T-Mobile/Sprint merger finds a new enemy in mysterious lobby group

A new non-profit organization called ‘Protect America’s Wireless’ has emerged, seemingly with the sole objective of hurling spanners at the T-Mobile US and Sprint merger.

Details on the group are relatively thin at the moment, it was only founded last month, though a press call introducing the group and its mission statement on the website both seem to give the same message; the T-Mobile US and Sprint merger will be bad for the national security of the US.

“We must protect our networks from foreign spying,” the team announces on the websites homepage. “Our greatest concern is the pending Sprint T-Mobile merger, which could give countries like Saudi Arabia, China, Germany, and Japan direct access to our networks through the use of foreign-made networking equipment and billions of foreign money. We call on President Trump, Congress, and the FCC to protect American national security by denying these foreign interests access to America’s wireless communications.”

On the press call, David Wade, Founder of Greenlight Strategies, suggested a merger of the two telcos would open up the US to a Chinese ecosystem, while also suggesting any business working closely with Chinese vendors would effectively handover data to the Chinese government. While it is true Sprint owner Softbank has collaborated closely with Huawei and ZTE in the 5G R&D journey, this seems to be taking the conspiracy theory up another level. Deutsche Telekom, parent company of T-Mobile US, also has ties to Chinese vendors, but there aren’t many telcos who don’t.

The theory here is a merger between the two telcos would be bad for national security, effectively handing China a key to the backdoor. There have certainly been objections from a competition perspective, but this is the first we’ve seen with this angle. It’s difficult not to be suspicious about who the puppet master actually is.

Interestingly enough, the group has declined to discuss where funding is emerging from. As a 501c4 non-profit, the team do not have to disclose funding or ownership details, though they are permitted to attempt to influence politics as long as it isn’t their main area of focus. While the groups attempt to tackle US security is a thinly veiled attempt to demonstrate ‘social welfare’, as long as the group isn’t spending more than half of its funds on political-related activities, it can continue to operate half-hidden by shadows.

Finding out who is funding this organization is key to figure out what the angle is and whether this is yet another example of propaganda, though it is not necessarily a simple task. 501c4 non-profits have to complete a Form 990 for the IRS, on which any donations above $5,000 have to be disclosed. Unfortunately, due to the efficiency of the IRS, there is usually a 12-18 month lag on this information being made publicly available.

Until the influencers and donors of this group have been identified, this could be a very dangerous source of misinformation. Statements being made might very well be true, but without transparency it would be safe to be suspicious.

DHS and GCHQ join the China spy BS brigade

The Department of Homeland Security (DHS) has stated it, and the UK’s National Cyber Security Centre, are supporting industry denials regarding malicious microchips installed on hardware by China.

Last week Bloomberg unveiled a weighty report which pointed the finger at the Chinese government for an in-depth and delicate espionage campaign which would have shaken the telco industry’s global supply chain. By allegedly compromising motherboards produced by Super Micro, the security protocols and trade secrets of more than 900 companies have been directly compromised. Who knows how wide the web could spread when you look at the indirect implications, partners who use the infected networks or collateral damage.

While the claims have been refuted by all the parties involved, including Apple and AWS, and despite confidence from the DHS and the National Cyber Security Centre, a division of GCHQ, without a denial from the body likely to be conducting the supposed investigation, the CIA, or a flat-out rejection from the White House, there is still an air of possibility.

“Like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story,” a statement from the Department of Homeland Security reads. “Information and communications technology supply chain security is core to DHS’s cybersecurity mission and we are committed to the security and integrity of the technology on which Americans and others around the world increasingly rely.”

The initial report is a damning one. According to Bloomberg, Chinese agents infiltrated subcontractors of Super Micro operations in Shanghai, or coerced the managers of these facilities, to gain access to the motherboards. A microchip, smaller than a grain of rice, was placed on the hardware, before it was shipped onto customers to be incorporated into servers. Elemental, now an AWS company, was supposedly one of the customers who used the motherboards, as was Apple, a major US bank, the US Navy and the CIA, who used Elemental servers for drone missions. The information which would be available is staggering.

