The Messy Truth About Infiltrating Computer Supply Chains

In October last year, Bloomberg Businessweek published an alarming story: Operatives working for China's People's Liberation Army had secretly implanted microchips into motherboards made in China and sold by U.S.-based Supermicro. While Bloomberg's story -- which has been challenged by numerous players -- may well be completely (or partly) wrong, the danger of China compromising hardware supply chains is very real, judging from classified intelligence documents, reports The Intercept. From the report: U.S. spy agencies were warned about the threat in stark terms nearly a decade ago and even assessed that China was adept at corrupting the software bundled closest to a computer's hardware at the factory, threatening some of the U.S. government's most sensitive machines, according to documents provided by National Security Agency whistleblower Edward Snowden. The documents also detail how the U.S. and its allies have themselves systematically targeted and subverted tech supply chains, with the NSA conducting its own such operations, including in China, in partnership with the CIA and other intelligence agencies. The documents also disclose supply chain operations by German and French intelligence.

What's clear is that supply chain attacks are a well-established, if underappreciated, method of surveillance -- and much work remains to be done to secure computing devices from this type of compromise. "An increasing number of actors are seeking the capability to target ... supply chains and other components of the U.S. information infrastructure," the intelligence community stated in a secret 2009 report. "Intelligence reporting provides only limited information on efforts to compromise supply chains, in large part because we do not have the access or technology in place necessary for reliable detection of such operations."

Re:Many parties are "guilty" here...

[Anne+Thwacks]

As a non-USian, I believe that the anti-China stories are mostly there because the NSA finds it harder to put its own Trojans in Chinese computers

Think about it: if every computer on the planet is streaming private material to China, what the hell would China do with all that data? And why would I care? its not like the Chinese are going to send me for re-education. OTOH, we can see what happens when the NSA comes after you.

Re:Well, whom does it serve?

[Narcocide]

Maybe you didn't consider the possibility that from China's standpoint, the US started it, and the only reason the US citizens aren't outraged about this is because they've been outright lied to by their own intelligence agencies gone rogue.

Truth following Fiction?

[McFortner]

This makes me think of the backstory to The War Against the Chtorr series by David Gerrold. After losing several devastating conflicts, the US is forced into giving up it's military might and provide reparations to other countries. Instead of money, it provides food and high tech goods, such as computers and electronics, making the world dependent on US technology. All of the ICs have Trojan Horses hardwired into them that are undetected, which can were used as kill switches. That comes in real handy when some of those countries decide to invade the US in order to "liberate" resources that they want.

Could something like this be used by China to cripple enemy economic and military might in a future conflict? We'd be fools not to consider this a very realistic possibility.

Intel Management Engine

[Nocturrne]

Closed firmware... How is there not a class action lawsuit against Intel for this?