China's theft of US intellectual property

Lawmakers press for answers about China's supply chain hack
By Derek Hawkins

Sen. Marco Rubio (R-Fla.) on Capitol Hill in Washington on Aug. 2. 

Lawmakers are prying into a controversial report that Chinese spies installed surveillance microchips in servers used by Apple, Amazon and other American companies.
On Wednesday, Sens. Marco Rubio (R-Fla.) and Richard Blumenthal (D-Conn.) wrote to Supermicro, the firm that manufactured the compromised hardware, asking whether it had detected any such tampering in its products. 

The senators said “the nature of the claims raised alarms that must be comprehensively addressed.”
“We are alarmed by the dangers posed by back doors, and take any claimed threat to the nation’s networks and supply chain seriously,” they said. 

“These new allegations require thorough and urgent investigation for customers, law enforcement and Congress.”
Other lawmakers on the Hill have fired off similar missives. 

Sen. John Thune (R-S.D.) wrote to Apple, Amazon and Supermicro requesting staff briefings about the Bloomberg article by Friday. 

And House Oversight Committee Chairman Trey Gowdy (R-S.C.) and Intelligence Committee Chairman Devin Nunes (R-Calif.) called on the heads of the FBI, Department of Homeland Security and the Office of the Director of National Intelligence to provide a classified briefing on the matter by Oct. 22. (Amazon.com founder and chief executive Jeffrey P. Bezos owns The Washington Post.)
The flurry of requests underscores long-standing concerns in Congress about the potential for China to conduct cyber espionage by infiltrating the supply chain. 

So lawmakers aren’t taking any chances with the allegations raised in it.
“If this news report is accurate, the potential infiltration of Chinese back doors could provide a foothold for adversaries and competitors to engage in commercial espionage and launch destructive cyber attacks,” Rubio and Blumenthal wrote.

The explosive Bloomberg report said that operatives from a unit of the People’s Liberation Army secretly installed the surveillance chips in Supermicro motherboards during the assembly process in China, creating a “stealth doorway” into networks that used the machines. 

Citing unnamed government and corporate officials, the report described it as the “most significant supply chain attack known to have been carried out against American companies.”

Sen. Ron Johnson (R-Wis.), chairman of the Homeland Security Committee, said in a hearing Wednesday morning that he found the story credible. 

He asked FBI Director Christopher A. Wray and Homeland Security Secretary Kirstjen Nielsen, who testified in the hearing, whether they were aware of “implantation of chips in the supply chain.”
Wray deflected. 

“Be careful what you read in this context,” he said, adding that he was barred from commenting on whether the FBI was investigating the matter. 

Nielsen said that supply chain hacks are "a very real and emerging threat that we are very concerned about." 

Indeed, the article seemed to channel some of Washington’s worst anxieties about supply chain security.
Lawmakers and federal officials have long fretted over whether a foreign adversary could carry out such an infiltration, and over the past year they’ve taken steps to try to prevent it. 

Last fall, DHS directed federal agencies to stop using software made by the Russian cybersecurity contractor Kaspersky over concerns that Moscow’s intelligence services could use the company to conduct cyber espionage. 

Shortly after, Congress banned federal agencies from using Kaspersky’s products as part of the defense spending bill. 

Lawmakers and military officials have raised similar fears that Chinese telecom giants ZTE and Huawei could be used as conduits for Beijing to spy on U.S. citizens, companies and government offices. 

This year, lawmakers abandoned an effort to prohibit federal agencies and contractors from doing business with ZTE at the request of the White House.

China a bigger security threat than Russia, says FBI Director Wray

Nielsen also warned senators that China “absolutely” is “exerting unprecedented effort to influence American opinion" in her appearance before the Senate Homeland Security and Governmental Affairs Committee on Wednesday. 

Nielsen testified alongside Wray and Russell Travers, the acting director of the National Counterterrorism Center at the Office of the Director of National Intelligence.
Asked by Sen. Jon Kyl (R-Ariz.) to assess the risk that Beijing's cyber activities and disinformation efforts represent in comparison to Russia, Wray replied that he was “reluctant to try to rank threats” but added that “China in many ways represents the broadest, most complicated, most long-term counterintelligence threat we face.” 

Wray told Kyl that China will remain a threat to the United States in the long run. 

“Russia is in many ways fighting to stay relevant after the fall of the Soviet Union. They're fighting today's fight,” Wray said. 

“China is fighting tomorrow's fight, and the day after tomorrow, and the day after that. And it affects every sector of our economy, every state in the country and just about every aspect of what we hold dear.”

China pencil-tip spy chip's ultimate market risk: The profits built on big tech's low-cost global supply chain

• China slipped pencil tip–size spy chips into computer hardware made by an Amazon and Apple supplier, Super Micro, which itself relied on subcontractors in China.
• The biggest U.S. tech companies have led the stock market based on profit models that rely on manufacturing of components in China.
• Famed hedge fund manager David Einhorn said he sold all of his Apple stock on fears of more Chinese retaliation to the trade war.

By Edward McKinley

A report on Thursday that the Chinese government snuck a pencil tip–size spy chip into equipment from an Amazon and Apple component supplier called Super Micro was explosive, but experts say it isn't surprising: U.S. technology CEOs have been concerned about the risk of Chinese cyberespionage for years.
Bloomberg reported that the tiny pieces in American products were manufactured in China and then brought back to the United States, allowing the Chinese government to access secret information from major American tech corporations.
Apple, Amazon, Super Micro and the Chinese government each categorically denied the allegations in the Bloomberg story, but experts say the headline may influence an already tense trade war between the United States and China, at a time when President Donald Trump is broadening a definition of national security to stress the importance of domestic manufacturing.

Visitors walking past stands, including the Super Micro booth, during the Computex Taipei 2014 expo in Taiwan, June 3, 2014.

"It's just another chapter in the book of cybersecurity worries that have come from China," said Dan Ives, managing director of equity research for Wedbush Securities. 

"And I think it keeps a lot of U.S. tech CEOs up at night."
The risks to U.S. tech companies from Chinese cyberespionage have accelerated. 

Tech companies from both countries have been pitted against one another, as an enormous amount of American technology is produced in China due to the cheap costs, Ives said, and competition over who will cash in on the technology of tomorrow — in particular, artificial intelligence — is extremely fierce. 

Security concerns are virtually promised to be an issue for many years to come.
Tom Kellermann, chief cybersecurity officer of the security firm Carbon Black and the former commissioner of Barack Obama's cybersecurity council, told NBC News on Thursday that the Bloomberg article is a small example of China's larger efforts to spy on and disrupt U.S. businesses.
Kellermann said his firm has tracked a threefold increase in destructive cyberattacks coming from China, pushing it past Russia over the summer to be the most active adversary targeting U.S. companies.
Apple, the most profitable company in the world and the first to reach a $1 trillion market cap, like many technology companies has built its business model around a complex global supply chain that includes Chinese manufacturers.
"Look, this is a game of high-stakes poker between the U.S. and China, and this is just another card that's been dealt in this game," Ives said. 

"Wall Street believes the story has credibility, and it has fanned the flames of worry around China hacking the U.S. tech giants, which have a clear bulls-eye on their back, given this threat environment."