All parties involved have denied finding any malicious microchips on hardware, and also being aware of or aiding in any investigation led by US intelligence services. With the DHS and GCHQ also stating they have no reason to doubt the statements of denials, the chorus of disapproval is getting louder. That said, there is still an element of doubt.

Bloomberg is one of the most trusted and professional news sources on the planet, with a pedigree for unveiling worrying truths which have been deemed unsuitable for the general public. The report, which was researched and written over months, points to a total of seventeen sources. One source might have been suspect, two or three might have been dubious, but seventeen individuals confirming the same story suggests there is at least an element of truth to the claims.

Ultimately we doubt there will be anything the companies or government can do to completely remove the element of distrust. The claim of nefarious actors and activity has been raised, and now there will always be a heightened suspicion. A concrete rejection of the claims from the White House and the US intelligence services would set the ball rolling, but don’t expect that any time soon. This saga conveniently supports the anti-China rhetoric being fuelled by the US government; why would it want to do anything to discredit the help Bloomberg is giving it?

Amazon, Supermicro and Apple call BS on Chinese spying sting – someone is lying

Amazon, Supermicro and Apple have released statements denying they have ever found any malicious microchips on their hardware calling into questions the validity of Chinese espionage claims.

Yesterday Bloomberg pulled back the curtain on an apparent three year-old US government into one of the most intrusive and intricate espionage campaigns, fuelled by the Chinese government. Should the claims be proven true, it would certainly add weight to the political paranoia which has been whipping the anti-China rhetoric into a frenzy, though the major players have denied all knowledge of the malicious microchips and the resulting investigation.

“As we shared with Bloomberg BusinessWeek multiple times over the last couple months, this is untrue,” said Steve Schmidt, Chief Information Security Officer at Amazon. “At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems. Nor have we engaged in an investigation with the government.”

“Supermicro has never found any malicious chips, nor been informed by any customer that such chips have been found,” Supermicro said in a statement. “The manufacture of motherboards in China is not unique to Supermicro and is a standard industry practice. Nearly all systems providers use the same contract manufacturers.”

“Over the course of the past year, Bloomberg has contacted us multiple times with claims, sometimes vague and sometimes elaborate, of an alleged security incident at Apple,” an Apple statement reads. “Each time, we have conducted rigorous internal investigations based on their inquiries and each time we have found absolutely no evidence to support any of them. We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg’s story relating to Apple.”

While the entire saga is now a bit hazy, one thing is clear, someone is lying and misleading the general public.

Would China compromise ‘Workshop of the World’ position?

It is not difficult to believe the Chinese government would conduct such campaigns. It is generally accepted the Chinese government monitors the activities and communications of its own citizens, therefore it is not a huge stretch of the imagination to believe it would do so for foreign countries. But, would the Chinese government put its valuable position as the ‘Workshop of the World’?

With roughly 75% of smartphones and 90% of PCs manufactured in the country, any accusations of espionage would certainly force companies to reassess their supply chain. What company would buy hardware if they knew the potential for data breaches? It would be commercial suicide. China surely knows this, but it depends on what it places more importance on; securing intelligence from foreign governments and multinational corporations, or maintaining stability for a very lucrative industry for the country.

This is not to say they wouldn’t, but it would have to accept it would be sacrificing an important and profitable role in the global supply chain, one which it has worked hard to dominate.

Amazon, Supermicro and Apple clearly have a lot to lose

Another denial here is nothing which should come as a surprise. Should there have been a confirmation, the trio would haemorrhage customers.

Amazon AWS’ government business is a big earner, but how many would trust the services if there was a threat of espionage. The same could be said of corporate clients who are incredibly protective of trade secrets. Supermicro manufactures motherboards for more than 900 customers around the world, clearly this would be incredibly damaging to its reputation. For Apple, and Amazon as well, the PR damage for the consumer business could be a disaster. Consumers would be very wary, which combined with the high-prices Apple tends to charge, could possibly turn the public to other brands.

Each company has a lot to lose by admitting it has been compromised. There was of course going to be a denial, especially considering this investigation has not been confirmed by the government. If it does turn out to be true, the trio can simply state they were under non-disclosure agreements and a denial was necessary for national security, even if it was a lie.

A convenient revelation for the US government

Just as President Trump is going on the offensive against the Chinese government with tariffs and company bans, the story emerges. To say it is convenient timing is somewhat of an understatement.

