The Long Hack: How China Exploited a U.S. Tech Supplier
Posted February 12, 2021
- For years, U.S. investigators found tampering in products made by Super Micro Computer Inc. The company says it was never told. Neither was the public.
- In 2010, the U.S. Department of Defense found thousands of its computer servers sending military network data to China—the result of code hidden in chips that handled the machines’ startup process.
- In 2014, Intel Corp. discovered that an elite Chinese hacking group breached its network through a single server that downloaded malware from a supplier’s update site.
- And in 2015, the Federal Bureau of Investigation warned multiple companies that Chinese operatives had concealed an extra chip loaded with backdoor code in one manufacturer’s servers.
- Each of these distinct attacks had two things in common: China and Super Micro Computer Inc., a computer hardware maker in San Jose, California. They shared one other trait; U.S. spymasters discovered the manipulations but kept them largely secret as they tried to counter each one and learn more about China’s capabilities.
- “Supermicro is the perfect illustration of how susceptible American companies are to potential nefarious tampering of any products they choose to have manufactured in China,” said Tabb, who was the executive assistant director of the FBI’s national security branch from 2018 until he retired in January 2020. “It’s an example of the worst-case scenario if you don’t have complete supervision over where your devices are manufactured.”
- “If you think this story has been about only one company, you’re missing the point,” said Frank Figliuzzi, who was the FBI’s assistant director for counterintelligence until 2012. “This is a ‘don’t let this happen to you’ moment for anyone in the tech sector supply chain.”
– Jordan Robertson and Michael Riley | February 12, 2021