eternal attack – a potentially long-term siphoning of corporate intellectual property and critical government information. The assault cannot be terminated until the microchip is physically removed – an undertaking of epic scale.

Have there been repercussions thus far?
Though no known malicious actions have been detected, Supermicro suffered very real reputation and market share damage, losing nearly half its value on Wall Street. China-based tech companies, such as Lenovo, also felt the blow of fractured trust by investors with slump in stock value of up to 13 percent.

Regardless if the accusation is true, a tech expert at Central Queensland University declares that it’s a solidly plausible scenario. So much so that Australia’s government has elected to bar Chinese companies from participating in any way with it 5G mobile network development. The U.S. also ceased purchasing Chinese-manufactured military phones.

Our country’s product production, as many other nations, is so entangled with China that a complete extraction could implode mass supply chains

Where do we go from here?
Confirming the truth will likely require an inspection of mass resources. Should the final verdict proclaim foul play at the hands of the Chinese manufacturer, the implications are far-reaching and mind-boggling. According to the Supermicro’s website, they serve “over 800 customers in over 100 countries.” That’s a copious volume of servers, many supporting massive and sensitive networks.

Additionally, the co-chief executive officer of Sepio Systems, the hardware security firm who led the investigation for the above-mentioned U.S. telecommunications company, shared some disturbing news with Bloomberg. He stated that he has seen “similar manipulations of different vendors' computer hardware made by contractors in China, not just products from Supermicro.” Adding that “there are countless points in the supply chain in China where manipulations can be introduced, and deducing them can in many cases be impossible.”

Our country’s product production, as many other nations, is so entangled with China that a complete extraction could implode mass supply chains, stock values, and perhaps even economies. But should our governments and private organizations do any less? Failure to act aggressively would to be to not only risk reputation and revenue, but quite possibly our nation’s sovereignty.

Thwarting Third-Party Risks
Perhaps no amount of vetting, auditing, or regulation could have prevented such a clandestine operation. But this story, regardless of ruling, serves as reminder of the risks that third-party vendors can impose. With our supply chains stretched across the globe, organizations owe it to themselves and their customers to scrutinize and assess every potential risk. For when a risk becomes a reality, its too late.

For more great industry news, check out our free

Free Whitepaper  - Two Reasons the Tech Industry Needs More Regulation

Topics: Cyber Security| Technology| In The News

Angie Longacre

Written by Angie Longacre

As a writer for Assurance Software, Angie devotes her craft to promoting business continuity and disaster recovery awareness, and trumpeting Assurance Software’s invaluable benefits for both. When she’s not commanding the keyboard, you can find her outside for a run, searching for her next antique treasure, or lost in a good book.

Recent Posts

Most Popular