China is spying on US firms using power cords

Taiwan server suppliers move off mainland at US customers' request
By LAULY LI and CHENG TING-FANG

TAIPEI -- U.S. technology companies, concerned that server power cords and plugs could be used by China to access sensitive data, have asked Taiwanese suppliers to shift production of these components out of the mainland.
Lite-On Technology, whose customers include Dell EMC, HP and IBM, is building a new factory in Taiwan to manufacture power components for servers at the request of American clients that cited cyberespionage risks from Beijing, according to one executive.
Quanta Computer, which supplies servers and data centers to U.S. tech companies including Google and Facebook, has shifted production to Taiwan and elsewhere, citing security as one of the reasons, an executive told the Nikkei Asian Review.
"Cybersecurity, tariffs and geopolitical risks are the three main factors" propelling the decision by Quanta and its clients to move production, the executive said.
The drive by U.S. information technology companies to eradicate security threats is reaching even the most mundane of components. 

Some face pressure to source these components outside of China, despite the higher production cost.
"Unlike many other Taiwanese tech manufacturers diversifying their production away from China to avoid Washington's tariffs on Chinese goods, the top priority [for Lite-On's new plant] is addressing U.S. clients' security concerns," said the Lite-On executive who has direct knowledge of the company's plan. 

The executive declined to name these clients.
Cybersecurity experts confirmed that such a risk is legitimate.
"It is totally reasonable for U.S. companies to have such concerns because, technically, it is doable and not difficult for hackers to use the power supply system or power cords to retrieve data stored in servers," Tien Chin-wei, deputy director at the Taipei-based Cybersecurity Technology Institute, told the Nikkei Asian Review.
In servers, the data warehouses of the digital economy, the structure of the power supply system is more complicated than in ordinary consumer electronic devices like smartphones or notebooks. 

This makes it difficult to detect whether unwanted chips have been implanted in the power supply during production, cybersecurity experts said.
"If the server is compromised and the chip implanted in the power supply system is activated, the power lines could serve as a covert channel to transmit data," Philippe Lin, senior threat researcher at cybersecurity company Trend Micro, told Nikkei.
Besides common targets such as servers, data centers or large telecommunications infrastructure, these attacks also could occur against personal electronic devices, the experts said. 

Free charging cable provided by public spaces in China accessed smartphone data if individuals plugged in the fast-charging cable.
Lite-On supplies power components and power supply systems used in various electronics from smartphones and notebooks to servers and data centers. 

The company's power supply systems and parts often are shipped to manufacturers like Quanta, Wistron, or Inventec for final assembly into servers.
Lite-On's American customers had been alarmed by reports from Bloomberg Businessweek last year revealing that Beijing implanted tiny chips into the data center supply chains of U.S. tech companies, the executive with the Taiwanese manufacturer said.
"The American clients want to elevate their security measures, and they also do not want to upset the Trump administration," the Lite-On executive said.
The company is investing about 10 billion New Taiwan dollars ($324 million) to construct the new facility and research center in the southern Taiwanese city of Kaohsiung, which was previously planned to make electronic components for automobiles. 

Lite-On confirmed that the focus of the facility now is to produce server power parts to address American clients' need for higher security standards. 

The facility is scheduled to begin pilot operations in June.
Major server and data center manufacturers such as Quanta, Inventec and Wistron began shifting production to Taiwan and overseas sites last year, mainly to cope with Washington's additional tariff on networking-related components and devices. 

But now some are moving off the mainland as a result of these security concerns.
However, cybersecurity experts said that simply moving production out of China will not remove all risks, as there always will be ways to manipulate the production process regardless of the location.
"Every interface between components, or between motherboards and power supply systems could be a loophole for malicious implants," the Cybersecurity Technology Institute's Tien said. 

"You can only reduce or manage the risks, but it is not possible to entirely eliminate the threats."

