Everybody Does It: The Messy Truth About Infiltrating Computer Supply Chains
Key Excerpts from Article on Website of The Intercept
Posted: March 6th, 2022
Bloomberg Businessweek published an alarming story: Operatives working for China’s People’s Liberation Army had secretly implanted microchips into motherboards made in China and sold by U.S.-based Supermicro. This allegedly gave Chinese spies clandestine access to servers belonging to over 30 American companies, including Apple, Amazon, and various government suppliers, in an operation known as a “supply chain attack,” in which malicious hardware or software is inserted into products before they are shipped to surveillance targets. U.S. spy agencies ... assessed that China was adept at corrupting the software bundled closest to a computer’s hardware at the factory, threatening some of the U.S. government’s most sensitive machines, according to documents provided by National Security Agency whistleblower Edward Snowden. The documents also detail how the U.S. and its allies have themselves systematically targeted and subverted tech supply chains, with the NSA conducting its own such operations, including in China, in partnership with the CIA and other intelligence agencies. The documents also disclose supply chain operations by German and French intelligence. Computer hardware can be altered at various points along the supply chain, from design to manufacturing to storage to shipment. The U.S. is among the small number of countries that could, in theory, compromise devices at many different points in this pipeline, thanks to its resources and geographic reach.