Security News > 2021 > February > Chinese Supply-Chain Attack on Computer Systems
Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others.
China's exploitation of products made by Supermicro, as the U.S. company is known, has been under federal scrutiny for much of the past decade, according to 14 former law enforcement and intelligence officials familiar with the matter.
Mike Quinn, a cybersecurity executive who served in senior roles at Cisco Systems Inc. and Microsoft Corp., said he was briefed about added chips on Supermicro motherboards by officials from the U.S. Air Force.
Our phones, computers, software and cloud systems are touched by citizens of dozens of different countries, any one of whom could subvert them at the demand of their government.
This is what the former Deputy Director of National Intelligence Sue Gordon meant in April when she said about 5G, "You have to presume a dirty network." Or more precisely, can we solve this by building trustworthy systems out of untrustworthy parts?
It's also the philosophy behind much of the cybersecurity industry today: systems watching one another, looking for vulnerabilities and signs of attack.
News URL
https://www.schneier.com/blog/archives/2021/02/chinese-supply-chain-attack-on-computer-systems.html
Related news
- Revival Hijack supply-chain attack threatens 22,000 PyPI packages (source)
- New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- Australian Police conducted supply chain attack on criminal collaborationware (source)
- Israel’s Pager Attacks and Supply Chain Vulnerabilities (source)