Chip hack a sign of Chinese cyberthreats to US, officials say
The White House national security adviser said Chinese cyberattacks on the US validate the Trump administration’s emphasis on offensive cyber operations of its own, after Bloomberg News reported that Beijing had hacked American computer networks using a microchip built by its spies.
Separately, two Democratic lawmakers said the report shows the risk of Chinese cyberespionage to US companies and the government.
Shares of prominent Chinese hi-tech hardware makers crashed in Hong Kong a day after the Bloomberg report was published.
Lenovo Group’s shares fell 14 per cent to HK$5.10 in Hong Kong trading, headed for the steepest decline since February 4, 2014, when at least five brokerages downgraded its stock after the company announced US$5 billion of deals the previous month.
The Beijing-based personal computer maker said Super Micro Computer (Supermicro), whose servers the Bloomberg report described as being compromised by malicious chips inserted during production in China, is not a supplier “in any capacity” and that Lenovo takes “extensive steps to protect the ongoing integrity” of its supply chain.
ZTE Corp, China’s second-biggest telecommunications equipment maker, slumped 11 per cent to HK$12.66, the most since US lawmakers passed a bill in June to restore severe penalties on the company, which has since struck a deal to submit its operations to scrutiny by a US-appointed compliance monitor. The Shenzhen-based company declined to comment on Friday’s share price decline.
John Bolton, who leads the National Security Council, did not confirm whether the White House was aware of the Chinese hack before Bloomberg’s report. “I don’t want to address anything that might touch on specific intelligence questions,” he told reporters.
“But I will say the Chinese efforts to threaten us in cyberspace and across the information technology spectrum are a very high priority for us – countering them, establishing structures of deterrence to prevent China from even thinking about doing it, touches on the offensive cyber operations that the president has authorised,” Bolton said.
Bloomberg Businessweek reported on Thursday that Chinese spies exploited vulnerabilities in the US technology supply chain to infiltrate computer networks of almost 30 US companies, including Amazon.com, Apple, a major bank and government contractors. Among the targets was a contractor that made software to helped funnel drone footage to the CIA and communicate with the International Space Station.
Investigators found that tiny microchips, not much bigger than a grain of sand, had been inserted during manufacturing in China onto equipment made by subcontractors of Supermicro, one of the world’s biggest suppliers of server motherboards – the fibre-mounted clusters of chips and capacitors that act as neurons of data centres.
Investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines, according to people familiar with the matter.
In emailed statements, Amazon, Apple and Supermicro, as well as the Chinese government disputed summaries of Bloomberg’s reporting.
“The report that China sought to infiltrate the computer chip supply chain, if true, is deeply disturbing and the latest example of the lengths that Beijing will go to in order to steal America’s official and commercial secrets,” Representative Adam Schiff of California, the top Democrat on the House Intelligence Committee, said in a statement.
Schiff said the panel is “seeking further clarification from the Intelligence Community regarding this latest report and will be reaching out to the companies affected”. The committee’s chairman, Republican Devin Nunes of California, did not respond to a request for comment.
Senator Mark Warner of Virginia, the top Democrat on the Senate’s intelligence panel and a former technology executive, also expressed concern. The report “provides more evidence that China’s pattern of behaviour is a serious threat to national security and supply chain risk management”.
Representative Frank Pallone of New Jersey, the top Democrat on the House Energy and Commerce Committee, said the report “is deeply disturbing and Congress must investigate”.
“We must hear directly from the companies potentially affected by this devastating security breach to get a better understanding of what happened,” Pallone said.
The US government has long accused China of stealing American intellectual property through cyberespionage and other means, a charge that has ramped up since President Donald Trump took office promising to take on the Chinese government.
Earlier this year, a Commerce Department investigation Trump ordered into Chinese trading practices found that China had hacked into US businesses for commercial gain. The report referenced intelligence findings that took place during the administration of former President Barack Obama, and highlighted the ongoing nature of China’s hacking.
The investigation of the altered motherboards began during the Obama administration, people familiar with the matter said.
Trump himself has accused China of stealing US technology, and has recently ratcheted up his rhetoric toward Beijing. He has engaged in a trade war with the country, levelling tariffs on US$250 billion worth of Chinese imports and threatening more. China has responded with counter-tariffs on American products with particular political resonance, including agricultural goods.
“We have a tremendous problem with theft of intellectual property with China,” Trump said on Monday during a news conference to announce a new trade agreement with Canada and Mexico.
The Chinese government has denied allegations of state-sponsored hacking of US companies.