Security News > 2021 > February > Chinese Supply-Chain Attack on Computer Systems
Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others.
China's exploitation of products made by Supermicro, as the U.S. company is known, has been under federal scrutiny for much of the past decade, according to 14 former law enforcement and intelligence officials familiar with the matter.
Mike Quinn, a cybersecurity executive who served in senior roles at Cisco Systems Inc. and Microsoft Corp., said he was briefed about added chips on Supermicro motherboards by officials from the U.S. Air Force.
Our phones, computers, software and cloud systems are touched by citizens of dozens of different countries, any one of whom could subvert them at the demand of their government.
This is what the former Deputy Director of National Intelligence Sue Gordon meant in April when she said about 5G, "You have to presume a dirty network." Or more precisely, can we solve this by building trustworthy systems out of untrustworthy parts?
It's also the philosophy behind much of the cybersecurity industry today: systems watching one another, looking for vulnerabilities and signs of attack.
News URL
https://www.schneier.com/blog/archives/2021/02/chinese-supply-chain-attack-on-computer-systems.html
Related news
- Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption (source)
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)