Senate Panel to Probe Cyber Vulnerabilities to U.S. Supply Chain Amid Reports of Chinese Hacks

Bloomberg reported hackers infiltrated major tech companies Apple, Amazon

Chinese flag
Getty Images
October 18, 2018

The Senate Armed Services Committee will investigate cyber vulnerabilities to America's technology supply chain amid reports that Chinese hackers infiltrated U.S. companies, including Apple and Amazon, according to the office of chairman Jim Inhofe (R., Okla.).

Plans for an upcoming committee inquiry follow calls on Congress by a nonprofit coalition critical of Amazon to examine reports that the web company's cloud computing systems were hacked by China.

In a letter sent Wednesday to Inhofe and Senate Intelligence Committee chairman Richard Burr (R., N.C.), the Free & Fair Markets Initiative, a self-described coalition of businesses, consumer advocacy groups, workers, and community activists, urged the senators to investigate details from a Bloomberg report that China infiltrated Amazon.

Bloomberg contends in a series of reports that Chinese intelligence services used subcontractors over a two-year span to plant malicious chips in server motherboards sold by Super Micro to major U.S. tech companies, including Apple and Amazon. Super Micro, Apple, and Amazon have all disputed the report's findings.

Inhofe spokeswoman Leacy Burke told the Washington Free Beacon the senator "has long been concerned" that the United States isn't "doing enough to protect industrial suppliers and weapons systems from cyber threats."

"As we face more and more targeted cyberattacks from foreign governments—especially China—the [Senate Armed Services] Committee will take a comprehensive look in the coming weeks at how we can better evaluate, blunt, and respond to these diverse threats," Burke said in an email.

The Free & Fair Markets Initiative wrote in its letter that the reported breech of Amazon raises concerns over its bid to be the sole provider of cloud services for a multiyear, multi-billion dollar Pentagon cloud-computing project called JEDI, or Joint Enterprise Defense Infrastructure. Amazon is battling Microsoft for the $10 billion contract.

"Numerous cybersecurity experts have called into question the security of having a single provider protecting these troves of sensitive national defense secrets," the coalition wrote. "In the wake of an alleged hack of this scale, the immense vulnerabilities with this winner-take-all contract design—particularly being awarded to a company with an alarming history of breaches—are abundantly clear."

Super Micro, based in San Jose, California, is one of the world's largest suppliers of server systems in the world. According to Bloomberg, the company came under federal scrutiny when a contractor that made software to help send drone footage to the CIA and International Space Station detected a breach of its computer systems.

An FBI counter-intelligence probe into the hack found that microchips had been inserted onto equipment made by subcontractors of Super Micro during manufacturing in China. The chips enabled hackers to create an opening into any network using the compromised servers, national security officials familiar with the investigation told Bloomberg.

The Bloomberg report has drawn bipartisan, bicameral attention from Congress.

Rep. Greg Walden (R., Ore.), who chairs the House Energy and Commerce Committee, told the Free Beacon he and ranking member Frank Pallone (D., N.J.) are closely examining the report's claims. The two are pursuing legislation that would address the national security risks to the supply chains of U.S. telecommunications companies.

Last week, Sens. Marco Rubio (R., Fla.) and Richard Blumenthal (D., Conn.) sent a letter to Super Micro CEO Charles Liang asking if the company had ever detected tampering with its products and whether it investigated its supply chain after Apple found compromised firmware in February 2017.

"If this news report is accurate, the potential infiltration of Chinese backdoors could provide a foothold for adversaries and competitors to engage in commercial espionage and launch destructive cyber attacks," Rubio and Blumenthal wrote.

Published under: China , Cyber Security