There is a novel titled Ghost Fleet written in 2015 that centers around the cause of WWIII being a supply chain sabotage wherein electronics and computers are compromised at their most basic level, enabling full control by a hostile force (in the book’s case, interestingly, China). The book was speculative fiction, however it was based on legitimate and existing theories that this could, in fact, actually happen.
Well, the future is now. According to a bombshell piece by Bloomberg there have been reports of Chinese spy chips embedded in the motherboards of servers used by over 30 United States companies including the Department of Defense and other top level government agencies.
These small chips, according to the article, are the size of the tip of a sharpened pencil. They are placed directly onto the hardware itself, sometimes even between fiberglass parts of the casing, and are extremely easy to miss on visual inspection. According to the reports, these chips were placed onto servers manufactured by San Jose’s Supermicro. Supermicro, although an American-based company, has its hardware made in Taiwan and China. According to the Bloomberg piece, the Chinese government compromised a few subcontracting factories in China near Shanghai. Plant owners were either bribed or threatened with plant-closing inspections to allow the chips to be placed onto the devices (it’s unclear if the plant owners knew what was happening or if they weren’t sure but were being threatened to give up control).
Using a hardware hack like this could bypass all software security measures, effectively enabling a “God Mode” inside target’s hardware. It’s almost impossible to defend against such a thing.
Two other top American companies that were reportedly affected by this rogue chip are Amazon and Apple, although in the Bloomberg article they both stated officially that this did not, in fact, occur. In a piece by Vice’s Motherboard, Matthew Green, a Johns Hopkins associate professor is quoted as tweeting, “There are two possible stories here, one is that there was an attack. The other is that a large swath of the National Security establishment is promoting the idea that there was an attack. Pick your poison.”
It’s a curious point that the article states two different stances on this: that it did happen according to anonymous security personnel, and did NOT happen according to Apple and Amazon. Interestingly, according to the article, Apple did not allow US Intelligence officials to see what they had discovered about the chip — they sealed it off internally. Amazon was more forthcoming with information. According to the article, an entire branch of Amazon’s AWS services in China were compromised by this chip. Amazon decided in the end to sell that entire branch to a Chinese company, ostensibly so as to have nothing to do with it and to not allow any hacked material to leak back to the United States or other Amazon properties.
Despite the denials by Amazon and Apple, the story raises a harrowing point: America is reliant on Chinese technology. Perhaps too much so. We do not have the means to replicate Chinese manufacturing domestically, and we are incredibly used to having cheap electronics. If Chinese manufacturing can’t be trusted, where do we go from here? It also brings up another point from my friend, which is that no information is safe.