'Bloomberg' Reporter Outlines How Chinese Microchips Infiltrated Nearly 30 U.S. Companies

Oct 4, 2018
Originally published on October 4, 2018 6:26 pm
Copyright 2018 NPR. To see more, visit http://www.npr.org/.

MARY LOUISE KELLY, HOST:

Bloomberg has a big story out today about a tiny microchip not much bigger than a grain of rice. The chip has been found in the type of computer servers used by at least 30 major American companies including Apple and major banks, also servers used by the Pentagon and the CIA. Bloomberg describes this chip as, quote, "a stealth doorway into any network that included the altered machines." And this doorway, Bloomberg reports, was built in China.

Michael Riley is one of the reporters who broke this story today. Welcome.

MICHAEL RILEY: Thank you very much.

KELLY: Tell me a little bit more about this microchip and what kind of damage potentially it's capable of doing.

RILEY: Yeah, so it's basically a chip that was built into a motherboard that's made by a U.S. company called Super Micro. Super Micro, even though most people have never heard of the company, is incredibly important in the business of making servers. And servers are the neurons of the cloud. It's basically the Internet - these big data centers with tens of thousands of servers on them.

KELLY: And these particular servers were being assembled in China.

RILEY: The actual motherboards were being built in China. China basically makes the vast majority of all technology in the world today. It's all been offshored, and most of it has gone to China. And governments have long pointed out that this is a risk because if the country allows its spies to mess with that process, it's a major threat. But companies have always assumed that that's too valuable to China to mess with. What this story tells us is in fact, at least when the targets are valuable enough or specific enough, they're going to be willing to do that.

KELLY: To the critical question of who did this, you quote sources who point to a Chinese military unit.

RILEY: That's right.

KELLY: China denies that they have done this, that they have anything to do with this. How confident are you based on your reporting that this was China?

RILEY: Well, that's certainly what the U.S. government has assessed it to be, and they assess it with...

KELLY: U.S. intelligence.

RILEY: U.S. intelligence - that's right. And they assess it with very high confidence. And it's interesting. When we asked China's foreign ministry for a response, a lot of times they'll say things like, you're crazy; we know nothing about this. Their response was a little more nuanced and contextual in the environment we're in now. Basically they said, we are a victim of these kinds of attacks, too. And, you know, they're right. The U.S. government - it's very, very good at these kinds of hardware attacks. And on - a subtle way that - the message that they were delivering was, don't pick on - just on us. If you guys want to talk about very sophisticated hardware attacks, you have to talk about what you do as well.

KELLY: You're citing sources in U.S. intelligence, and I want to push you on this because...

RILEY: Sure.

KELLY: ...Some of the companies caught up in your reporting, which include Amazon, which include Apple, which include Super Micro - they dispute summaries of your reporting. You've got their full statements on your website.

RILEY: That's right. They say basically...

KELLY: What's your response?

RILEY: They basically said nothing like this ever happened.

KELLY: Can you give me a sense of how many officials you've talked to who are informing your reporting?

RILEY: I'll give you a sense of the cluster of sources 'cause that's really important. So we had several sources inside the U.S. intelligence community. We had several sources inside law enforcement. We had sources inside the other parts of the U.S. government. But we also, more importantly, had sources inside the companies who - where these chips were found. The interesting thing about Apple and Amazon is they are two very, big very valuable companies, but they also have pretty good security. The fact that they found these chips was amazing in itself.

Now, companies are going to be responsible for saying what they want to say, but based on our sourcing and the way it was layered from so many different places, including inside the companies, we were really confident that we had the story down.

KELLY: So what are the implications of this?

RILEY: Well, they're large. They're...

KELLY: (Laughter) Yeah.

RILEY: They're really big.

KELLY: They are large.

RILEY: In part...

KELLY: Both economic and national security.

RILEY: That's right in part because the global economy is built on sort of global outsourcing trade model. And, again, especially when it comes to technology, China is a huge player in that. And the implications of this are companies now have to think, well, do I have to worry about what's being put in the technology that's being manufactured? How do I try and counter that? Is it - should I go someplace else and make things?

I mean, it's a really big, hard issue to solve for a lot of companies. A lot of companies - the reason they operate as cheaply and can sell products as cheaply as they can is because many of those products are made in China. If they have to rethink the entire model, you get a - sort of a tidal wave of decisions that could impact the global economy.

KELLY: Your reporting continues...

RILEY: Yes.

KELLY: ...It sounds like. That is Bloomberg reporter Michael Riley, who along with his colleague Jordan Robertson wrote "The Big Hack: How China Used A Tiny Chip To Infiltrate U.S. Companies." Michael Riley, thank you.

RILEY: Thanks very much. Transcript provided by NPR, Copyright NPR.