Earlier this fall, the United States issued reports and warnings that hackers with backing from the Chinese government and military pose serious cyber-threats to U.S.-based companies. It is not just American businesses that need to be wary of Chinese privacy and security breaches, however; American consumers should be concerned as well.
Recently, the U.S. Department of Homeland Security warned U.S. firms to be vigilant about potential cyber-threats from Chinese firms that either solely or with U.S. partners offer managed services, such as IT support for American companies that choose to outsource their IT needs. At the same time, the U.S. Computer Emergency Response Team (US-CERT), which provides disaster response and warnings about serious cybersecurity issues, published an alert that un-named countries are using cloud services to steal data and trade secrets from U.S. companies.
US-CERT did not identify the nation-states that were launching the attacks or the companies that were victimized, but China has long been known to be a sponsor of government- and military-backed hacks. US-CERT indicated that the cyber-attacks targeted information technology firms, health-care companies, telecommunications and Internet providers, and manufacturers—all entities that Chinese cyber-attacks have previously sought to undercut.
At the same time these warnings were being released, Bloomberg published a stunning investigation showing that Chinese hackers most likely backed by the Chinese government, inserted chips into network servers used by U.S. government entities—the Defense Department and CIA—and more than 30 major U.S. corporations. Despite significant pushback from some parties, Bloomberg stood by its story which found that the motherboards for the servers where the chips were found were built by a company bought by Amazon in 2015, but may have been in place before Amazon’s purchase.