Earlier this fall, the United States issued reports and warnings that hackers with backing from the Chinese government and military pose serious cyber-threats to U.S.-based companies. It is not just American businesses that need to be wary of Chinese privacy and security breaches, however; American consumers should be concerned as well.
Recently, the U.S. Department of Homeland Security warned U.S. firms to be vigilant about potential cyber-threats from Chinese firms that either solely or with U.S. partners offer managed services, such as IT support for American companies that choose to outsource their IT needs. At the same time, the U.S. Computer Emergency Response Team (US-CERT), which provides disaster response and warnings about serious cybersecurity issues, published an alert that un-named countries are using cloud services to steal data and trade secrets from U.S. companies.
US-CERT did not identify the nation-states that were launching the attacks or the companies that were victimized, but China has long been known to be a sponsor of government- and military-backed hacks. US-CERT indicated that the cyber-attacks targeted information technology firms, health-care companies, telecommunications and Internet providers, and manufacturers—all entities that Chinese cyber-attacks have previously sought to undercut.
At the same time these warnings were being released, Bloomberg published a stunning investigation showing that Chinese hackers most likely backed by the Chinese government, inserted chips into network servers used by U.S. government entities—the Defense Department and CIA—and more than 30 major U.S. corporations. Despite significant pushback from some parties, Bloomberg stood by its story which found that the motherboards for the servers where the chips were found were built by a company bought by Amazon in 2015, but may have been in place before Amazon’s purchase.
Amazon is now one of the world’s largest cloud server providers, with extensive government and corporate clients worldwide. The chips enabled hackers to gain direct access to the networks that the servers helped to manage. In other words, the hackers had access to U.S. Navy and CIA data, as well as data for global banks and perhaps Apple. Such backdoor hacks are even showing up on Internet networking equipment, according to Bloomberg.
Beyond the potential for personal data theft from banks or employers, or even personal data stored by government agencies, such as the IRS or Health and Human Services, what does all this mean for consumers? That they need to be wary not only about how they connect to the Internet and the information they share, but also about what hardware they use to connect to the Internet, as consumers increasingly embed every facet of their life to the so-called Internet of Things (IoT).
Whether it’s in-home personal assistants offered by Amazon, Google, or Apple that listen to your every word and store all that data to serve you better, or “smart” tools like thermostats, home security systems and cameras, or e-health tools and monitors, or smart appliances, or tools that allow you to network your home with better Wi-Fi or broadband access, all of them have to store consumers’ data to function properly. And all of them, most likely, have to connect to cloud storage systems via the Internet.
Consider this: thousands of the motherboards like the ones produced for Amazon’s server company are produced by tech firms in Chinese cities you’ve never heard of like Guangzhou, a city in southeastern Chin or Shenzhen, the “Silicon Valley of Hardware,” and home to tech giants like Huawei or Tuya. These companies can produce IoT hardware—voice assistants to thermostats, in-home video cameras, and Wi-Fi extenders—for U.S. businesses in less than 90 days and at prices virtually any American consumer could afford. But it’s hardly unusual to find chips or software embedded in devices for U.S. purchase that transmit data back to Chinese servers or that provide back door access for hackers to U.S. networks.
There was a saying a few years ago in Silicon Valley that “data is the new oil.” While it’s true that data must be mined for value, it’s also true that where the data is located and secured to be mined can be just as important. Increasingly, American businesses and consumer companies are using cloud and data storage entities based in China or controlled by Chinese firms, many of which have close relationships with the Communist government and military.
China is looking for a technological—if not an overall economic and competitive—edge over the United States, and they are willing to do whatever it takes to achieve that end. China is becoming the go-to nation state for good quality computer chips for all sorts of products. We now are seeing why U.S. based companies leaning on Chinese-owned or managed data storage or data management not only puts U.S. innovation and strategic advantage at risk, but also consumers’ data.
As President Trump, his Commerce Department, and other trade advisers continue their dialogue with China on a new trade agreement, it’s time for the administration not only to talk tough on steel, autos, and agriculture. It’s time to talk tough on protecting America’s intellectual property from hackers, and to protect consumers’ data, too. Indeed, it’s long past the time to talk about it. It’s time to do something about it.
Photo Credit: STR/AFP/Getty Images