'We Have No Way Of Addressing This': Ex-NSA Scientist Reacts To China Sneaking Microchips Into DoD Servers

Analysis

After an explosive Bloomberg report revealed that China was surreptitiously inserting small microchips into servers that later ended up being used by the Department of Defense, CIA, and many large American companies, an ex-NSA scientist warned there was "no way of addressing this risk" from a strategic standpoint.


"We can find a couple of them, but we're not gonna find the next generation version," said Dave Aitel, a former computer scientist for the National Security Agency now working as the Chief Security Technical Officer for Cyxtera. "That makes it very hard to trust computers in general."

U.S. government investigators found that servers assembled by American companies contained motherboards — made by Chinese subcontractors — with tiny microchips that could allow hackers to "create a stealth doorway into any network that included the altered machines," according to Bloomberg.

"They are literally in between the layers of the board," Aitel said, adding that in order to see it, "you would have to take a board, strip it down, and X-ray it" to find the suspect chip.

"That's just not a thing we should expect corporations to be able to do, even the biggest organizations."

The machines are found inside DoD data centers, on Navy warships, and at the CIA, the site reported.

The Pentagon declined to comment on whether the suspect chips were found on DoD networks, citing operational security reasons. Still, Department spokeswoman Heather Babb told Task & Purpose, the U.S. military "has policies in place to address software assurance and supply chain risk management, as well as established security standards to ensure all procured commercial products and services are rigorously inspected for security vulnerabilities. As threats within the cyberspace domain change, DOD looks for solutions that provide more capability."

"The protection of the National Security Innovation Base is a priority for the Department. Working closely with Congress and private industry, DOD is already advancing to elevate security within the supply chain," she added.

China isn't the only nation-state working to infiltrate hardware as a means to hack its enemies. The U.S. does much the same thing — intercepting network hardware and secretly installing beacons that call back to NSA — except it doesn't seem to get or can legally force the cooperation of the factory making the product.

China doesn't seem to have that problem.

"The question becomes can we move to a trusted supply chain or not?" Aitel asked. He added that "tin foil" hat thinking that foreign-made hardware should be treated as suspect isn't so conspiratorial after all.

Still, he did offer some more positive news: "The good news is we caught it, and we're on it," Aitel said. "That's actually phenomenally good news. That does send a message of deterrence. That does send a message that you can't get away with it."

President Barack Obama and Chinese President Xi Jinping agreed in 2015 that neither government would "conduct or knowingly support cyber-enabled theft of intellectual property" and said they would work together on other cybersecurity issues.

This latest disclosure of cyber-espionage adds fuel to the fire that China has clearly violated the agreement, which the Trump administration accused Beijing of doing earlier this year.

Aitel said it was more than likely that DoD and other governmental organizations were pulling the suspect servers if they haven't done so already. Still, the risk will likely remain as long as the hardware is not manufactured in the U.S.

This article has been updated with a statement from DoD.

T-38 Talon training aircraft. (U.S. Air Force photo)

Two airmen from Vance Air Force Base, Oklahoma, were killed on Thursday when two T-38 Talon training aircraft crashed during training mission, according to a message posted on the base's Facebook age.

The two airmen's names are being withheld pending next of kin notification.

A total of four airmen were onboard the aircraft at the time of the incident, base officials had previously announced.

The medical conditions for the other two people involved in the crash was not immediately known.

An investigation will be launched to determine the cause of the crash.

Emergency responders from Vance Air Force Base are at the crash scene to treat casualties and help with recovery efforts.

Read the entire message below:

VANCE AIR FORCE BASE, Okla. – Two Vance Air Force Base Airmen were killed in an aircraft mishap at approximately 9:10 a.m. today.

At the time of the accident, the aircraft were performing a training mission.

Vance emergency response personnel are on scene to treat casualties and assist in recovery efforts.

Names of the deceased will be withheld pending next of kin notification.

A safety investigation team will investigate the incident.

Additional details will be provided as information becomes available. #VanceUpdates.

This is a breaking news story. It will be updated as more information is released.

The commander of the Marine Corps' Wounded Warrior Regiment has been relieved over a loss of "trust and confidence in his ability to lead" amid an investigation into his conduct, a Corps official told Task & Purpose on Thursday.

Col. Lawrence F. Miller was removed from his post on Thursday morning and replaced with his executive officer, Lt. Col. Larry Coleman, who will serve as interim commander of the Quantico, Virginia based unit.

Read More Show Less

President Donald Trump has nixed any effort by the Navy to excommunicate Eddie Gallagher from the SEAL community.

"The Navy will NOT be taking away Warfighter and Navy Seal Eddie Gallagher's Trident Pin," the president tweeted on Thursday. "This case was handled very badly from the beginning. Get back to business!"

Read More Show Less
Thanksgiving lunch is served at Fort McCoy on Nov. 15, 2017. (U.S. Army/ Staff Sgt. Jae Jung)

In an ideal world, Thanksgiving is spent at the dining room table, surrounded by beloved family, close friends, and good food. For U.S. service members, it's occasionally spent in the shit.

Read More Show Less
Photos: 1st Cavalry Division

The Army has identified the two soldiers killed in a helicopter crash in Afghanistan on Wednesday as 33-year-old Chief Warrant Officer 2 David C. Knadle, and 25-year-old Chief Warrant Officer 2 Kirk T. Fuchigami Jr.

Read More Show Less