China pencil-tip spy chip's ultimate market risk: The profits built on big tech's low-cost global supply chain

• China slipped pencil tip–size spy chips into computer hardware made by an Amazon and Apple supplier, Super Micro, which itself relied on subcontractors in China.
• The biggest U.S. tech companies have led the stock market based on profit models that rely on manufacturing of components in China.
• Famed hedge fund manager David Einhorn said he sold all of his Apple stock on fears of more Chinese retaliation to the trade war.

By Edward McKinley

A report on Thursday that the Chinese government snuck a pencil tip–size spy chip into equipment from an Amazon and Apple component supplier called Super Micro was explosive, but experts say it isn't surprising: U.S. technology CEOs have been concerned about the risk of Chinese cyberespionage for years.
Bloomberg reported that the tiny pieces in American products were manufactured in China and then brought back to the United States, allowing the Chinese government to access secret information from major American tech corporations.
Apple, Amazon, Super Micro and the Chinese government each categorically denied the allegations in the Bloomberg story, but experts say the headline may influence an already tense trade war between the United States and China, at a time when President Donald Trump is broadening a definition of national security to stress the importance of domestic manufacturing.

Visitors walking past stands, including the Super Micro booth, during the Computex Taipei 2014 expo in Taiwan, June 3, 2014.

"It's just another chapter in the book of cybersecurity worries that have come from China," said Dan Ives, managing director of equity research for Wedbush Securities. 

"And I think it keeps a lot of U.S. tech CEOs up at night."
The risks to U.S. tech companies from Chinese cyberespionage have accelerated. 

Tech companies from both countries have been pitted against one another, as an enormous amount of American technology is produced in China due to the cheap costs, Ives said, and competition over who will cash in on the technology of tomorrow — in particular, artificial intelligence — is extremely fierce. 

Security concerns are virtually promised to be an issue for many years to come.
Tom Kellermann, chief cybersecurity officer of the security firm Carbon Black and the former commissioner of Barack Obama's cybersecurity council, told NBC News on Thursday that the Bloomberg article is a small example of China's larger efforts to spy on and disrupt U.S. businesses.
Kellermann said his firm has tracked a threefold increase in destructive cyberattacks coming from China, pushing it past Russia over the summer to be the most active adversary targeting U.S. companies.
Apple, the most profitable company in the world and the first to reach a $1 trillion market cap, like many technology companies has built its business model around a complex global supply chain that includes Chinese manufacturers.
"Look, this is a game of high-stakes poker between the U.S. and China, and this is just another card that's been dealt in this game," Ives said. 

"Wall Street believes the story has credibility, and it has fanned the flames of worry around China hacking the U.S. tech giants, which have a clear bulls-eye on their back, given this threat environment."

"This is a tough situation, because big corporations are never going to admit it. It would be more surprising if the Chinese didn't try to do something like this than if they did."

Derek Scissors, resident scholar and China expert, American Enterprise Institute.

'A tough situation'
China and the United States have competed for years economically, and China is expected to pass the United States in GDP in the coming years to become the world's largest economy. 

An escalating trade war is being fought between the two countries as President Trump wants to eliminate America's trade deficit. 

Further fueling the feud is a deep divide between how China and the United States think about the relationships between government, national security and economic security, said Derek Scissors, resident scholar and China expert at the conservative think tank American Enterprise Institute.
Scissors said he couldn't vouch for the specific details in the Bloomberg report, but it is consistent with the general concerns he has been hearing about for some time. 

"This is a tough situation, because big corporations are never going to admit it," he said, adding, 

"It would be more surprising if the Chinese didn't try to do something like this than if they did."
The American Enterprise Institute China expert said he spoke with administration officials in November 2016 during discussions about the start of an investigation of China's policies for tech transfer and intellectual property, called a Section 301 investigation, and attendees specifically brought up the threat of China using the supply chain to steal trade secrets from American tech companies or importers. 

Chinese trade-secret theft is not new, he said, but the methods outlined in the Bloomberg piece are, though it makes sense, as Chinese methods are growing more complex over time.
"The fundamental clash here between the U.S. and China comes from the fact that China is not a market economy," Scissors said.
The United States draws a sharp distinction between government and business interests, and its people are often deeply skeptical of Uncle Sam interfering with corporations. 

