'We Have No Way Of Addressing This': Ex-NSA Scientist Reacts To China Sneaking Microchips Into DoD Servers

Analysis

After an explosive Bloomberg report revealed that China was surreptitiously inserting small microchips into servers that later ended up being used by the Department of Defense, CIA, and many large American companies, an ex-NSA scientist warned there was "no way of addressing this risk" from a strategic standpoint.


"We can find a couple of them, but we're not gonna find the next generation version," said Dave Aitel, a former computer scientist for the National Security Agency now working as the Chief Security Technical Officer for Cyxtera. "That makes it very hard to trust computers in general."

U.S. government investigators found that servers assembled by American companies contained motherboards — made by Chinese subcontractors — with tiny microchips that could allow hackers to "create a stealth doorway into any network that included the altered machines," according to Bloomberg.

"They are literally in between the layers of the board," Aitel said, adding that in order to see it, "you would have to take a board, strip it down, and X-ray it" to find the suspect chip.

"That's just not a thing we should expect corporations to be able to do, even the biggest organizations."

The machines are found inside DoD data centers, on Navy warships, and at the CIA, the site reported.

The Pentagon declined to comment on whether the suspect chips were found on DoD networks, citing operational security reasons. Still, Department spokeswoman Heather Babb told Task & Purpose, the U.S. military "has policies in place to address software assurance and supply chain risk management, as well as established security standards to ensure all procured commercial products and services are rigorously inspected for security vulnerabilities. As threats within the cyberspace domain change, DOD looks for solutions that provide more capability."

"The protection of the National Security Innovation Base is a priority for the Department. Working closely with Congress and private industry, DOD is already advancing to elevate security within the supply chain," she added.

China isn't the only nation-state working to infiltrate hardware as a means to hack its enemies. The U.S. does much the same thing — intercepting network hardware and secretly installing beacons that call back to NSA — except it doesn't seem to get or can legally force the cooperation of the factory making the product.

China doesn't seem to have that problem.

"The question becomes can we move to a trusted supply chain or not?" Aitel asked. He added that "tin foil" hat thinking that foreign-made hardware should be treated as suspect isn't so conspiratorial after all.

Still, he did offer some more positive news: "The good news is we caught it, and we're on it," Aitel said. "That's actually phenomenally good news. That does send a message of deterrence. That does send a message that you can't get away with it."

President Barack Obama and Chinese President Xi Jinping agreed in 2015 that neither government would "conduct or knowingly support cyber-enabled theft of intellectual property" and said they would work together on other cybersecurity issues.

This latest disclosure of cyber-espionage adds fuel to the fire that China has clearly violated the agreement, which the Trump administration accused Beijing of doing earlier this year.

Aitel said it was more than likely that DoD and other governmental organizations were pulling the suspect servers if they haven't done so already. Still, the risk will likely remain as long as the hardware is not manufactured in the U.S.

This article has been updated with a statement from DoD.

Col. Nicholas Petren, 90th Security Forces Squadron commander, during the 90th SFS change of command ceremony July 6, 2018 in the Peacekeeper High Bay on F.E. Warren Air Force Base, Wyoming. (U.S. Air Force/Glenn S. Robertson)

Editor's Note: This article by Oriana Pawlyk originally appeared on Military.com, a leading source of news for the military and veteran community.

The Air Force has removed the commander of the 90th Security Forces Squadron at F. E. Warren Air Force Base, Wyoming, over a loss of confidence in his ability to maintain a healthy work environment.

Read More Show Less
(U.S. Navy/Mass Communication Specialist 3rd Class Tony Curtis)

Three sailors assigned to the USS George H. W. Bush have died by suicide in the last week, the Navy announced today.

Read More Show Less

BAGHDAD (Reuters) - Two rockets were fired on Monday at central Baghdad's fortified Green Zone, which houses foreign embassies and government buildings, but there were no casualties or damage caused, security services said.

There was no immediate claim of responsibility for the blasts. One rocket exploded inside the Green Zone and another landed in the Tigris river, a statement from Iraqi security services said.

Read More Show Less

An Alaska-based soldier will most likely have a few bucks taken out of next month's paycheck.

Just after midnight on Sunday, the off-duty soldier drove his truck straight into the welcome sign of Fort Wainwright in Fairbanks, Fort Wainwright spokeswoman Eve Baker said in a press release.

Read More Show Less

NEW YORK (Reuters) - The United States will likely move some troops to Poland from elsewhere in Europe, U.S. President Donald Trump said on Monday as he and Polish President Andrzej Duda met.

Read More Show Less