"This is a tough situation, because big corporations are never going to admit it. It would be more surprising if the Chinese didn't try to do something like this than if they did."

Derek Scissors, resident scholar and China expert, American Enterprise Institute.

'A tough situation'
China and the United States have competed for years economically, and China is expected to pass the United States in GDP in the coming years to become the world's largest economy. 

An escalating trade war is being fought between the two countries as President Trump wants to eliminate America's trade deficit. 

Further fueling the feud is a deep divide between how China and the United States think about the relationships between government, national security and economic security, said Derek Scissors, resident scholar and China expert at the conservative think tank American Enterprise Institute.
Scissors said he couldn't vouch for the specific details in the Bloomberg report, but it is consistent with the general concerns he has been hearing about for some time. 

"This is a tough situation, because big corporations are never going to admit it," he said, adding, 

"It would be more surprising if the Chinese didn't try to do something like this than if they did."
The American Enterprise Institute China expert said he spoke with administration officials in November 2016 during discussions about the start of an investigation of China's policies for tech transfer and intellectual property, called a Section 301 investigation, and attendees specifically brought up the threat of China using the supply chain to steal trade secrets from American tech companies or importers. 

Chinese trade-secret theft is not new, he said, but the methods outlined in the Bloomberg piece are, though it makes sense, as Chinese methods are growing more complex over time.
"The fundamental clash here between the U.S. and China comes from the fact that China is not a market economy," Scissors said.
The United States draws a sharp distinction between government and business interests, and its people are often deeply skeptical of Uncle Sam interfering with corporations. 

Historically, Scissors said, the United States has looked at national and economic security as separate domains, and there's no incentive or even mechanism by which the government would take action to help American businesses or hurt foreign competitors.
"We've always thought if you're spying on their government or their military, that's normal, but spying on their companies — oh, that's cheating," Scissors said.
For China, on the other hand, anything goes.
"Their government works hand in hand with their companies all the time," he said. 

"That's absolutely standard practice in China, and it would be bizarre if they didn't do that."

Specific examples of China spying on U.S. companies rarely become public knowledge, because corporations are worried if they acknowledge them, it will hurt their stock prices, Scissors said, adding that even so, this kind of thing happens regularly.
Shares of Super Micro, which has been trading as an over-the-counter stock since it was delisted in late August for failing to file financial reports, were down by close to 50 percent on Thursday. 

Apple and Amazon were both down sharply on Thursday, though their losses came amid a broad U.S. tech sector sell-off of around 2 percent, and higher Treasury yields were cited as a reason for a risk-off day in the stock market. 

J.P. Morgan released a report predicting a full-on trade war between the U.S. and China was its base-case scenario for 2019, though it predicted dire consequences for China's stock market.
Tech stocks continued to lead stock losses on Friday in another down day for the markets as rates ticked up again. 

Famed hedge fund manager David Einhorn said on Friday that he'd sold all of his Apple stock based on fears China would retaliate more against U.S. as a result of the trade war.
Because of the ties between Chinese government and the country's businesses, the world's most populous country sees no difference between what's good for Chinese businesses and what's in the interest of Chinese national security, Scissors said. 

China sets out to damage foreign corporations not because they're American, but just because they're competing against Chinese companies. 

Using the military or intelligence services to spy on private companies is totally acceptable in their view. 

Furthermore, many Chinese people are deeply suspicious of the United States and think imported American products already spy on them, so many see it as just desserts.
America's longstanding norms of separation seem to be thawing, as the Trump administration is inching toward China's approach by slapping tariffs on foreign steel and cars saying it is in America's national security interest.

Either way, the U.S. is still nowhere close to China's total singularity of the two domains, he added.
Within the past two years, the Trump administration also has been preceding on several fronts specifically to protect against Chinese technology threats, with multiple investigations about Chinese intellectual property abuses through the Committee on Foreign Investment in the U.S., known as CFIUS, and at the highest levels of U.S. government, warnings have been issued to American consumers about buying smartphones from two of China's largest cell phone makers, ZTE and Huawei.
The threat that ZTE, viewed by some skeptics as an arm of the Chinese government, could build key future telecom infrastructure in the U.S. has been a concern for years. 

ZTE was on the verge of bankruptcy earlier this year based on U.S. policy moves to bar it from the market, until Trump personally stepped in to alleviate some pressure. 

The Trump administration blocked a merger between Broadcom and Qualcomm, citing national security and the companies' role in the rollout of key 5G telecom technology.
"So yes. We have taken a step in China's direction, and people complain about that both here and around the world, but there's a giant gap remaining," Scissors said. 

"The CIA and military are absolutely not going to take action to spy on Chinese companies for the sake of American companies. But the Chinese absolutely are."

How the US will respond
Experts expect responses to come from two levels: the government in the short run and businesses in the long run.
For the government, "This is a ready-made excuse on a platter to say, 'We need to do X' because look at the terrible things the Chinese are doing," Scissors said. 

"If the president gets angry, we could have more tariffs tomorrow, but I don't think we'll see that before the midterms."
"The thing is, you're running out of space to hurt the Chinese economically without hurting the U.S., too. You can hurt the Chinese more, but the thing is people don't vote on that. They don't say, 'Well, he hurt me economically but he hurt the Chinese more,'" Scissors said.
On Thursday night Vice President Mike Pence delivered a highly critical speech about China and its efforts to undermine President Trump, which immediately led to recriminations from Chinese officials.
There are two non-tariff steps that Scissor thinks are likely instead. 

The first addresses the problem externally by imposing export controls on American businesses that work in China, which is a "very obvious response to this event," while the second works domestically.
"There will be people who want to throw a lot of Chinese workers and students out of the country. I'm not saying that's going to happen, I'm definitely not saying it's a good thing, but there's people in the administration that want to do that, and I think this just made it more likely."
Besides government action, Ives said, tech companies are also likely to take action to protect themselves.
The cost of manufacturing in China is so much less than in the United States that companies are forced to deal with the risk of espionage, Ives said, but as the cyber risk grows, it may change the calculus.
"The whole food chain is built on that premise, and that's what makes it so much more complex than moving a facility from Beijing to Middle America," Ives said. 

"In the near term that's almost an impossibility that it would shift, but over the medium term you'll actually see more manufacturing in the U.S. as a result of a concerted effort," Ives said.
As the cyberespionage fight heats up and President Trump's trade war looks likely to increase, there seems to be no doubt that the world's two largest economies have more conflict to come.
"If you look at U.S. and China tech and then throw 5G in it — look, it's going to be like an MMA battle in the coming years," Ives said.

Rogue Nation

China is secretly hacking computer motherboards. The economic fallout is huge.
By Henry Farrell and Abraham Newman

An electronic data display showing a map of China at the Global Mobile Internet conference in Beijing. 

Bloomberg has just published an explosive article claiming that a secret unit in the Chinese military has compromised the motherboards (the systems of chips and electronics that allow computers to work) of servers used by Apple, a bank and various government contractors.
China’s exploit was discovered when Amazon did due diligence on a company that it was acquiring, which used servers with the compromised motherboards. 

Like China, both Apple and Amazon have issued statements denying the Bloomberg claims, but Bloomberg is confident that it’s correct, saying it has multiple sources inside Amazon and the intelligence community. (Amazon chief executive Jeffrey P. Bezos owns The Washington Post.)
The exploit involved tiny components — some the size of a sharpened pencil tip — that were very difficult to spot but that provided a backdoor to the servers into which they were built. 

