The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies


#41

I would think just about any piece of electronic equipment you buy anywhere contains parts made in China, or have been assembled there.

Back to hand steering, with Aldis lamp and semaphore for communication?


#42

We can’t turn back the clock but we can start using US made chips and US assembled boards where security is at stake.


#43

Exactly. Ban computer components made in China, or any other hostile country. We can and should make them here.

Government systems and national infrastructure should be 100 percent US made in secure facilities.

US internet services should reject internet connections originating from China, North Korea, Russia, Iran, etc. It’s much harder for them to hack in, or meddle in elections if they cannot connect.


#44

Been there, done that with crypto machines back in the day. You also have to secure the distribution channel. Hugely expensive, and locks the Govt. into obsolescent technology. Would require a massive rethink on the part of everybody involved.

Cheers,

Earl


#45

If the adversary is even halfway competent, finding the “true” origin of a hostile connection in real time is essentially impossible to achieve.

Earl


#46

Which makes me wonder why even with the ability to do so they apparently didn’t try very hard to hide.
Producing our own hardware wouldn’t be a panacea but wouldn’t it at least provide a base level of security which we currently don’t appear to possess.


#47

Who are hostile to who?? At the rate you are going the countries that are seen as “hostile” to the US is likely to grow to include a lot more than China, North Korea, Russia, Iran, etc.

I believe it is possible to mask you origin pretty easily so the etc. would have to cover every country on the Internet Country Domain List, which even includes uninhabited Bouvet Island (.bv).

You may find yourselves somewhat isolate, though. Better to leave control of Internet to no one in particular, but make sure you are always “top dog”, like you do now:


#48

Yes, the fact that it was discovered suggests a relatively low level of competence (or desperation). Even when you get a tip from a collateral source (defector, etc.) it can take months and some very sophisticated equipment to uncover a “proper” job.

Cheers,

Earl


#49

More here:

Reuters

Note the careful wording of the official statements.

Cheers,

Earl


#50

Nothing to see here people, move along…


#51

Once again the hapless representative of the EU defending the PRC and their ruthless global grab and potentially devastating compromise of our defense, security, logistics and technology capabilities being equated with our clandestine activities necessary to survive a bit longer on planet earth. Is there something in the water in Norway which deprives humans of any sense of reason, and desire to survive, apparently so comrade. It is not your weak understanding of the English language but rather your weak grasp and appreciation of how lucky you are not to have been born in China or the former Soviet Union which is the problem.


#52

Concur. This is one point I would have to agree with Ombugge and that is the pursuit of blind profits via pure greed and unrestrained capitalism led us to the point where all our motherboards and technological manufacturing is being performed overseas and largely in the PRC. Apparently some believe protection of critical industries and technology, a policy we pursued at times since 1798 and for much of our history is selfish and foolish, not in keeping with a just and verdant worldview and hostile to the still communist, totalitarian and historically patient civilization seeking its proper and long overdue position in the world. We are to allow them to do so. Maybe we should; just to see the EU being turned into their slaves would almost be worth it.


#53

Pure glacial water from snow that fell 10000 years ago or more. As clear and pure as the thoughts of the people that lives there!! (Most of them at least)


#54

US Navy always hand steers. Most Naval auxiliary still do. ‘Visual communication’ of flags and lights came back last year when paranoia about other nations’ radio tracking and eavesdropping suddenly became a priority.


#55

Back to the future??


#56

Looks more and more like Bloomberg blew it:

Apple Letter to Congress

As usual with Ars, some good points raised in the comments.

Cheers,

Earl


#57

I did find it a bit unbelievable that China would spend millions on implanting spy chips in random mother boards and other electronic equipment at high cost, with high risk of being detected and without knowing where the equipment would eventually end up. How to keep such an operation secret?

That they would love to do so if they knew that they could disrupt strategic military equipment is obviously possible, but only if they knew where it was going and what they could do with their ability.

I obviously don’t know what these little chips “the size of a grain of sand” can do, or how much they cost to produce, but I found it far fetched from a start.

Meanwhile, the Bloomberg report has spread paranoia far and wide, apparently:


#58

One of the classic pitfalls in intelligence analysis is called “mirror imaging,” in which one assumes that the other side thinks like you do. In the case of China, this can be fatal.

The degree of corruption in China has been noted in the posting above. In the electronics world, there exist what are known as “ghost factories.” These are regular factories that can be bribed to allow party or parties unknown to run them off shift. So if (for example) the Ruritanian intelligence service wanted to run this op against (say) Elbonia, and they knew that the Elbonians used these boards, it is not beyond the realm of possibility that a Ruritarian agent greased the appropriate palms and had the boards made. The relatively crude nature of the attack is consistent with the target being an unsophisticated nation.

So there are a spectrum of possibilities, assuming the hoo-ha described by Bloomberg actually existed. One is a Chinese state-sponsored op against the US. The next one down is a Chinese state-tolerated organization, ditto. (The nature of these is outlined here , pg 50-51.) The third is a third-party op against a fourth party. The fourth is organized crime. And there’s always the possibility the story was planted by short sellers to hammer down the stock of the supplying corporation.

As I used to say to new hires to one of my organizations, “Welcome to the Wilderness of Mirrors.” :slight_smile:

Cheers,

Earl


#59

One would hope that Supermicro, Apple et al do due diligence on the vendors they buy from and do not get involved with backstreet sweat shops. (??)
But than again, who knows were the different components has been before reaching the assembly plant.


#60

Mirror imaging again. The phenomenon I described occurs in all but the very rare purely captive operations with full-time expat audit staffs. What you characterize as “backstreet sweat shops,” with the intimation of “lower class,” is in fact the norm. Why do you think that prices of this class of equipment are what they are?

Cheers,

Earl