Washington, DC, October 9, 2018 --  

Allegations that China inserted spy chips on circuit boards bound for America are reminiscent of similar acts by the NSA.

When Edward Snowden handed off a trove of secret NSA documents to a reporter in Hong Kong, it included a pair of photos of agents implanting listening devices in Cisco network routers.¹ This attack on the supply chain allowed America's National Security Agency to eavesdrop on companies who installed the routers, using NSA chips implanted in the equipment. Instead of strong-arming Cisco to cooperate in the spying, agents intercepted the packages in shipment, made the modifications, and sent them on their way.

Made in America Source: Greenwald, Glenn, No Place To Hide 2015

Five years later, supply chain attacks are again in the news. But this time it's China that's allegedly doing the attacking. A pair of stories published by Bloomberg News says that server motherboards and telecommunications hardware sold by California-based Supermicro based on parts made in mainland China were built to include hardware backdoors. In he case of the server motherboards, the backdoor was enabled by a tiny millimeter-long chip mounted between other components on the printed circuit board.² In the case of the telecommunications equipment, it was a modified ethernet port that had a tiny extra chip embedded in metal casing.³

Bloomberg reported that the servers were proved to major American companies including Amazon, Google and Apple. All of these companies have forcefully denied the first story's claims, while Bloomberg has said it stands by the story.⁴ This has led to rampant speculation as to whether the companies are under a government gag order (which Apple denies), lying to save their reputations, or whether the Bloomberg reporters or their sources are party tof a conspiracy to discredit Chinese tech manufacturers.

The latter possibility is unlikely, but it may not be as far-fetched as it seems. The Trump administration is in the midst of a trade war with China, and computer hardware manufacturing is a key flash-point. Such revelations have already devastated Supermicro, whose stock has lost nearly half its value, and threatens to destroy faith in the whole Chinese supply chain.

This isn't the first time that allegations of Chinese spying have been leveled against Chinese hardware manufacturers. U.S. intelligence agencies have long advised against mobile phones and telecommunications equipment made by Chinese manufacturers Huawei and ZTE, both of which have ties to the People's Liberation Army.⁵

Of course, many American consumer tech companies are close to their government, too. Both Amazon and Google have built technology for military facial recognition projects (although Google recently announced it would not continue.) Telecommunications companies like AT&T and Verizon were complicit in providing customer phone records to the government in fearful years after the World Trade Center attacks.⁶

But just because a company is close to a government doesn't mean it is beholden to it, let alone complicit in installing backdoors. For all their warnings about Huawei and ZTE, U.S. government agencies have never publicly provided evidence of any such backdoors. Is there no evidence? Or are they keeping the evidence secret?

To date, the only time the American public has seen government evidence of telecom backdoors is when Edward Snowden stole it off NSA computers and gave it to reporters. And in that case, of course, it was the NSA itself that was installing the hacks and doing the eavesdropping.

Whether or not the allegations against Supermicro and its suppliers are confirmed or discredited, public suspicion is rightfully high. The NSA was long ago caught red-handed doing on a small scale what the Chinese government is being accused of doing on a massive scale. Whether or not this case provides the evidence that the Chinese are following the NSA's lead, it would be foolish to assume they are not doing so.

Given that the U.S. Government hardly has clean hands, there is a limit to how much outrage it can credibly voice. The chickens are finally coming home to roost for the NSA's past misdeeds.

Notes:

1. Ars Technica, Photos of an NSA “Upgrade” Gactory Show Cisco Router Getting Implant, May 14, 2014

2. Bloomberg News, The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies, October 4, 2018

3. Bloomberg News, New Evidence of Hacked Supermicro Hardware Found in U.S. Telecom, October 9, 2018

4. Fast Company, Apple Hits Back Hard at Bloomberg over Chinese Spying Report, October 4, 2018

5. CBS News, Stay Away from Huawei, ZTE Phones, U.S. Intel Officials Tell Consumers, February 14, 2018

6. See Trolling Through Your Life below.

Related Web Columns:

Trolling Through Your Life
The Betrayal of Telecom Consumers, May 16, 2006

Choosing Your Targets, March 14, 2017