The components could communicate with external computers and download instructions from them, which allow Chinese military hackers to compromise passwords and gain control over what the servers did. 

If the servers were used for sensitive tasks, this kind of access could have massive security repercussions.
What is economically important, however, is how the Chinese military did this. 

They weaponized the complex supply chain through which most sophisticated electronics are built. That has huge implications for the world economy.

We live in a world of complex global supply chains
People usually think of economic globalization as involving trade in final products — cars being shipped across the U.S. border from Canada or Mexico. 

That only scratches the surface of the globalized economy, which involves not only trade in completed products but also in components and finishing. 

A complex product such as a computer may be built from components made by hundreds — or even thousands — of specialized manufacturers, located across multiple countries. 

This creates vast economic efficiencies and provides enormous economic savings, allowing companies — and even entire regional or national economies — to reap the benefits of specialization and consumers to get cheaper and better made products.
Over the last couple of decades, China has become an increasingly important supplier of technological goods. 

Chinese companies such as Foxconn specialize in manufacturing and integrating common consumer products such as iPhones. 

However, China lacks capacity in some important areas, such as the design and manufacture of high-end chips.
All this means that the world manufacturing economy relies on globalized supply chains, with myriad specialized subcontractors. 

Until recently, public debate has mostly focused on the trade-offs between the economic advantages and the human costs of these supply chains. 

For example, supply chains in the garment industry often involve the exploitation of poor workers in sweatshops for brand name goods sold in American stores, leading to increasing pressure on the brand-name manufacturers to ensure humane working conditions in their suppliers and sub-suppliers. Now, however, a new set of security problems is emerging.

Globalized supply chains increase interdependence
Global supply chains were what allowed the Chinese to hack the motherboards of servers used by U.S. companies. 

These servers were assembled by Supermicro, a U.S.-based supplier of specialized high-end servers. 

Supermicro relied on Chinese factories to provide them with motherboards and other components. 

These motherboards were then compromised by the Chinese military, which bribed or threatened four key subcontractors to get them to install the hardware-based backdoor systems.
A world of global supply chains is a world where countries’ economies and manufacturing systems are increasingly interdependent, so that if something goes wrong, everyone suffers. 

When a single factory caught fire in 2013, the price of commonly used memory chips shot up — because every computer manufacturer relied on a very small number of manufacturers.
Our academic research explores how countries are increasingly starting to weaponize interdependence— using these vulnerabilities and choke points for strategic advantage. 

China’s hacking of motherboards is a perfect example of this. 

As the Bloomberg article recounts, Chinese manufacturers dominate key aspects of computer hardware manufacturing. 

While some naive people had been confident that China would never hack exported components en masse — for fear of the damage that it would do to the Chinese economy — the Bloomberg article suggests that they have succumbed to temptation. 

The economic consequences are enormous
If the Bloomberg report is confirmed — and especially if it is one particular example of a broader problem — there will be very big economic repercussions. 

The U.S. economy and China’s economy are deeply interdependent. 

If the U.S. believes that Chinese firms are using this interdependence strategically to compromise U.S. technology systems with hardware components that undermine security, there will be pressure on the United States to systematically disengage from China and, perhaps, from global supply chains more generally.
This could have substantial knock-on repercussions for international trade, leading eventually to a world in which countries are much less willing to outsource components of sensitive systems to foreign manufacturers. 

Because we live in a world where technology is becoming ever more connected and ever more exploitable, this might mean that large swaths of the global economy are pulled back again behind national borders. 

The United States is already highly suspicious of Chinese telecommunications manufacturers, while organizations closely linked to U.S. intelligence are calling for a far more systematic reappraisal of the security implications of supply chains. 

It may be that the globalized economy of the 1990s and 2000s was a brief aberration, which will be replaced by more constrained and limited international exchange between economies that keep the important parts of their manufacturing economy at home.

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain

By Jordan Robertson and Michael Riley

In 2015, Amazon.com Inc. began quietly evaluating a startup called Elemental Technologies, a potential acquisition to help with a major expansion of its streaming video service, known today as Amazon Prime Video. 

Based in Portland, Ore., Elemental made software for compressing massive video files and formatting them for different devices. 

Its technology had helped stream the Olympic Games online, communicate with the International Space Station, and funnel drone footage to the Central Intelligence Agency. 

Elemental’s national security contracts weren’t the main reason for the proposed acquisition, but they fit nicely with Amazon’s government businesses, such as the highly secure cloud that Amazon Web Services (AWS) was building for the CIA.
To help with due diligence, AWS, which was overseeing the prospective acquisition, hired a third-party company to scrutinize Elemental’s security, according to one person familiar with the process. The first pass uncovered troubling issues, prompting AWS to take a closer look at Elemental’s main product: the expensive servers that customers installed in their networks to handle the video compression. 

These servers were assembled for Elemental by Super Micro Computer Inc., a San Jose-based company (commonly known as Supermicro) that’s also one of the world’s biggest suppliers of server motherboards, the fiberglass-mounted clusters of chips and capacitors that act as the neurons of data centers large and small. 

In late spring of 2015, Elemental’s staff boxed up several servers and sent them to Ontario, Canada, for the third-party security company to test, the person says.

Featured in Bloomberg Businessweek, Oct. 8, 2018. 

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. 

Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. 

Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. 

And Elemental was just one of hundreds of Supermicro customers.
During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. 

Investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.
This attack was something graver than the software-based incidents the world has grown accustomed to seeing. 

Hardware hacks are more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get.

“Having a well-done, nation-state-level hardware implant surface would be like witnessing a unicorn jumping over a rainbow”

There are two ways for spies to alter the guts of computer equipment. 

One, known as interdiction, consists of manipulating devices as they’re in transit from manufacturer to customer. 

This approach is favored by U.S. spy agencies, according to documents leaked by former National Security Agency contractor Edward Snowden. 

The other method involves seeding changes from the very beginning.
One country in particular has an advantage executing this kind of attack: China, which by some estimates makes 75 percent of the world’s mobile phones and 90 percent of its PCs. 

Still, to actually accomplish a seeding attack would mean developing a deep understanding of a product’s design, manipulating components at the factory, and ensuring that the doctored devices made it through the global logistics chain to the desired location—a feat akin to throwing a stick in the Yangtze River upstream from Shanghai and ensuring that it washes ashore in Seattle. 

“Having a well-done, nation-state-level hardware implant surface would be like witnessing a unicorn jumping over a rainbow,” says Joe Grand, a hardware hacker and the founder of Grand Idea Studio Inc. 

“Hardware is just so far off the radar, it’s almost treated like black magic.”
But that’s just what U.S. investigators found: The chips had been inserted during the manufacturing process by operatives from a unit of the People’s Liberation Army. 

In Supermicro, China’s spies have found a perfect conduit for the most significant supply chain attack known to have been carried out against American companies.
Investigators found that it eventually affected almost 30 companies, including a major bank, government contractors, and the world’s most valuable company, Apple Inc. 

Apple was an important Supermicro customer and had planned to order more than 30,000 of its servers in two years for a new global network of data centers. 

