Testing of Chinese motherboards led to an interesting discovery:
Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.
During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.
At one level, Bravo and well done.
But good Lord, I hope we ripped out those motherboards or used knowledge of them to slip bad information back to China on less important systems isolated from the rest.
This threat is far broader than my worry about sending self-targeting aircraft carriers into battle. But was I really so paranoid to raise the issue a dozen years ago and since then?
UPDATE: The United States government says the problem described is overblown. Or at least that the US has no reason to doubt the statements of the companies said to be penetrated by the tactic that they have not been affected.
This is not to say that there isn't a problem, I hasten to add. Or did we get lucky enough (or are we good enough) to have stopped the ploy before it got up and running?
