Oct 22 2008
Robert Eringer wrote an article posted to cryptome.org that covered the frequently suggested threat of trojaned chips installed into all manner of equipment made from Chinese parts or assembled in China. Manchurian Microchips is a cool name for them.
“It is there, deep inside your computer, if they decide to call it up,” the security chief of a multinational corporation told The Investigator. “It is capable of providing Chinese intelligence with everything stored on your system — on everyone’s system — from e-mail to documents. I call it Call Home Technology. It doesn’t mean to say they’re sucking data from everyone’s computer today, it means the Chinese think ahead — and they now have the potential to do it when it suits their purposes.”
This is pretty sensational stuff. Of course, we can’t completely discount this as a possibility. At present, the computer attacks on DoD, defense contractors, foreign governments and dissident groups that have been detected and attributed to China have used typical methods like exploits and social engineering. But maybe they are saving this capability for a special occasion.
In June 2007, a Pentagon computer network utilized by the U.S. defense secretary’s office was hacked into — and traced directly back to the Chinese PLA.
The previous statement isn’t entirely accurate. I don’t believe the Pentagon ever claimed to have traced the attack directly back to the PLA. I think everyone involved probably assumed that based on the type of information that was taken from the compromised computers.
The Chinese had specifically targeted Rolls-Royce and Shell Oil.
The attack on Rolls-Royce used social engineering emails with MS Office exploits. The exploits downloaded PC Share 2005. Nothing too sophisticated.
The author points out that all computers today are either assembled in China or manufactured with parts from China. The implication is that potentially all computers could have corrupt supply chains. This is probably far-fetched. If I were a hostile nation that supplies chips to computer manufacturers, I would probably only use it to permanently disable the computers instead of for intelligence collection. I would probably also target networking gear rather than computer workstations and servers. The investment in that capability would be too great to risk loosing to network detection. It would be better to use it as a way to instantly cripple an adversary’s information advantage.