Three senior insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards. 

Apple severed ties with Supermicro the following year, for what it described as unrelated reasons.
“We remain unaware of any investigation,” wrote a spokesman for Supermicro, Perry Hayes. 

The Chinese government didn’t directly address questions about manipulation of Supermicro servers, issuing a statement that read, in part, “Supply chain safety in cyberspace is an issue of common concern, and China is also a victim.” 

The FBI and the Office of the Director of National Intelligence, representing the CIA and NSA, declined to comment.
The companies’ denials are countered by six current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government’s investigation. 

One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon; the official and one of the insiders also described Amazon’s cooperation with the government investigation. 

In addition to the three Apple insiders, four of the six U.S. officials confirmed that Apple was a victim. 

In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks. 

The sources were granted anonymity because of the sensitive, and in some cases classified, nature of the information.
China’s goal was long-term access to high-value corporate secrets and sensitive government networks. 

No consumer data is known to have been stolen.
The ramifications of the attack continue to play out. 

The Trump administration has made computer and networking hardware, including motherboards, a focus of its latest round of trade sanctions against China, and White House officials have made it clear they think companies will begin shifting their supply chains to other countries as a result. 

Such a shift might assuage officials who have been warning for years about the security of the supply chain—even though they’ve never disclosed a major reason for their concerns.
Back in 2006, three engineers in Oregon had a clever idea. 

Demand for mobile video was about to explode, and they predicted that broadcasters would be desperate to transform programs designed to fit TV screens into the various formats needed for viewing on smartphones, laptops, and other devices. 

To meet the anticipated demand, the engineers started Elemental Technologies, assembling what one former adviser to the company calls a genius team to write code that would adapt the superfast graphics chips being produced for high-end video-gaming machines. 

The resulting software dramatically reduced the time it took to process large video files. 

Elemental then loaded the software onto custom-built servers emblazoned with its leprechaun-green logos.
Elemental servers sold for as much as $100,000 each, at profit margins of as high as 70 percent, according to a former adviser to the company. 

Two of Elemental’s biggest early clients were the Mormon church, which used the technology to beam sermons to congregations around the world, and the adult film industry, which did not.
Elemental also started working with American spy agencies. 

In 2009 the company announced a development partnership with In-Q-Tel Inc., the CIA’s investment arm, a deal that paved the way for Elemental servers to be used in national security missions across the U.S. government. 

Public documents, including the company’s own promotional materials, show that the servers have been used inside Department of Defense data centers to process drone and surveillance-camera footage, on Navy warships to transmit feeds of airborne missions, and inside government buildings to enable secure videoconferencing. 

NASA, both houses of Congress, and the Department of Homeland Security have also been customers. 

This portfolio made Elemental a target for Chinese spies.
Supermicro had been an obvious choice to build Elemental’s servers. 

Headquartered north of San Jose’s airport, up a smoggy stretch of Interstate 880, the company was founded by Charles Liang, a Taiwanese engineer who attended graduate school in Texas and then moved west to start Supermicro with his wife in 1993. 

Silicon Valley was then embracing outsourcing, forging a pathway from Taiwanese, and later Chinese, factories to American consumers, and Liang added a comforting advantage: Supermicro’s motherboards would be engineered mostly in San Jose, close to the company’s biggest clients, even if the products were manufactured overseas.
Today, Supermicro sells more server motherboards than almost anyone else. 

It also dominates the $1 billion market for boards used in special-purpose computers, from MRI machines to weapons systems. 

Its motherboards can be found in made-to-order server setups at banks, hedge funds, cloud computing providers, and web-hosting services, among other places. 

Supermicro has assembly facilities in California, the Netherlands, and Taiwan, but its motherboards—its core product—are all manufactured by contractors in China.
The company’s pitch to customers hinges on unmatched customization, made possible by hundreds of full-time engineers and a catalog encompassing more than 600 designs. 

The majority of its workforce in San Jose is Taiwanese or Chinese, and Mandarin is the preferred language, with hanzi filling the whiteboards, according to six former employees. 

Chinese pastries are delivered every week, and many routine calls are done twice, once for English-only workers and again in Mandarin. 

The latter are more productive, according to people who’ve been on both. 

These overseas ties, especially the widespread use of Mandarin, would have made it easier for China to gain an understanding of Supermicro’s operations and to infiltrate the company. (A U.S. official says the government’s probe is still examining whether Chinese spies were planted inside Supermicro and other American companies to aid the attack.)
With more than 900 customers in 100 countries by 2015, Supermicro offered inroads to a bountiful collection of sensitive targets. 

“Think of Supermicro as the Microsoft of the hardware world,” says a former U.S. intelligence official who’s studied Supermicro and its business model. 

“Attacking Supermicro motherboards is like attacking Windows. It’s like attacking the whole world.”

The security of the global technology supply chain had been compromised, even if consumers and most companies didn’t know it yet

Well before evidence of the attack surfaced inside the networks of U.S. companies, American intelligence sources were reporting that China’s spies had plans to introduce malicious microchips into the supply chain. 

The sources weren’t specific, according to a person familiar with the information they provided, and millions of motherboards are shipped into the U.S. annually. 

But in the first half of 2014, a different person briefed on high-level discussions says, intelligence officials went to the White House with something more concrete: China’s military was preparing to insert the chips into Supermicro motherboards bound for U.S. companies.
The specificity of the information was remarkable, but so were the challenges it posed. 

Issuing a broad warning to Supermicro’s customers could have crippled the company, a major American hardware maker, and it wasn’t clear from the intelligence whom the operation was targeting or what its ultimate aims were. 

Plus, without confirmation that anyone had been attacked, the FBI was limited in how it could respond. 

The White House requested periodic updates as information came in, the person familiar with the discussions says.
Apple made its discovery of suspicious chips inside Supermicro servers around May 2015, after detecting odd network activity and firmware problems, according to a person familiar with the timeline. 

Two of the senior Apple insiders say the company reported the incident to the FBI but kept details about what it had detected tightly held, even internally. 

Government investigators were still chasing clues on their own when Amazon made its discovery and gave them access to sabotaged hardware, according to one U.S. official. 

This created an invaluable opportunity for intelligence agencies and the FBI—by then running a full investigation led by its cyber- and counterintelligence teams—to see what the chips looked like and how they worked.
The chips on Elemental servers were designed to be as inconspicuous as possible, according to one person who saw a detailed report prepared for Amazon by its third-party security contractor, as well as a second person who saw digital photos and X-ray images of the chips incorporated into a later report prepared by Amazon’s security team. 

Gray or off-white in color, they looked more like signal conditioning couplers, another common motherboard component, than microchips, and so they were unlikely to be detectable without specialized equipment. 

Depending on the board model, the chips varied slightly in size, suggesting that the Chinese had supplied different factories with different batches.
Officials familiar with the investigation say the primary role of implants such as these is to open doors that other attackers can go through. 

“Hardware attacks are about access,” as one former senior official puts it. 

In simplified terms, the implants on Supermicro hardware manipulated the core operating instructions that tell the server what to do as data move across a motherboard.

This happened at a crucial moment, as small bits of the operating system were being stored in the board’s temporary memory en route to the server’s central processor, the CPU. 

