By: Tessa Mears
China has infiltrated nearly 30 U.S. companies in its newest hacking scandal. This latest hack was completed with compromised Super Micro Computer, Inc. (“Supermicro”) motherboards—the largest supplier of motherboards in the world. The U.S. is no stranger to Chinese hacking. Some industry experts believe the first occurrences go as far back as 2003. Those attacks were done via cyber-attack: computer to computer.In recent years, Chinese hacking essentially vanished after September 2015 when President Barack Obama and Chinese leader Xi Jinping agreed to stop hacking commercial secrets. At the time, the U.S. viewed China as the “world’s most active and persistent perpetrator of economic espionage.”
Unfortunately, it appears that we cannot all get along for too long. Last week, new reports emerged of Chinese government, with connection to the People’s Liberation Army, hacking U.S. companies.
In 2015, Amazon began monitoring Elemental Technologies as a prospective acquisition and to help expand its streaming video service. Today, Amazon uses Elemental Technologies for Amazon Prime video. During its investigation, Amazon hired a third-party company to investigate Elemental Technologies’ security. Elemental Technologies sent motherboards made by Supermicro to Ontario, Canada to be tested. During its investigation, the third party found a small microchip—about the size of a grain of rice—that was not originally on the devices made by Supermicro. Amazon reported this to U.S. authorities.
The investigation revealed the chips were inserted during Supermicro’s manufacturing process in China by operatives from the People’s Liberation Army. Reports have also added Apple, another Supermicro user, to the list of companies affected by this microchip attack. It is important to note that both Apple and Amazon deny the attacks. However,six current and former senior national security officersstate that these microchip hacks did indeed occur. Supermicro’s representative has not provided comment on this incident yet.
Once inserted, the microchips allow the spies to create a secret passageway to any network. There are two ways to perform a chip hack. The first, known as interdiction, involves the manipulations of equipment that is in transit from manufacturer to customer. The second method requires making changes to the equipment from the device’s creation. The chips have the ability to contain very small amount of information, but they can alter the motherboard in two ways. (1) They can tell the device to communicate with an anonymous computer with more complex code somewhere else on the internet and (2) manipulate the device to accept that code. The result: the power to change how the device operates. A device that once required security safeguards to obtain access, could altogether circumvent the safeguards with the help of the remote code from the microchip.
Unlike the U.S., China’s technological and economic growth is state-run. The motivation for the Chinese government to hack U.S. networks is clear: to steal secrets and get ahead in the battle for worldwide technology supremacy. But why jeopardize positive U.S. relations for technological advance? Up until now, many believed that China would not risk its business relations with the U.S. While the answer is not perfectly clear, one major reason why China may have decided to do this now is the finalization of an immense restructuring of China’s military that began in late 2015. According to an expert from East Asia Recorded Future, a cyber-threat intelligence firm based in the U.S., the reorganization resulted in the coming together of multiple signals intelligence and cyber hacking units combined into one giant organization called the Strategic Support Force. China may have simply been secretly planning this hack and waiting for the right moment to strike.
This new microchip hack will undoubtedly have a myriad of consequences that only time will reveal. With so many U.S. companies manufacturing in China to cut down costs, this most recent hack could mean a pushback in doing business with China. With the cyber-attacks that the U.S. has been victim to before, U.S. companies needed to focus on managing its security firewall in order to defend themselves. Now, U.S. companies are faced with a difficult choice: either withdraw manufacturing in China or risk microchip hacks in favor of lower costs. The battle between the U.S. and China for the most cutting edge-technology is far from over. With evolving hacking technology widening the scope of potential attacks, it appears the U.S. versus China race for technological development has just begun.