Historically, Scissors said, the United States has looked at national and economic security as separate domains, and there's no incentive or even mechanism by which the government would take action to help American businesses or hurt foreign competitors.
"We've always thought if you're spying on their government or their military, that's normal, but spying on their companies — oh, that's cheating," Scissors said.
For China, on the other hand, anything goes.
"Their government works hand in hand with their companies all the time," he said. 

"That's absolutely standard practice in China, and it would be bizarre if they didn't do that."

Specific examples of China spying on U.S. companies rarely become public knowledge, because corporations are worried if they acknowledge them, it will hurt their stock prices, Scissors said, adding that even so, this kind of thing happens regularly.
Shares of Super Micro, which has been trading as an over-the-counter stock since it was delisted in late August for failing to file financial reports, were down by close to 50 percent on Thursday. 

Apple and Amazon were both down sharply on Thursday, though their losses came amid a broad U.S. tech sector sell-off of around 2 percent, and higher Treasury yields were cited as a reason for a risk-off day in the stock market. 

J.P. Morgan released a report predicting a full-on trade war between the U.S. and China was its base-case scenario for 2019, though it predicted dire consequences for China's stock market.
Tech stocks continued to lead stock losses on Friday in another down day for the markets as rates ticked up again. 

Famed hedge fund manager David Einhorn said on Friday that he'd sold all of his Apple stock based on fears China would retaliate more against U.S. as a result of the trade war.
Because of the ties between Chinese government and the country's businesses, the world's most populous country sees no difference between what's good for Chinese businesses and what's in the interest of Chinese national security, Scissors said. 

China sets out to damage foreign corporations not because they're American, but just because they're competing against Chinese companies. 

Using the military or intelligence services to spy on private companies is totally acceptable in their view. 

Furthermore, many Chinese people are deeply suspicious of the United States and think imported American products already spy on them, so many see it as just desserts.
America's longstanding norms of separation seem to be thawing, as the Trump administration is inching toward China's approach by slapping tariffs on foreign steel and cars saying it is in America's national security interest.

Either way, the U.S. is still nowhere close to China's total singularity of the two domains, he added.
Within the past two years, the Trump administration also has been preceding on several fronts specifically to protect against Chinese technology threats, with multiple investigations about Chinese intellectual property abuses through the Committee on Foreign Investment in the U.S., known as CFIUS, and at the highest levels of U.S. government, warnings have been issued to American consumers about buying smartphones from two of China's largest cell phone makers, ZTE and Huawei.
The threat that ZTE, viewed by some skeptics as an arm of the Chinese government, could build key future telecom infrastructure in the U.S. has been a concern for years. 

ZTE was on the verge of bankruptcy earlier this year based on U.S. policy moves to bar it from the market, until Trump personally stepped in to alleviate some pressure. 

The Trump administration blocked a merger between Broadcom and Qualcomm, citing national security and the companies' role in the rollout of key 5G telecom technology.
"So yes. We have taken a step in China's direction, and people complain about that both here and around the world, but there's a giant gap remaining," Scissors said. 

"The CIA and military are absolutely not going to take action to spy on Chinese companies for the sake of American companies. But the Chinese absolutely are."

How the US will respond
Experts expect responses to come from two levels: the government in the short run and businesses in the long run.
For the government, "This is a ready-made excuse on a platter to say, 'We need to do X' because look at the terrible things the Chinese are doing," Scissors said. 

"If the president gets angry, we could have more tariffs tomorrow, but I don't think we'll see that before the midterms."
"The thing is, you're running out of space to hurt the Chinese economically without hurting the U.S., too. You can hurt the Chinese more, but the thing is people don't vote on that. They don't say, 'Well, he hurt me economically but he hurt the Chinese more,'" Scissors said.
On Thursday night Vice President Mike Pence delivered a highly critical speech about China and its efforts to undermine President Trump, which immediately led to recriminations from Chinese officials.
There are two non-tariff steps that Scissor thinks are likely instead. 