The implant was placed on the board in a way that allowed it to effectively edit this information queue, injecting its own code or altering the order of the instructions the CPU was meant to follow. Deviously small changes could create disastrous effects.
Since the implants were small, the amount of code they contained was small as well. 

But they were capable of doing two very important things: telling the device to communicate with one of several anonymous computers elsewhere on the internet that were loaded with more complex code; and preparing the device’s operating system to accept this new code. 

The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off.
This system could let the attackers alter how the device functioned, line by line, however they wanted, leaving no one the wiser. 

To understand the power that would give them, take this hypothetical example: Somewhere in the Linux operating system, which runs in many servers, is code that authorizes a user by verifying a typed password against a stored encrypted one. 

An implanted chip can alter part of that code so the server won’t check for a password—and presto! A secure machine is open to any and all users. 

A chip can also steal encryption keys for secure communications, block security updates that would neutralize the attack, and open up new pathways to the internet. 

Should some anomaly be noticed, it would likely be cast as an unexplained oddity. 

“The hardware opens whatever door it wants,” says Joe FitzPatrick, founder of Hardware Security Resources LLC, a company that trains cybersecurity professionals in hardware hacking techniques.
U.S. officials had caught China experimenting with hardware tampering before, but they’d never seen anything of this scale and ambition. 

The security of the global technology supply chain had been compromised, even if consumers and most companies didn’t know it yet. 

What remained for investigators to learn was how the attackers had so thoroughly infiltrated Supermicro’s production process—and how many doors they’d opened into American targets.
Unlike software-based hacks, hardware manipulation creates a real-world trail. 

Components leave a wake of shipping manifests and invoices. 

Boards have serial numbers that trace to specific factories. 

To track the corrupted chips to their source, U.S. intelligence agencies began following Supermicro’s serpentine supply chain in reverse, a person briefed on evidence gathered during the probe says.
As recently as 2016, according to DigiTimes, a news site specializing in supply chain research, Supermicro had three primary manufacturers constructing its motherboards, two headquartered in Taiwan and one in Shanghai. 

When such suppliers are choked with big orders, they sometimes parcel out work to subcontractors. In order to get further down the trail, U.S. spy agencies drew on the prodigious tools at their disposal. They sifted through communications intercepts, tapped informants in Taiwan and China, even tracked key individuals through their phones, according to the person briefed on evidence gathered during the probe. 

Eventually, they traced the malicious chips to four subcontracting factories that had been building Supermicro motherboards for at least two years.
As the agents monitored interactions among Chinese officials, motherboard manufacturers, and middlemen, they glimpsed how the seeding process worked. 

In some cases, plant managers were approached by people who claimed to represent Supermicro or who held positions suggesting a connection to the government. 

The middlemen would request changes to the motherboards’ original designs, initially offering bribes in conjunction with their unusual requests. 

If that didn’t work, they threatened factory managers with inspections that could shut down their plants. 

Once arrangements were in place, the middlemen would organize delivery of the chips to the factories.
The investigators concluded that this intricate scheme was the work of a People’s Liberation Army unit specializing in hardware attacks.

The existence of this group has never been revealed before, but one official says, “We’ve been tracking these guys for longer than we’d like to admit.” 

The unit is believed to focus on high-priority targets, including advanced commercial technology and the computers of rival militaries. 

In past attacks, it targeted the designs for high-performance computer chips and computing systems of large U.S. internet providers.

The Supermicro attack was on another order entirely from earlier episodes attributed to the PLA. 

It threatened to have reached a dizzying array of end users, with some vital ones in the mix. 

Apple, for its part, has used Supermicro hardware in its data centers sporadically for years, but the relationship intensified after 2013, when Apple acquired a startup called Topsy Labs, which created superfast technology for indexing and searching vast troves of internet content. 

By 2014, the startup was put to work building small data centers in or near major global cities. 

This project, known internally as Ledbelly, was designed to make the search function for Apple’s voice assistant, Siri, faster, according to the three senior Apple insiders.
Documents seen by Businessweek show that in 2014, Apple planned to order more than 6,000 Supermicro servers for installation in 17 locations, including Amsterdam, Chicago, Hong Kong, Los Angeles, New York, San Jose, Singapore, and Tokyo, plus 4,000 servers for its existing North Carolina and Oregon data centers. 

Those orders were supposed to double, to 20,000, by 2015. 

Ledbelly made Apple an important Supermicro customer at the exact same time the PLA was found to be manipulating the vendor’s hardware.
Project delays and early performance problems meant that around 7,000 Supermicro servers were humming in Apple’s network by the time the company’s security team found the added chips. Because Apple didn’t provide government investigators with access to its facilities or the tampered hardware, the extent of the attack there remained outside their view.

Microchips found on altered motherboards in some cases looked like signal conditioning couplers.

American investigators eventually figured out who else had been hit. 

Since the implanted chips were designed to ping anonymous computers on the internet for further instructions, operatives could hack those computers to identify others who’d been affected. 

Although the investigators couldn’t be sure they’d found every victim, a person familiar with the U.S. probe says they ultimately concluded that the number was almost 30 companies.
That left the question of whom to notify and how. 

U.S. officials had been warning for years that hardware made by two Chinese telecommunications giants, Huawei Corp. and ZTE Corp., was subject to Chinese government manipulation. 

But a similar public alert regarding a U.S. company was out of the question. 

Instead, officials reached out to a small number of important Supermicro customers. 

One executive of a large web-hosting company says the message he took away from the exchange was clear: Supermicro’s hardware couldn’t be trusted. 

“That’s been the nudge to everyone—get that crap out,” the person says.
Amazon, for its part, began acquisition talks with an Elemental competitor, but according to one person familiar with Amazon’s deliberations, it reversed course in the summer of 2015 after learning that Elemental’s board was nearing a deal with another buyer. 

Amazon announced its acquisition of Elemental in September 2015, in a transaction whose value one person familiar with the deal places at $350 million. 

Multiple sources say that Amazon intended to move Elemental’s software to AWS’s cloud, whose chips, motherboards, and servers are typically designed in-house and built by factories that Amazon contracts from directly.
A notable exception was AWS’s data centers inside China, which were filled with Supermicro-built servers, according to two people with knowledge of AWS’s operations there. 

Mindful of the Elemental findings, Amazon’s security team conducted its own investigation into AWS’s Beijing facilities and found altered motherboards there as well, including more sophisticated designs than they’d previously encountered. 

In one case, the malicious chips were thin enough that they’d been embedded between the layers of fiberglass onto which the other components were attached.

That generation of chips was smaller than a sharpened pencil tip, the person says.
China has long been known to monitor banks, manufacturers, and ordinary citizens on its own soil, and the main customers of AWS’s China cloud were domestic companies or foreign entities with operations there. 

Still, the fact that the country appeared to be conducting those operations inside Amazon’s cloud presented the company with a Gordian knot. 

Its security team determined that it would be difficult to quietly remove the equipment and that, even if they could devise a way, doing so would alert the attackers that the chips had been found, according to a person familiar with the company’s probe. 

Instead, the team developed a method of monitoring the chips. 

In the ensuing months, they detected brief check-in communications between the attackers and the sabotaged servers but didn’t see any attempts to remove data. 

That likely meant either that the attackers were saving the chips for a later operation or that they’d infiltrated other parts of the network before the monitoring began. 

