Translated RadioFM4 Article: Hype about “Chinese Espionage Chips” stems from the Pentagon
[Editor’s note: This article was originally published on the web site of the FM4 radio channel of the Austrian Broadcasting Corporation. We have translated the text in order to make the content accessible for our English-speaking audience, because the author raises some important questions.]
In the FM4 fact check the sensational report by the business portal Bloomberg about manipulated hardware for cloud computing turns out to be almost completely fact-free. On Friday a long-awaited report from the Pentagon was released warning about electronics manufacturing in China.
In the US, the “Cyber Security Month” October has begun, related news come thick and fast. The documentary presented on Thursday about a Russian espionage attack that failed miserably was spectacular, but had already taken place in April. England, Holland and Canada have waited with this concerted action until charges were filed in the US – which happened also on Thursday.
This concerted cyber-strike was overshadowed by Bloomberg Business Week’s sensational report claiming that Apple, Amazon & Co.’s servers are infiltrated with Chinese espionage chips. Angry denials of Internet companies followed; in fact, the article contains not a single, tangible clue. One explanation for its release came on Friday, when the Pentagon released a long-awaited report targeting electronics manufacturing outsourced to China.
“US electronics industry disappears”
The report refers to Donald Trump’s Presidential Decree “Executive Order 13806”. It aims to secure the supply chain of all US government institutions and the military. Right at the beginning of its introduction, there’s already a clear warning that, given the current developments, entire industries in the US may soon disappear. The report paints a bleak picture of the decline in the production sector, of barely competitive supply companies, which have been hit hard by the economic policies of foreign competitors.
On the one hand, this is due to “collateral damage from globalization,” according to the report, but also to “targeted actions of major powers such as China.” In parallel with the decline of industrial production, essential skills and abilities of workers in the US are dwindling, such as, for example, “the soldering or manufacturing of computer components.” The focus of this Pentagon report is the electronics industry, which has been outsourcing its production facilities to China for the past two decades.
A Report without “when” and “where”
It’s well-known that not only the vast majority of smartphones for the entire world market is manufactured in China. What’s more, PCs are now predominantly made in China as well. The same is true for components for the server market of course, and that’s what the Bloomberg Business Week report is all about too: “The Big Hack – How China Used a Tiny Chip to Infiltrate US Firms.”
Naturally, this lurid title fits perfectly well with a study whose entire purpose it is to, at least partially, reclaim the US electronics industry outsourced to China and bring it back to the United States. What follows is a news story on the manipulation of Supermicro computer motherboards, which are installed in servers for cloud computing all around the world. It is portrayed as if such an incident has actually happened, but does not contain any information at all about “when and where”.
The same Scenario for 15 Years
Of course, such a scenario is possible. A tiny SMD [surface-mounted device] component could be integrated into the manufacturing process of the motherboard, which sits in front of the CPU, the main processor. It is also conceivable to slyly introduce damage code via this component to manipulate the CPU. And because this technical possibility certainly exists, this scenario is not new at all, but has been appearing in the media time and time again for, at least, the last 15 years.
In 2005, the acquisition of the PC division of IBM by the Chinese Lenovo Group, which had already previously manufactured and assembled the components for IBM notebooks, was blocked for months. Because, at that time, IBM supplied many US authorities and the military with notebooks and PCs, the intelligence complex intervened. Since then, this story, always citing anonymous, unspecific warnings from intelligence circles, regularly pops up in the news, most recently in regard to the Chinese manufacturers Huawei and ZTE.
For Example: Huawei and ZTE
Anonymous sources from the intelligence services had also warned against their hardware of the telecom sector for many years. But only in May 2018, all smartphones of these Chinese manufacturers were removed from the military stores and members of the US armed forces prohibited from using them. The rationale: The smartphones could contain hidden components allowing for the complete surveillance of users. However, in no case such a compromised port of the hardware could be further identified or found.
That’s the way it has been for 15 years and this case is really a protopypical example. Bloomberg mentions the manufacturer Supermicro, but not which series of motherboards are affected. An animation to show where these chips, “the size of a pencil tip”, are built in Supermicro motherboards is based on a symbolic photograph. In addition to two CPUs without any label there is a marked dot, that’s all. And if, let’s say, in the manufacturing process, instead of a simple pass-through capacitor for signal smoothing, a somewhat more intelligent micro component would be used, which incidentally has a few circuits and thus computing power – Well, what would happen?
Billions of Stock Market Value destroyed
The Bloomberg report also leaves this question unanswered. Of course, it is possible that a second part of the report will be published on this subject, which will provide the relevant facts that are completely lacking in the first one. For example, when did these hardware infiltrations happen? And were there any specific incidents after that? Bloomberg will have to present the facts about this – if there are any – because its story has caused enormous financial damage. The stock price of the motherboard manufacturer Supermicro was almost halved, about 500 million dollars in stock market value were lost.
As a result, even completely uninvolved hardware manufacturers from China faced huge loses at the stockmarket. Lenovo, for example, noted on Friday a minus of 15 percent. Several billion dollars of stock market value went down the big data stream altogether, although first Supermicro, then Amazon and Apple had denied the allegations in sharp terms. These denials were followed by yet another one, this one by Bloomberg itself, right at the bottom of the article: “Bloomberg LLP is also a Supermicro customer. According to a company spokesman, no evidence has been found that the hardware used by Bloomberg has such problems as described in the article. “
Epilogue and Outlook
The British National Cyber Security Center – part of the military intelligence service GCHQ – has sided with Apple and Amazon this weekend. One sees no reason for the assumption that the hardware inside the servers of these companies is compromised, they said. Why this Bloomberg story was published on the day when NATO, in a long-planned concerted action, went public, revealing the biggest embarrassment of the Russian foreign intelligence service GRU since the end of the Soviet Union, remains puzzling.