The first addresses the problem externally by imposing export controls on American businesses that work in China, which is a "very obvious response to this event," while the second works domestically.
"There will be people who want to throw a lot of Chinese workers and students out of the country. I'm not saying that's going to happen, I'm definitely not saying it's a good thing, but there's people in the administration that want to do that, and I think this just made it more likely."
Besides government action, Ives said, tech companies are also likely to take action to protect themselves.
The cost of manufacturing in China is so much less than in the United States that companies are forced to deal with the risk of espionage, Ives said, but as the cyber risk grows, it may change the calculus.
"The whole food chain is built on that premise, and that's what makes it so much more complex than moving a facility from Beijing to Middle America," Ives said. 

"In the near term that's almost an impossibility that it would shift, but over the medium term you'll actually see more manufacturing in the U.S. as a result of a concerted effort," Ives said.
As the cyberespionage fight heats up and President Trump's trade war looks likely to increase, there seems to be no doubt that the world's two largest economies have more conflict to come.
"If you look at U.S. and China tech and then throw 5G in it — look, it's going to be like an MMA battle in the coming years," Ives said.

Cyberespionage Experts Want to Know Who’s Exposing China’s Hacking Army

Group called Intrusion Truth has published information online about Chinese hacking campaigns
By Robert McMillan

A round of finger-pointing has erupted in the cybersleuth community over who is behind the effort to expose Chinese hacking.

The world’s cybersleuths are investigating a new mystery: Who is behind an anonymous effort to expose China’s hacker army?
An anonymous group calling itself Intrusion Truth in August published a blog post about one of the most prolific suspected China-linked hacking groups tracked by cybersecurity researchers. 

It was the latest in a series of online messages and blog posts dating back to May 2017 that outlined two Chinese hacking campaigns, including providing the names of suspected hackers. 

Separately, two of those named were later charged by U.S. authorities.
Security researchers say they don’t know who is behind Intrusion Truth. 

The group’s method of anonymously dumping information and targeting a foreign intelligence agency is something new, they say, and exposing illegal activity could up the pressure on Chinese companies cooperating with state-sponsored hacking efforts.
U.S. officials and security researchers have linked Chinese hackers for years to government-backed computer intrusions into U.S. companies. 

Intrusion Truth’s anonymity might itself be a clue to its identity. 

Some large corporations and security companies that employ researchers who track China’s hackers might be reluctant to release findings for fear of reprisals from China’s government, said Ben Read, who manages cyberespionage investigations at FireEye Inc.
Intrusion Truth named individual culprits—unusual in the world of nation-state hacking research—posted photographs, dug up hackers’ places of work and even revealed Uber receipts that appeared to link the individuals to particular addresses in China.
That is the kind of expert sleuthing few people would have the language skills, tools and research abilities to pull off, said Thomas Rid, a professor at Johns Hopkins University.
“It’s somebody who is professional,” he said, “somebody who knows what they’re doing.”
A round of finger-pointing has erupted in the cybersleuth community over who is behind Intrusion Truth. 

One theory is the group may work for a corporate victim of Chinese hackers.
“There are a whole load of people accusing each other,” one researcher said. 

He said he has received multiple messages asking whether he is part of Intrusion Truth.
Intrusion Truth has published dozens of messages to Twitter and more than a dozen posts to the blog site Medium over the past 16 months.
In them, it has posted evidence linking Chinese companies to a China-backed hacking group known as APT 3 and another known as APT 10, or Stone Panda, shedding light on the continued threat of Chinese hacking.
“APT 10 is one of the most active groups we track,” said Mr. Read. 

The group has hacked companies in Japan and Europe, and has targeted entities in the U.S., he said.
Intrusion Truth also has zeroed in on several Chinese companies, alleging they are linked to government-backed hacking campaigns.
“We are focusing our efforts on determining whether these are just ‘companies that hack,’ or would they be better described as fronts enabling the Chinese state to employ hackers who can later be scapegoated as criminals?” Intrusion Truth said in a Twitter message in August.