Neither possibility was reassuring.
When in 2016 the Chinese government was about to pass a new cybersecurity law—seen by many outside the country as a pretext to give authorities wider access to sensitive data—Amazon decided to act, the person familiar with the company’s probe says. 

In August it transferred operational control of its Beijing data center to its local partner, Beijing Sinnet, a move the companies said was needed to comply with the incoming law. 

The following November, Amazon sold the entire infrastructure to Beijing Sinnet for about $300 million. 

The person familiar with Amazon’s probe casts the sale as a choice to “hack off the diseased limb.”
As for Apple, one of the three senior insiders says that in the summer of 2015, a few weeks after it identified the malicious chips, the company started removing all Supermicro servers from its data centers, a process Apple referred to internally as “going to zero.” 

Every Supermicro server, all 7,000 or so, was replaced in a matter of weeks, the senior insider says. 

In 2016, Apple informed Supermicro that it was severing their relationship entirely—a decision a spokesman for Apple ascribed in response to Businessweek’s questions to an unrelated and relatively minor security incident.
That August, Supermicro’s CEO, Liang, revealed that the company had lost two major customers. Although he didn’t name them, one was later identified in news reports as Apple. 

He blamed competition, but his explanation was vague. 

“When customers asked for lower price, our people did not respond quickly enough,” he said on a conference call with analysts. 

Hayes, the Supermicro spokesman, says the company has never been notified of the existence of malicious chips on its motherboards by either customers or U.S. law enforcement.
Concurrent with the illicit chips’ discovery in 2015 and the unfolding investigation, Supermicro has been plagued by an accounting problem, which the company characterizes as an issue related to the timing of certain revenue recognition. 

After missing two deadlines to file quarterly and annual reports required by regulators, Supermicro was delisted from the Nasdaq on Aug. 23 of this year. 

It marked an extraordinary stumble for a company whose annual revenue had risen sharply in the previous four years, from a reported $1.5 billion in 2014 to a projected $3.2 billion this year.
One Friday in late September 2015, President Barack Obama and Chinese dictator Xi Jinping appeared together at the White House for an hourlong press conference headlined by a landmark deal on cybersecurity. 

After months of negotiations, the U.S. had extracted from China a grand promise: It would no longer support the theft by hackers of U.S. intellectual property to benefit Chinese companies. 

Left out of those pronouncements, according to a person familiar with discussions among senior officials across the U.S. government, was the White House’s deep concern that China was willing to offer this concession because it was already developing far more advanced and surreptitious forms of hacking founded on its near monopoly of the technology supply chain.
In the weeks after the agreement was announced, the U.S. government quietly raised the alarm with several dozen tech executives and investors at a small, invite-only meeting in McLean, Va., organized by the Pentagon. 

According to someone who was present, Defense Department officials briefed the technologists on a recent attack and asked them to think about creating commercial products that could detect hardware implants. 

Attendees weren’t told the name of the hardware maker involved, but it was clear to at least some in the room that it was Supermicro, the person says.
The problem under discussion wasn’t just technological. 

It spoke to decisions made decades ago to send advanced production work to Southeast Asia. 

In the intervening years, low-cost Chinese manufacturing had come to underpin the business models of many of America’s largest technology companies. 

Early on, Apple, for instance, made many of its most sophisticated electronics domestically. 

Then in 1992, it closed a state-of-the-art plant for motherboard and computer assembly in Fremont, Calif., and sent much of that work overseas.
Over the decades, the security of the supply chain became an article of faith despite repeated warnings by Western officials. 

A naive belief formed that China was unlikely to jeopardize its position as workshop to the world by letting its spies meddle in its factories. 

That left the decision about where to build commercial systems resting largely on where capacity was greatest and cheapest. 

“You end up with a classic Satan’s bargain,” one former U.S. official says. 

“You can have less supply than you want and guarantee it’s secure, or you can have the supply you need, but there will be risk. Every organization has accepted the second proposition.”
In the three years since the briefing in McLean, no commercially viable way to detect attacks like the one on Supermicro’s motherboards has emerged—or has looked likely to emerge. 

Few companies have the resources of Apple and Amazon, and it took some luck even for them to spot the problem. 

“This stuff is at the cutting edge of the cutting edge, and there is no easy technological solution,” one of the people present in McLean says. 

“You have to invest in things that the world wants. You cannot invest in things that the world is not ready to accept yet.”

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

Tech Quisling and Moral Pygmy

Apple is kowtowing to China’s police state
Washington Post

CHINA AND Russia, among other places ruled by strongmen and their political cronies, are demanding that technology companies locate all their data on national soil.  

The titans of American digital innovation — Apple, Google, Facebook, Amazon, Microsoft and others — face a difficult choice. 

They can risk moving the data of millions of customers to a police state, or they can refuse and risk losing millions of customers.
This week, Apple is choosing option A: police state. 

Starting Wednesday, the data of its iCloud customers in China will be transferred to China, as required by a new law, to be housed in a center operated by a Chinese company. 

Apple will control the encryption keys but says it will respond to “valid legal requests” from Chinese authorities for the data of individuals. 

This applies only to the popular iCloud and what Chinese users decide to store there; data on an iPhone itself is encrypted, and users are the only ones who can unlock it.
Previously, a request for the cloud data would have come to the United States and would have been subject to the rigors of U.S. law and due process. 

China, however, is ruled by the Communist Party, which remains above the law. 

A vivid glimpse of how the mechanism works is China’s recent campaign to silence and punish human rights lawyers, jailing them for defending people who dared speak their minds openly. 

China is also rolling out a nationwide system to monitor the behavior of individuals, including their financial transactions, shopping habits, social media, traffic tickets and unpaid bills, and combining it with ubiquitous surveillance. 

This is the legal environment that will oversee the iCloud data of Chinese users.

Amazon and Microsoft have also established data centers in China. (The chief executive and founder of Amazon, Jeffrey P. Bezos, owns The Post.)
Two years ago, Tim Cook, Apple’s chief executive, refused to help the FBI crack open an iPhone used by one of the San Bernardino, Calif., terrorists. 

Cook insisted that it was vital to protect data encryption for privacy, that to give in to the FBI would “make hundreds of millions of customers vulnerable around the world, including in the U.S.” 

We understand that Cook was talking about the iPhone then, and not the cloud, but he was very passionate about the principle of resisting government snooping. 

“We need to stand tall and stand tall on principle,” Cook bombastically declared.

When it comes to China, however, Apple says that it decided to “remain engaged.” 

This cannot have been an easy decision for Apple or Cook. 

Other companies will confront it, too. 

Of course it would have been painful to Apple’s customers, and to its bottom line, to pull out of China. 

But obeying “local laws” can mean honoring the whims of mega-snoops and dictators who do not share the values of democracy and free expression. 

Apple should find that painful, too.

U.S. Tech Quislings

Cambridge University stood up to China in a way companies like Apple haven't
By Cheang Ming

With its decision to reinstate hundreds of academic articles, a division of Cambridge University has done what larger entities have failed to: stand up to China.
Cambridge University Press, the world's oldest publishing house, on Monday reversed an earlier decision to block access within China to 315 articles in the China Quarterly, a leading academic journal focusing on contemporary China. 

