'We Have No Way Of Addressing This': Ex-NSA Scientist Reacts To China Sneaking Microchips Into DoD Servers

Analysis

After an explosive Bloomberg report revealed that China was surreptitiously inserting small microchips into servers that later ended up being used by the Department of Defense, CIA, and many large American companies, an ex-NSA scientist warned there was "no way of addressing this risk" from a strategic standpoint.


"We can find a couple of them, but we're not gonna find the next generation version," said Dave Aitel, a former computer scientist for the National Security Agency now working as the Chief Security Technical Officer for Cyxtera. "That makes it very hard to trust computers in general."

U.S. government investigators found that servers assembled by American companies contained motherboards — made by Chinese subcontractors — with tiny microchips that could allow hackers to "create a stealth doorway into any network that included the altered machines," according to Bloomberg.

"They are literally in between the layers of the board," Aitel said, adding that in order to see it, "you would have to take a board, strip it down, and X-ray it" to find the suspect chip.

"That's just not a thing we should expect corporations to be able to do, even the biggest organizations."

The machines are found inside DoD data centers, on Navy warships, and at the CIA, the site reported.

The Pentagon declined to comment on whether the suspect chips were found on DoD networks, citing operational security reasons. Still, Department spokeswoman Heather Babb told Task & Purpose, the U.S. military "has policies in place to address software assurance and supply chain risk management, as well as established security standards to ensure all procured commercial products and services are rigorously inspected for security vulnerabilities. As threats within the cyberspace domain change, DOD looks for solutions that provide more capability."

"The protection of the National Security Innovation Base is a priority for the Department. Working closely with Congress and private industry, DOD is already advancing to elevate security within the supply chain," she added.

China isn't the only nation-state working to infiltrate hardware as a means to hack its enemies. The U.S. does much the same thing — intercepting network hardware and secretly installing beacons that call back to NSA — except it doesn't seem to get or can legally force the cooperation of the factory making the product.

China doesn't seem to have that problem.

"The question becomes can we move to a trusted supply chain or not?" Aitel asked. He added that "tin foil" hat thinking that foreign-made hardware should be treated as suspect isn't so conspiratorial after all.

Still, he did offer some more positive news: "The good news is we caught it, and we're on it," Aitel said. "That's actually phenomenally good news. That does send a message of deterrence. That does send a message that you can't get away with it."

President Barack Obama and Chinese President Xi Jinping agreed in 2015 that neither government would "conduct or knowingly support cyber-enabled theft of intellectual property" and said they would work together on other cybersecurity issues.

This latest disclosure of cyber-espionage adds fuel to the fire that China has clearly violated the agreement, which the Trump administration accused Beijing of doing earlier this year.

Aitel said it was more than likely that DoD and other governmental organizations were pulling the suspect servers if they haven't done so already. Still, the risk will likely remain as long as the hardware is not manufactured in the U.S.

This article has been updated with a statement from DoD.

An Oregon Air National Guard F-15C Eagle that made an emergency landing on Wednesday ditched its entire arsenal of live air-to-air missiles before touching down at Portland International Airport, The War Zone reports.

Read More Show Less

Several hundred U.S. troops will remain in Syria after allied forces clear ISIS fighters out of their last stronghold in the country, officials said on Friday.

President Donald Trump announced in December that he would withdraw all U.S. troops from Syria, but Sen. Lindsey Graham has since made a strong push to keep a small residual force along the Turkish border along with troops from European allies.

Read More Show Less
Chris Osman (Photo: _chris_osman_designs/Instagram)

The former Navy SEAL among a group of eight men arrested earlier this week in Port-au-Prince on weapons charges says he was providing security work "for people who are directly connected to the current President" of Haiti.

"We were being used as pawns in a public fight between him and the current Prime Minister of Haiti," said Chris Osman, 44, in a post on Instagram Friday. "We were not released we were in fact rescued."

Read More Show Less
Former Secretary of Defense James N. Mattis (DoD photo)

A Richland, Washington city councilman thinks native son Jim Mattis would make a terrific governor or even president.

Read More Show Less

It's a photo for the ages: a Marine NCO, a Greek god in his dress blues, catches the eye of a lovely young woman as her boyfriend urges her on in distress. It's the photographic ancestor of the much-loved "distracted boyfriend" stock photo meme, made even sweeter by the fact that this is clearly a sailor about to lose his girl to a Devil Dog.

Well, this photo and the Marine in it, which hopscotched around Marine Corps Facebook and Instagram pages before skyrocketing to the front page of Reddit on Thursday, are very real.

The photo shows then-Staff Sgt. Louis A. Capozzoli — and he is absolutely not on his way to steal your girl.

Read More Show Less