China Used Tiny Chip in Hack That Infiltrated U.S. Companies
Comment of the Day

October 05 2018

Commentary by Eoin Treacy

China Used Tiny Chip in Hack That Infiltrated U.S. Companies

This article by Jordan Robertson and Michael Riley for Bloomberg may be of interest to subscribers. Here is a section:

A notable exception was AWS’s data centers inside China, which were filled with Supermicro-built servers, according to two people with knowledge of AWS’s operations there. Mindful of the Elemental findings, Amazon’s security team conducted its own investigation into AWS’s Beijing facilities and found altered motherboards there as well, including more sophisticated designs than they’d previously encountered. In one case, the malicious chips were thin enough that they’d been embedded between the layers of fiberglass onto which the other components were attached, according to one person who saw pictures of the chips. That generation of chips was smaller than a sharpened pencil tip, the person says. (Amazon denies that AWS knew of servers found in China containing malicious chips.)


One Friday in late September 2015, President Barack Obama and Chinese President Xi Jinping appeared together at the White House for an hourlong press conference headlined by a landmark deal on cybersecurity. After months of negotiations, the U.S. had extracted from China a grand promise: It would no longer support the theft by hackers of U.S. intellectual property to benefit Chinese companies. Left out of those pronouncements, according to a person familiar with discussions among senior officials across the U.S. government, was the White House’s deep concern that China was willing to offer this concession because it was already developing far more advanced and surreptitious forms of hacking founded on its near monopoly of the technology supply chain.

In the weeks after the agreement was announced, the U.S. government quietly raised the alarm with several dozen tech executives and investors at a small, invite-only meeting in McLean, Va., organized by the Pentagon. According to someone who was present, Defense Department officials briefed the technologists on a recent attack and asked them to think about creating commercial products that could detect hardware implants. Attendees weren’t told the name of the hardware maker involved, but it was clear to at least some in the room that it was Supermicro, the person says.

The problem under discussion wasn’t just technological. It spoke to decisions made decades ago to send advanced production work to Southeast Asia. In the intervening years, low-cost Chinese manufacturing had come to underpin the business models of many of America’s largest technology companies. Early on, Apple, for instance, made many of its most sophisticated electronics domestically. Then in 1992, it closed a state-of-the-art plant for motherboard and computer assembly in Fremont, Calif., and sent much of that work overseas.

Over the decades, the security of the supply chain became an article of faith despite repeated warnings by Western officials. A belief formed that China was unlikely to jeopardize its position as workshop to the world by letting its spies meddle in its factories. That left the decision about where to build commercial systems resting largely on where capacity was greatest and cheapest. “You end up with a classic Satan’s bargain,” one former U.S. official says. “You can have less supply than you want and guarantee it’s secure, or you can have the supply you need, but there will be risk. Every organization has accepted the second proposition.”

Eoin Treacy's view

China aspires to global domination and the Communist Party is willing to deal, cajole, bribe, beg, borrow and steal to get what it wants. The Belt and Road Initiative is a big part of that. Whereas attempting to create a domestic semiconductor sector is major part of the Made In China 2025. The interruption of the supply chain for the global chip manufacturing sector has been underway for years and is only now becoming public. It represents further evidence that there is no lower limit to what China is willing to do to achieve its goals.

This is a topic that senior executives at both Apple and Amazon will have been discussing since at least 2015. Amazon’s web services business is where it generates just about all of its profits so consumers are now going to want to see assurances there is some delineation between the servers it uses in China and those handling sensitive information at home and that those servers have been purged of the Chinese government’s chips.

The share is back testing the lower side of a one-month range and a break down to new reaction lows would increase potential for a reversion towards the mean.

China’s evolving export market for consumer electronics is likely to be the primary victim of this disclosure. Lenovo has been on a recovery trajectory but experienced a clear downward dynamic today amid questions

Sooner or later companies are going to have to face up to the reality that a contract is only as good as the counterparty you sign it with. The situation the global manufacturing supply chain is now faced with is how to resolve the liar’s paradox. The only logical solution unless they are willing to turn over every trade secret they have to China is to exit the market. That’s not particularly palatable but it was the original reason Google pulled out of the country, despite its recent enthusiasm about re-entering.

The Nasdaq-100 is working on a downside weekly key reversal suggesting at least a reversion back toward the mean is underway.

The Philadelphia Semiconductors Index has evolving top formation characteristics.

Back to top

You need to be logged in to comment.

New members registration