Most articles that had been blocked focused on topics seen as inconvenient to the Chinese government, including the Cultural Revolution, the Tiananmen Square protests and Taiwan.

People stand outside the Cambridge University Press stand at the Beijing International Book Fair in Beijing on August 23, 2017.

The publisher had blocked those articles from being accessed on the mainland after receiving an "instruction" to do so from a Chinese agency, CUP said in an Aug. 18 statement.
While China has blocked other media platforms — such as Reuters and the Wall Street Journal — in the past, the move to censor CUP was different due to the academic journal's smaller, niche readership.
Anita Chan, an Australian National University senior fellow, told CNBC the move was "unprecedented." 

Two articles authored by Chan were among those blocked.
Meanwhile, a petition started by Peking University Associate Professor Christopher Balding stated that the academic community was "disturbed" by the Chinese government's attempt to "export its censorship on topics that do not fit its preferred narrative."
Public outcry from academics and activists eventually led to the articles being reinstated by CUP on Aug. 21.
Even though it took several days of heated protests for the Cambridge unit to change its mind, the publisher's ultimate decision highlights moves taken in the opposite direction by multinational corporations to placate regulators on the mainland.

Multinationals fall in line
One of those companies is Apple.
The Cupertino-based tech giant drew ire for removing apps from virtual private network (VPN) providers from the Chinese version of its App Store in July. 

VPNs allow individuals in China a way of bypassing its "Great Firewall," a system that restricts access to the internet.
In December last year, Apple pulled a similar move when it removed the New York Times' app from its Chinese app store.
Reuters also reported last month that the iPhone maker announced it was building its first data center in China after the introduction of new cybersecurity laws requiring companies to store sensitive data on servers in China. 

The new rules were vague while the practice of storing data on local servers could expose companies to government monitoring.

Apple isn't the only company complying with tougher regulations in China either.

Amazon's Chinese partner told clients it would "shut down" unauthorized VPNs, Reuters reported earlier this month. 

Like Apple, an Amazon Web Services spokesman said the company had to work through Chinese partners to adhere to local regulations, Reuters added.
In 2014 media reports said LinkedIn (now a subsidiary of Microsoft) was censoring posts of a sensitive nature from being seen in China so it could operate in the mainland market.
Even though well-known companies — such as Apple and Google — make headlines when they either accept or reject regulator demands, the decision-making process is more "nuanced and mundane" for most firms, said Christopher Beddor, an associate at consultancy Eurasia Group.
"For those companies that are impacted by censorship regulations, there's often a behind-the-scenes back-and-forth discussion with local partners and regulators over how to adapt the content for the Chinese market," Beddor added.
That discussion happens, in part, because companies are trying to make money in China — as their shareholders likely desire — whereas CUP has more leeway as a university department.

What's next
Chinese authorities reacted to CUP's reversal just hours after its announcement: Regulators promptly scrubbed a Weibo post from the Cambridge University account announcing the decision, according to a report from the Guardian on Tuesday.
However, the academic publisher's website remained available in China.
Greatfire.org, a website monitoring censorship in the country, found that the webpage for "The China Quarterly" was uncensored as of Aug. 24. 

As the CUP website used Hypertext Transfer Protocol Secure (HTTPS), the only way for authorities to block individual pages would be to block the entire website, Greatfire.org co-founder Martin Johnson (a pseudonym) told CNBC.
The CUP website was also likely to remain unblocked, Charlie Smith, a pseudonym used by another Greatfire.org co-founder, told CNBC in an email. 

He said that's because the financial cost required to access journal articles acted as "its own form of censorship."

An aerial view of King's College, University of Cambridge. Cambridge University Press is the publishing business of the university.

"I think that CUP probably overreacted to some request from an official," Smith added.
Some China watchers have linked the tightening in regulations to the upcoming 19th National Congress of the Communist Party in the fall as bureaucrats attempt to step up their game ahead of an anticipated leadership reshuffle. 

However, the new level of scrutiny is unlikely to subside after the event, experts said.
"The fundamental trend remains toward more state control over media and information," Beddor told CNBC.
Although the pace at which new regulations are initiated could slow after the party congress, it was unlikely that rules would be reversed following the event's conclusion, he added.
Even though Apple's Cook was hopeful that engaging with the authorities would lead to fewer restrictions in the future, not everyone was equally optimistic.
"Censorship in China is a long-term vision and is not really a tap that get(s) turned on and off. It's not like sites get unblocked after the congress finishes. They stay blocked. Which is part of Xi Jinping's grand plan," said Smith.
Meanwhile, some experts have voiced fears that China's censorship regime may even extend beyond its borders.
University of Canterbury professor Anne-Marie Brady, who had one article in the China Quarterly blocked in the mainland, said, "China under Xi is now not only trying to control the information environment in China, but also the external information environment when it pertains to China."

Kowtowing to China’s Despots

Joining Apple, Amazon’s China Cloud Service Bows to Censors
By PAUL MOZUR

An internet cafe in Beijing in May. Weeks after China enacted a tough cybersecurity law, a local company that manages Amazon’s cloud computing services in China told customers not to offer ways for Chinese users to bypass the country’s internet censorship measures.

SHANGHAI — Days after Apple yanked anti-censorship tools off its app store in China, another major American technology company is moving to implement the country’s tough restrictions on online content.
A Chinese company that operates Amazon’s cloud-computing and online services business there said on Tuesday that it told local customers to cease using any software that would allow Chinese to circumvent the country’s extensive system of internet blocks. 

The company, called Beijing Sinnet Technology and operator of the American company’s Amazon Web Services operations in China, sent one round of emails to customers on Friday and another on Monday.
“If users don’t comply with the guidance, the offered services and their websites can be shut down,” said a woman surnamed Wang who answered a Sinnet service hotline. 

“We the operators also check routinely if any of our users use these softwares or store illegal content.”
Ms. Wang said the letter was sent according to recent guidance from China’s Ministry of Public Security and the country’s telecom regulator. 

Amazon did not respond to emails and phone calls requesting comment.
The emails are the latest sign of a widening push by China’s government to block access to software that gets over the Great Firewall — the nickname for the sophisticated internet filters that China uses to stop its people from gaining access to Facebook, Google and Twitter, as well as foreign news media outlets.

The move came at roughly the same time that Apple said it took down a number of apps from its China app store that help users vault the Great Firewall. 

Those apps helped users connect to the rest of the internet world using technology called virtual private networks, or VPNs.
Taken together, the recent moves by Apple and Amazon show how Beijing is increasingly forcing America’s biggest tech companies to play by Chinese rules if they want to maintain access to the market. 

The push comes even as the number of foreign American tech companies able to operate and compete in China has dwindled.
Beijing has become increasingly emboldened in pushing America’s internet giants to follow its local internet laws, which forbid unregistered censorship-evasion software. 

Analysts say the government has been more aggressive in pressuring companies to make concessions following the passage of a new cybersecurity law, which went into effect June 1, and ahead of a sensitive Communist Party conclave set for late autumn.
The government has been intent on tightening controls domestically as well. 

It recently shut down a number of Chinese-run VPNs. 

