Reply to post: You'll never buy bullets from China

Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth?

Milton Silver badge

You'll never buy bullets from China

I agree it's impossible to be certain who is accurate/misled/mistaken/lying through their teeth. Unless you have actual knowledge of this event, first-hand, you are guessing.

But here's the thing: this is an obvious and highly effective means of espionage, for which a highly technicallly capable nation state, one which lacks checks and balances, and which is well motivated to spy upon foreign governments, militaries and corporations, and which is an ever-increasing source of computers and computing components to the rest of the world, is the perfect source. China, in short, has both powerful motive and ample means.

Consider that no one with serious security concerns brings a computing device back from China (or if they do, it's quarantined, stripped, analysed and then incinerated). Consider that China's spyware has been busy for many years siphoning data from western firms and governments. Consider that even consumer grade devices have been found 'phoning home' with personal data from their owners. If any nation could build the necessary hardware into a speck 100-μ on a side, no thicker than a hair, would you seriously bet against China's best? And bear in mind that China is desperate to become the world's next hyperpower, and that arguably only US technology and economic strength could stop them.

Add it all up, and whether the SuperMicro story is total bollox, or 100% true—it hardly matters: of bloody course the Chinese will be trying this kind of trick, and it would be frankly amazing if they haven't already succeeded here and there—and perhaps already on a large scale. How many devices get national security examination or Amazon/Apple level audit? How many ways, how many places, how many disguises could there be for a cleverly designed sequestration/exfiltration nanobug?

Off the cuff, I'd say that for the next few years this battle is already lost. Amazon will probably say anything to deny that its cloud has been compromised, but I remain confident in saying that if you trust vital data to anyone's cloud, you are a fool.

I said a while ago that in due course, nation states and their allies will bring in-house the manufacture of hardware and software for critical components and infrstructure. Expensive as it is, what choice can there be? Soon enough, computing components will be like ordnance. You may make missiles yourself, or you may buy them from the USA; but you'll never buy them from Russia. Or China.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019