Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
China Privacy Security Technology

The Messy Truth About Infiltrating Computer Supply Chains (theintercept.com) 69

In October last year, Bloomberg Businessweek published an alarming story: Operatives working for China's People's Liberation Army had secretly implanted microchips into motherboards made in China and sold by U.S.-based Supermicro. While Bloomberg's story -- which has been challenged by numerous players -- may well be completely (or partly) wrong, the danger of China compromising hardware supply chains is very real, judging from classified intelligence documents, reports The Intercept. From the report: U.S. spy agencies were warned about the threat in stark terms nearly a decade ago and even assessed that China was adept at corrupting the software bundled closest to a computer's hardware at the factory, threatening some of the U.S. government's most sensitive machines, according to documents provided by National Security Agency whistleblower Edward Snowden. The documents also detail how the U.S. and its allies have themselves systematically targeted and subverted tech supply chains, with the NSA conducting its own such operations, including in China, in partnership with the CIA and other intelligence agencies. The documents also disclose supply chain operations by German and French intelligence.

What's clear is that supply chain attacks are a well-established, if underappreciated, method of surveillance -- and much work remains to be done to secure computing devices from this type of compromise. "An increasing number of actors are seeking the capability to target ... supply chains and other components of the U.S. information infrastructure," the intelligence community stated in a secret 2009 report. "Intelligence reporting provides only limited information on efforts to compromise supply chains, in large part because we do not have the access or technology in place necessary for reliable detection of such operations."

This discussion has been archived. No new comments can be posted.

The Messy Truth About Infiltrating Computer Supply Chains

Comments Filter:
  • by Anonymous Coward

    The NSA admits doing exactly this to target high-value individuals. Order a computer, they intercept the package, in a few hours it's opened and modified and packed back up with OEM stickers like new. You would never know.

    China is just much more broad and bold with their attempts to catch up using 3rd party companies that are actually 1st party ChiCom Party owned entities.

    Supermicro may or may not have been a real story - however, if it WAS REAL, the NSA and SECINT have no obligation to inform the public of

  • This might actually be a legitimate case for a national security tariff. [nytimes.com]
  • While Bloomberg's story -- which has been challenged by numerous players -- may well be completely (or partly) wrong, the danger of China compromising hardware supply chains is very real, judging from classified intelligence documents, reports The Intercept.

    While Bloomberg's story -- which has been challenged by numerous players -- may well be completely (or partly) wrong, which contributes to fake news, the danger of China compromising hardware supply chains is very real, judging from classified intelligence documents, reports The Intercept.

    (...bold mine...)

    The result of any compromising is the same as what the CIA/NSA have done to foreign entities, if I may add.

    • by Anne Thwacks ( 531696 ) on Friday January 25, 2019 @04:01PM (#58023026)
      As a non-USian, I believe that the anti-China stories are mostly there because the NSA finds it harder to put its own Trojans in Chinese computers

      Think about it: if every computer on the planet is streaming private material to China, what the hell would China do with all that data? And why would I care? its not like the Chinese are going to send me for re-education. OTOH, we can see what happens when the NSA comes after you.

    • The result of any compromising is the same as what the CIA/NSA have done to foreign entities, if I may add.

      The result of any compromising is the same as what the CIA/NSA have done to domestic entities, if I may add.

  • Want to protect your supply chain from tariffs, spying, and other political crap? Diversify! Make components in as many countries as possible, and when one is compromised, shut it down and make it someplace else.

    • In the design of electronic voting machines, I've suggested that the machines need to not have wireless networking capabilities, not connect to networks, and...be sourced at least a year before any election in which they're used.

      Hardware-level attacks aren't very effective when you don't know the exact software, data formats, and goals of your attack, and have no communication channel.

      This is also why parallel testing and, yes, selling off a random sample of your stock after the elections is helpful. E

  • by rsilvergun ( 571051 ) on Friday January 25, 2019 @04:10PM (#58023094)
    that China still calls their military the "China's People's Liberation Army". The people were "Liberated" a long time ago. It's just the army now.

    I don't think it matters that we've handed so much manufacturing over to the Chinese. The folks running the show, what we usually call the Ruling Class, are global now. They might have the occasional spat here and there over who's yacht's bigger or who's the richest this week but they're not really fighting (and by extension the countries they run aren't fighting).

    I suppose it's a good thing. A World War isn't the solution (though it's one way to kick your economy up a notch). But anything we're seeing here is at best a pissing match between billionaires.
    • by AHuxley ( 892839 )
      South Korea, Vietnam, Tibet, Tiananmen Square all got lots of Communist liberation.
      Now its computer networks that will have to collect it all for a Communist government.
    • by Anonymous Coward

      I find it creepy thar Americans called the destruction of Iraq "Operation Iraqi freedom" ...

  • by Anonymous Coward

    'nuff said

  • by Anonymous Coward

    Cute propaganda piece that builds upon the shaky claims of the original bloomberg story.

    • by Anonymous Coward

      Slashdot has been a constantly dripping spigot of US state propaganda for years now. This article seems like a patch over the last non-story about Chinese chip-trojaning injected into media which turned to to be pure bullshit.

  • by ickleberry ( 864871 ) <web@pineapple.vg> on Friday January 25, 2019 @05:09PM (#58023396) Homepage
    Greedy suit-wearing McMansion-dwelling fat-bellied US bosses couldn't resist the temptation of outsourcing to China for cheap and now the rest of us have to pay for it.
  • by McFortner ( 881162 ) on Friday January 25, 2019 @05:13PM (#58023406)
    This makes me think of the backstory to The War Against the Chtorr series by David Gerrold. After losing several devastating conflicts, the US is forced into giving up it's military might and provide reparations to other countries. Instead of money, it provides food and high tech goods, such as computers and electronics, making the world dependent on US technology. All of the ICs have Trojan Horses hardwired into them that are undetected, which can were used as kill switches. That comes in real handy when some of those countries decide to invade the US in order to "liberate" resources that they want.

    Could something like this be used by China to cripple enemy economic and military might in a future conflict? We'd be fools not to consider this a very realistic possibility.
  • by Anonymous Coward
    The complete hypocrisy here is insane; the NSA is known to intercept supply chain of many countries, including US. On the other hand, the MSMs always have no issue with publishing articles with little to new evidences (or wrong as in the case of Bloomberg) to outright fabricating stories. And from some of the response here on / . at least a good portion of likely Americans are equally as ignorant and/or prejudiced.
  • I worked in a company that created its own boards which were outsourced offshore. Every batch received in the plant where the devices were delivered had random inspections for quality. The company designed the boards and the offshore fabricators created the boards, populated them with chips (which contained company designed special purpose devices) and sent them to the plant. These custom boards were tested for QA and Government certification standards.

    So the article suggests that SuperMicro did not, does n

  • by Nocturrne ( 912399 ) on Friday January 25, 2019 @07:38PM (#58024088)

    Closed firmware... How is there not a class action lawsuit against Intel for this?

  • by Anonymous Coward

    All foreign IC is suspect. And we can't trust imported food. And definitely not their unsafe cars...

    In growth, the industry wants free trade. In a recession, they want protectionism. The form of government in which they have their way all the time is not democracy. It's fascism. And not one person living in an English speaking country and reading this post right now was born to a democratic regime.

  • by OrangeTide ( 124937 ) on Saturday January 26, 2019 @12:36AM (#58024830) Homepage Journal

    Iran knows not to buy industrial controls from the U.S. (Stuxnet [wikipedia.org]). And the U.S. should know not to buy computers and phones from China.

If you aren't rich you should always look useful. -- Louis-Ferdinand Celine

Working...