Chinese spies used a microchip to infiltrate 30+ American tech giants… here’s what you need to know

hardware attach

Last week, Bloomberg Businessweek dropped the bombshell of all bombshells when it comes to cybersecurity. Everyone knows hackers are an ever-present danger in our digital lives — whether its phishing attacks, DDoS attacks, WiFi attacks, whatever —  we’re always having to be on the lookout for suspicious activity throughout our digital lives. But a legit and systemic hardware attack? That’s another can of worms altogether. And it looks like Chinese spies accomplished just that.

What’s the story and how’d they do it?

I highly, highly recommend you read the full Bloomberg story, but to summarize: China is in a unique position to infiltrate computer hardware because so many major tech company’s supply chains rely so heavily on the country’s hi-tech manufacturing. One such company is Super Micro Computer, Inc., aka Supermicro, which is based out of San Jose and is one of the largest suppliers of server motherboards on Earth. And, to make matters worse, you can find Supermicro motherboards in servers for Amazon Web Services, Apple, “Department of Defense data centers to process drone and surveillance-camera footage, on Navy warships to transmit feeds of airborne missions, and inside government buildings to enable secure videoconferencing,” according to the article.

The reporter details what the U.S. intelligence community claims was a years-long effort in the making by which agents of the People’s Liberation Army cozied up to a manufacturing subcontractor(s) in order to seed the machines with a malicious, microscopic chip that would allow “the attackers to create a stealth doorway into any network that included the altered machines.”

The impact could be devastating.

“This attack was something graver than the software-based incidents the world has grown accustomed to seeing,” the article reads. “Hardware hacks are more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get.”

So, sure—it’s bad for Apple, Amazon and the U.S. government… but what does it mean for me and my business?

The problem with network effects? When things go bad, they go bad for a lot of people, and fast. We all love cloud server providers like AWS that prevent us from having to build and host our own servers. We love automating backup to these servers. We love API integrations that rely on these servers. They make our lives easier, our products better, our bills cheaper. But they also can ruin everything if they’re compromised on a systemic scale. And unlike a software/malware problem, a hardware problem could literally infect every single machine on Amazon’s network… which is a massive portion of the interconnected digital world.

Now, I’m by no means saying every machine on AWS has been infected. That’d be pretty damn hard to accomplish at such a massive scale. But it undergirds my point nonetheless — every business in this country probably touches Supermicro hardware in some form or fashion. And it’s absolutely critical that you have your cybersecurity buttoned up, your backups on point and your hardware inspected in light of this threat.

These exact moments are why we exist as a company. It’s really hard to stay on top of this stuff all the time! We get it. You’ve got enough headaches running a business to worry about spy-novel kinda stuff like seed chip infiltrations on a motherboard subcontractor in China. But these threats are real and they’re out there. We live for these moments because we do what’s necessary to protect you, your data and your bottom line so you can stay focused on, you know, actually generating that bottom line!