Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

Report: China Used Computer Chips to Spy on American P.C. Systems

Monday, February 15, 2021

Categories: ASCF News Emerging Threats Cyber Security

Comments: 0

A Friday report from Bloomberg News revealed China was able to spy on American computer systems for a decade by supplying compromised chips to Super Micro Computer Inc. (Supermicro), one of America’s leading motherboard providers.

According to the report, U.S. intelligence agencies were aware of this wide-reaching Chinese espionage program but did not warn either Supermicro or its customers, because they prioritized monitoring China’s surveillance techniques and developing countermeasures against them.

The lengthy Bloomberg report documented the known history of the Chinese espionage scheme, which took advantage of Supermicro’s reliance upon global supply chains to obtain chips for its motherboards at low prices.

“Supermicro is the perfect illustration of how susceptible American companies are to potential nefarious tampering of any products they choose to have manufactured in China. It’s an example of the worst-case scenario if you don’t have complete supervision over where your devices are manufactured,” former FBI official Jay Tabb told Bloomberg.

“The Chinese government has been doing this for a long time, and companies need to be aware that China is doing this, and Silicon Valley in particular needs to quit pretending that this isn’t happening,” he added.

Most of Bloomberg’s other sources for the story were anonymous — over 50 sources in total, both government and private — and the reporters said they were able to back up many of the details they provided with corporate documentation.

Supermicro nevertheless dismissed the Bloomberg report as “a mishmash of disparate and inaccurate allegations” that “draws farfetched conclusions,” arguing government agencies would not continue to purchase Supermicro products if so many federal agencies were convinced China is manipulating the company’s motherboards to conduct espionage.

Bloomberg found quite a few government and private security experts who claimed the government investigated and monitored the presence of malicious chips on Supermicro boards for years. None of them seemed to think Supermicro itself was to blame for any of the malicious activity.

To put it simply, the espionage cases described in the Bloomberg report involve additional chips filled with spyware surreptitiously added to computer boards by Chinese suppliers. The malicious chips quietly transmit data from the compromised computers to servers in China.

Computers from several manufacturers have been compromised with these added chips but, according to Bloomberg’s sources, the Chinese cyber-espionage network was especially vigorous about sabotaging Supermicro boards. Some of the chip-based surveillance was superficial, mapping out network topographies and skimming superficial information instead of attempting to pilfer user data.

Early investigators who became aware of these tactics wondered if the spy chips could be setting networks up for more vigorous hacking expeditions later, or preparing them for sabotage in the event of a conflict between the U.S. and China. According to the report, U.S. intelligence officials decided to keep quiet about the discovery of the spy chips — which were extremely advanced and very difficult to detect — and continue monitoring them, to study their behavior and prepare defensive strategies.

Bloomberg has reported on chip-level spyware penetration in the past, but the new report indicates it was far more widespread than previously believed — the report chronicles dozens of incidents affecting thousands of computers, from 2008 to the present day. 

A key point is that government agencies and private security agencies have responded in many different ways to the discovery of these Chinese spy chips, leading to highly variable policies and public statements. Some agency sources speak as if the penetration of Supermicro boards is an open secret within the cyberintelligence community; others insist there are no major security issues with Supermicro products and continue purchasing them for numerous purposes; still others buy computer systems with Supermicro components for some purposes, but restrict them from the most highly sensitive projects. 

Some corporate customers say they have been warned about security flaws in certain Supermicro products, and from other companies that do business with Chinese suppliers, while others say they have never been made aware of any such issues. The list of public and private officials who refused to comment when contacted by Bloomberg reporters was as long as the list of sources who did provide information for the story.

Photo: Jay_Zynism/Getty Images

Link: https://www.breitbart.com/national-security/2021/02/12/report-china-used-computer-chips-spy-american-pc-systems/

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.