Evidence has reportedly been found of China spying on more than 30 US companies, suggesting the anti-China rhetoric might be more than political posturing.
To date, little hard evidence has been displayed in the public domain regarding Chinese espionage, but that might be about to change. According to Bloomberg, a three-year old investigation has uncovered tiny microchips nestling on the motherboards of servers used not only in private corporations, but Department of Defense data centres, the CIA’s drone operations, and the onboard networks of Navy warships. These chips can be traced down the supply chain to a Chinese subcontractor used by SuperMicro.
While espionage has focused on locating and exploiting vulnerabilities in software in recent years, compromising hardware can be more effective. It is more difficult to do, but due to the life-cycle of these products, it can be longer until the issue is uncovered. Compromising hardware can be done in two ways; firstly, devices can be manipulated when on-transit between the supplier and the customer, or the nefarious activities can be conducted at the beginning of the manufacturing process. This is an example of the latter.
The microchips were first discovered after Amazon sought to acquire a company called Elemental. Elemental makes software for compressing massive video files and formatting them for different devices, but also provides expensive servers for customers installed on their sites to handle the video compression. These servers were assembled by SuperMicro, which in turn outsourced some processes to the Chinese subcontractor. These microchips allowed the controller to create stealth doorway into any network that had servers hooked up to it.
To conduct this sort of espionage is incredibly difficult. Not only does the microchip need to be small enough to avoid detection, and powerful enough to perform the desired actions, implanting the device would require an intimate knowledge of the products design. Considering how much of the worlds telecommunications manufacturing is done in China, the country is in an incredibly unique position to master the complex and intricate task. Sources states the microchips were inserted by operatives from a unit of the People’s Liberation Army, the armed forces of the People’s Republic of China and Communist Party of China.
Amazon has stated it had no knowledge of such a saga, though Bloomberg notes this is contradicted by its own sources. While the scale of such espionage activities are unknown for the moment, it is believed more than 30 companies could have been victims, including Apple which had planned to purchase servers from SuperMicro as part of the companies data centre expansion plans.
For the US government, this might just prove to be the justification it needs to chase Chinese companies off the shores. It has been battling to rid the country of Huawei and ZTE, though as little evidence has been released to the general public, a sceptic might suggest this was little more than anti-communist propaganda.
Unfortunately, this might simply compound the pressure which is being applied to China, instead of creating a resilient security framework. A whitepaper from the Rural Broadband Alliance entitled Domain5 suggests a supply chain can be compromised at any point and concentrating on one country might not be the best solution. Operatives are capable of infiltrating a manufacturing plant, in theory, irrelevant as to where it is, therefore concentrating too intently on one country might weaken the security protocols elsewhere.
This should not undermine what is perhaps the most damning evidence of Chinese espionage in recent years however. Various intelligence committees and sub-committees have pointed the finger of dodginess at China for years, though this is the most compelling evidence which we have seen.