New rules posted to government websites in recent days said Communist Party members can be punished for viewing illegal sites and that they must register all foreign or local social media accounts.
Also in response to the new law, Apple said it planned to open a new data center in China and store user data there.
Ms. Wang, who said that Sinnet handles Amazon Web Services operations across China, said that the company has sent letters warning users about such services in the past but that the government had been more focused on other issues.
Amazon Web Services allows companies small and large to lease computing power instead of running their websites or other online services through their own hardware and software. 

Because Amazon’s cloud services allow customers to lease servers in China, it could be used to give Chinese internet users access to various types of software that would help them get around the Great Firewall.
Keeping in line with censorship rules is only a part of it. 

In cloud computing, China requires foreign companies have a local partner and restricts them from owning a controlling stake in any cloud company. 

New proposed laws, which have drawn complaints of protectionism from American politicians, further restrict the companies from using their own brand and call for them to terminate and report any behavior that violates China’s laws.
While Microsoft and Amazon both run cloud services in China, similar ones run by local Chinese internet rivals dwarf them in scale. 

In particular Chinese e-commerce giant Alibaba runs its own cloud services, which have grown rapidly in China. 

In order to operate in the country, China’s biggest internet companies must stay in close contact with the government and carry out Beijing’s various demands, whether they be a request for user data or to censor various topics.
While China is not a major market for Amazon, the company has been in the country for a long time and has been pushing its cloud computing services there. 

Also recently the company announced a partnership with the state-run telecom China Mobile to create a Kindle, the company’s e-reader device, aimed at the local Chinese market.

Empire of Fakes

Alibaba's counterfeit woes won't stop any time soon
By Adam Minter

It's hardly a happy new year for Alibaba Group Holding. 

Just before Christmas, the US Trade Representative added Alibaba's Taobao e-commerce site to a list of "notorious markets" that traffic in counterfeits.
That's an unseemly place for a publicly held company: Other members include a Chinese shopping mall that specialises in counterfeit leather goods and a Paraguayan border market rife with organised crime that hawks everything from fake Ray-Bans to knockoff DVDs.

Spot a fake: Ray Gordon, manufacturing director at Decor, with a real Decor product.

Alibaba isn't keen to be associated with this motley group. 

But like Amazon.com, eBay and other online marketplaces dependent on Chinese manufacturers, it has struggled to maintain its integrity against an onslaught of counterfeiters. 

Without an aggressive crackdown by China's government, these marketplaces won't stand much of a chance against the fakes.
By many measures, counterfeiting is one of China's leading industrial sectors. 

A study by the US Chamber of Commerce found that it brings in about $US396 ($543) billion annually, representing some 12 per cent of China's total exports and 1.5 per cent of its gross domestic product. 

Last year, when just one Chinese province decided to crack down, it shut 417 "manufacturing and sales locations" with stock worth more than $US200 million.
This large-scale criminal enterprise has surprisingly staid origins. 

The global outsourcing boom that started in the 1980s brought foreign factories and expertise to China. 

Workers at those factories excelled at making iPhones and other consumer goods, but also learnt how to knock them off.
These days, it's not unusual for a new product to face counterfeit competition in China within days of its release – or, in the case of the iPhone 6s, days before its release. 

In some instances, as with last year's hoverboard craze, the knock-offs proliferate so quickly that the original patent and brand owners are forgotten in favour of generic "made in China" versions.
This parallel economy is no secret. 

Last year, Alibaba co-founder Jack Ma bluntly told a gathering of retailers that counterfeiters use exactly the same factories and raw materials as legitimate manufacturers. 

Local governments tend to look the other way – or worse. 

A 2009 diplomatic cable released by WikiLeaks reported that China's economic downturn at the time was weakening efforts to enforce intellectual-property protections. 

In one passage, it described how Apple's effort to shut down a MacBook counterfeiting line was rebuffed because it would threaten "100 local jobs."
That's pretty sizeable for a knockoff operation. 

I've visited counterfeit iPhone "manufacturers" in Shenzhen that consisted of only a handful of family members. 

They would expertly assemble parts into reasonable facsimiles for sale via online marketplaces such as eBay, Lazada and Taobao. 

Though none of these marketplaces welcome counterfeiters, they do welcome small Chinese manufacturers – and distinguishing between the two is often difficult.
Amazon, for instance, has tried to fight off a growing problem with fakes, but in doing so has risked disqualifying legitimate small retailers, who use the site to sell everything from paper clips to pillow covers directly to consumers worldwide. 

Such entrepreneurs reduce costs for customers and constitute an important and fast-growing segment of Amazon's online marketplace.
As a China-based company, Alibaba has greater exposure to counterfeiting than Amazon does, given that Chinese are generally quite price-sensitive and less averse to purchasing fakes. 

But it isn't helpless. 

For one thing, it could simplify its procedures for brand owners to report instances of counterfeiting. It could also use its global profile and political leverage to push the government to prosecute more counterfeiters.
Although that might be risky for Alibaba, the alternative is to resign itself to a reputation befitting a notorious flea market – not one of the world's most influential e-commerce companies. 

Given the choice, Alibaba shouldn't hesitate to prove it is a little better than the counterfeiters.

Mapoleon, Emperor of the Fakes

Chinese Biological Warfare

6 Foods From China Filled With Fake And Toxic Ingredients That Nobody Talks About
www.healthytipsworld.net

China started creating toxic products and food items. 

There is no proof that such products have been sold in the USA, however, there are some vendors on Amazon and eBay that openly sell them.
These are instances of those illegal counterfeit food products from China:

1. Egg imitations – There are some Chinese webpages that have instructional videos which show how to make $70 daily by producing and selling fake eggs. 

One needs gelatin, calcium chloride, potassium alum, alginic acid, artificial color, and water. 

The shells are made with calcium carbonate. 

Such eggs can cause dementia and memory loss.

2. Fake Ginseng – The root of Ginseng is a medicinal plant which is used as a tonic in China. Its price increased rapidly, and this pushed Ginseng retailers to figure out a way to make profit. 

They boiled the roots in sugar and that made them heavier, therefore more profitable. 

The retailers rip off their customers, however, the fact that boiling Ginseng in sugar can strip it from its medicinal values is even worse. 

Natural ginseng has 20% content of sugar, while the fake one has 70%. 

This cannot do much for people’s health.

3. Fake sweet potato noodles – There were 5.5 tons of fake noodles made in a facility in Zhongshan city, China. 

People in 2011 started complaining that the product tasted strange. 

Investigation revealed that the noodles were composed of corn with an industrial ink which gave them the purple color and paraffin wax.

4. Baby formula – There were 47 people accused in 2004 for producing fake instant baby formula which caused death in dozens of children in Fuyang, China. 

It was made of chalk, causing children develop a “big head disease”. 

This made their heads swell and the rest of their body deteriorate slowly.

5. Cement stuffed walnuts – A man in 2012 bought shelled walnuts in Zhengshou city in China, but he got broken concrete pieces inside the shells. 

It was wrapped in paper in order to prevent it from making strange noises. 

The vendor tried profiting by selling these fake nuts which were much heavier than the real ones.

6. Beef made out of pork – Pork is less expensive in China, thus some restaurants sell it instead of beef. 

They perform some chemistry on it, using a beef extract and glazing agent in order to “marinate” the meat for 90 minutes. 

Long-term use of these products can cause cancer, deformity, and slow poisoning.