Early last year, the group said two employees of Guangdong Bo Yu Information Technology Co., known as Boyusec, were part of APT 3. 

Six months later, U.S. authorities indicted the men—Wu Yingzhuo and Dong Hao—saying they were involved in APT 3 computer intrusions at Moody’s Analytics and the German engineering company Siemens AG .
Wu and Dong couldn’t be reached for comment. 

Representatives from Boyusec, which dissolved before the indictments were unsealed, couldn’t be reached.
Intrusion Truth didn’t respond to messages seeking comment. 

In late August, the group said its aim is to make Chinese hackers “think twice about their illegal online activities,” according to Motherboard.
Intrusion Truth linked internet domains and email addresses associated with websites used by APT 10 to two other Chinese companies, Tianjin Huaying Haitai Science and Technology Development Co. and Laoying Baichaun Instruments Equipment Co.
A woman answering a number listed for Huaying Haitai hung up when asked for comment. 

Laoying Baichaun couldn’t be reached.
Typically, Intrusion Truth posts data that could be uncovered online or via research tools used by professional threat analysts. 

The APT 10 evidence, though, included material that would have been harder to obtain: copies of Uber receipts belonging to an employee who had worked at the two companies.
Intrusion Truth says these receipts show travel by this person to a building operated by China’s intelligence agency. 

The agency doesn’t accept media inquiries.
CrowdStrike Inc., which tracks Chinese hacking campaigns, in late August published a blog post agreeing with much of what Intrusion Truth had reported on APT 10.
“The information they have access to goes way beyond what we would have access to,” said Adam Meyers, an executive with the cybersecurity firm.

Chinese Cyberespionage

Australia Bans Huawei From Building 5G Wireless Network
By Raymond Zhong

BEIJING — Cyberespionage concerns surrounding Huawei have kept the Chinese technology giant out of the United States. 

Now it has cost the company lucractive business in another country: Australia.

The Australian government had barred it and another rogue Chinese company, ZTE, from providing equipment to support the country’s new telecommunications networks. 

Mobile carriers around the world have been preparing to build infrastructure using fifth-generation, or 5G, wireless technology, which promises to enable the ultrafast communications necessary for technologies such as self-driving cars.
On Twitter, Huawei called the decision an “extremely disappointing result for consumers.” 

A ZTE spokeswoman declined to comment.
Huawei, one of the world’s largest makers of telecom gear and smartphones, already sells equipment to major Australian telecom carriers. 

In a statement on Thursday, two Australian ministers indicated that the government would move to exclude certain equipment vendors from the nation’s 5G networks. 

Companies that “are  subject to extrajudicial directions from a foreign government” pose unacceptable security risks, the ministers said.
One of those ministers, Scott Morrison, is challenging Australia’s prime minister, Malcolm Turnbull, for leadership of the country.
Neither Huawei nor ZTE were specifically named in the Australian statement. 

But the two companies’ ties to Beijing have long been cited by United States officials to justify keeping them out of American mobile networks.

Large American wireless carriers have for years shunned both its and ZTE’s equipment.
With such concerns about Chinese technology continuing to spread globally, it seems increasingly unlikely that the tech cold war between China and the United States will be reconciled quickly.
More and more, the two economic powerhouses view the race to develop key technologies, 5G wireless included, in strategic as well as commercial terms. 

Both have stood up for their own national tech champions. 

And they have each sought to kneecap the other’s.
ZTE was nearly driven out of business earlier this year after the United States Department of Commerce barred American firms from selling components to the company. 

The sanctions, imposed as punishment for illegal sales made by ZTE in Iran and North Korea, were later lifted to help defuse tensions between President Trump and Chinese dictator Xi Jinping.
Even Chinese firms’ research partnerships with universities in the United States and Canada have come under scrutiny. 

In June, a group of Washington lawmakers wrote to Betsy DeVos, the education secretary, calling for a review of American universities’ collaborations with Huawei.