TECHNOLOGYOct 5, 2018John McAfee
The discovery that a Chinese supplier for Supermicro - a U.S. company - had planted nearly invisible spy devices on computer boards ordered by SuperMicro, should come as no surprise to any competent Cybersecurity professional. Spies operating on behalf of Nation States have been using hardware and software hacks to infiltrate intelligence networks of other Nation States for more than 25 years. More recently, Nation States have been hacking products with the intent of spying on it's own citizens. Their means of choice for these hacks is to plant technologists within software and hardware companies as “Embedded Operatives”. Nothing could be easier.
Technology companies are generally starved for competent technologists and a talented applicant for a job opening is seldom turned away. It is no secret that there is a high probability that every major technology corporation is employing at least one, and more probably, dozens of these embedded operatives. Over time, as these operatives become trusted, they migrate into positions of authority or control to an extent that the hardware or software produced by these companies can be subtly modified without detection. No amount of oversight or monitoring can prevent this problem if the embedded operatives are clever enough, especially if they have arranged to work jointly on specific functions of the product. Discovery of these hacks is largely accidental, as occurred with SuperMicro.
It should also be no surprise that China should be the source of this accidental discovery. China manufactures 75% of the world's smart phones and more than 90% of the world's computers. Statistically, it would be a surprise if the first major discovery of this nearly universal hardware problem had been traced to the U.S., Russia or Europe.
In the area of software, this hacking problem is magnified by a number of issues. Software hacks are virtually invisible, and the complexity of software - orders of magnitude greater than hardware components - allows for greater flexibility in choosing means of insertion and access. It is a sticky problem.
Do not think that this is an isolated example. The chances of discovery of this hardware hack were unbelievably low. The problem went for years undetected before, by near accident it was discovered. Common sense should tell us, given the utter simplicity of inserting embedded operatives into technology companies, that virtually every electronic product that we use is most likely a spy device: built by a foreign nation, by our own government, by cartels, etc.
The irony in all this is that the hardware provided by China to a U.S. company was most certainly used by the U S. government at some point, with added software, as an attempted means of spying on China, and other countries. The twisted nature of this world predicament, will, I predict, reveal itself at an accelerating rate. It should be fun to watch.