Just last month, Trump upped the ante on the Chinese trade war by introducing tariffs on another $200 billion of imports. This adds to the initial $50 billion which was announced earlier in the year. With the price of imports increasing, and the option of domestic manufacture more expensive, the price of certain consumer goods will soon begin to rise. Trump will soon need to justify to US citizens why it is important to swallow these price increases, and an espionage scandal would certainly fit the bill.

Another interesting aspect is on the 5G side of things. With Huawei banned from any meaningful deployment or contracts, the risk is reduced competition which could potential lead to increased prices and slower deployment. Ghost stories about the naughty Chinese will only get the government so far, Trump will soon need a concrete reason for banning Huawei and ZTE from the fray. The malicious microchips provide justification here as well.

Not everyone can be right

Right now the validity of the claims is hazy. There are of course strong arguments for all, some suggesting they are telling the truth and some as evidence of lies, but right now, who knows.

With the intelligence community and the White House remaining quiet, rumours will continue to swirl. Until this confirmation or denial for the investigation is unveiled, the conspiracy theorists will be typing away. Of course, a confirmation or denial will not stop the conspiracy theorists, but it will at least provide some clarity for the rest of us.

Maybe the Chinese espionage rhetoric is more than political hot air

Evidence has reportedly been found of China spying on more than 30 US companies, suggesting the anti-China rhetoric might be more than political posturing.

To date, little hard evidence has been displayed in the public domain regarding Chinese espionage, but that might be about to change. According to Bloomberg, a three-year old investigation has uncovered tiny microchips nestling on the motherboards of servers used not only in private corporations, but Department of Defense data centres, the CIA’s drone operations, and the onboard networks of Navy warships. These chips can be traced down the supply chain to a Chinese subcontractor used by SuperMicro.

While espionage has focused on locating and exploiting vulnerabilities in software in recent years, compromising hardware can be more effective. It is more difficult to do, but due to the life-cycle of these products, it can be longer until the issue is uncovered. Compromising hardware can be done in two ways; firstly, devices can be manipulated when on-transit between the supplier and the customer, or the nefarious activities can be conducted at the beginning of the manufacturing process. This is an example of the latter.

The microchips were first discovered after Amazon sought to acquire a company called Elemental. Elemental makes software for compressing massive video files and formatting them for different devices, but also provides expensive servers for customers installed on their sites to handle the video compression. These servers were assembled by SuperMicro, which in turn outsourced some processes to the Chinese subcontractor. These microchips allowed the controller to create stealth doorway into any network that had servers hooked up to it.

To conduct this sort of espionage is incredibly difficult. Not only does the microchip need to be small enough to avoid detection, and powerful enough to perform the desired actions, implanting the device would require an intimate knowledge of the products design. Considering how much of the worlds telecommunications manufacturing is done in China, the country is in an incredibly unique position to master the complex and intricate task. Sources states the microchips were inserted by operatives from a unit of the People’s Liberation Army, the armed forces of the People’s Republic of China and Communist Party of China.

Amazon has stated it had no knowledge of such a saga, though Bloomberg notes this is contradicted by its own sources. While the scale of such espionage activities are unknown for the moment, it is believed more than 30 companies could have been victims, including Apple which had planned to purchase servers from SuperMicro as part of the companies data centre expansion plans.

For the US government, this might just prove to be the justification it needs to chase Chinese companies off the shores. It has been battling to rid the country of Huawei and ZTE, though as little evidence has been released to the general public, a sceptic might suggest this was little more than anti-communist propaganda.

Unfortunately, this might simply compound the pressure which is being applied to China, instead of creating a resilient security framework. A whitepaper from the Rural Broadband Alliance entitled Domain5 suggests a supply chain can be compromised at any point and concentrating on one country might not be the best solution. Operatives are capable of infiltrating a manufacturing plant, in theory, irrelevant as to where it is, therefore concentrating too intently on one country might weaken the security protocols elsewhere.

This should not undermine what is perhaps the most damning evidence of Chinese espionage in recent years however. Various intelligence committees and sub-committees have pointed the finger of dodginess at China for years, though this is the most compelling evidence which we have seen.