Rattled: China’s Hardware Hack – PRC’s Response
[NB: Note the byline. Portions of my content are speculative. / ~Rayne]
The following analysis includes a copy of an initial response Bloomberg Businessweek received from the Ministry of Foreign Affairs for the People’s Republic of China (PRC) in response to its story, The Big Hack. In tandem with the Bloomberg story this was published on October 4 at this link. PRC’s response is offset in blockquote format. No signer was indicated in the published response. Additional responses to Bloomberg’s story will be posted separately.
__________
People’s Republic of China
China is a resolute defender of cybersecurity.[1] It advocates for the international community to work together on tackling cybersecurity threats through dialogue on the basis of mutual respect, equality and mutual benefit.
[1] It’s hard to argue that PRC does not defend its own cybersecurity resolutely.
[2] There are four themes here, at least:
— collaboration and ongoing dialog, but this requires trust which are difficult to develop without openness;
— mutuality, which again requires trust;
— equality, an insistence that footing of those in dialog is level;
— benefit, implying a transactional nature.
This may be a very small paragraph but it is heavily loaded and not for the kind of lightweight, half-assed diplomacy we’ve seen from this administration.
Supply chain safety in cyberspace is an issue of common concern, and China is also a victim.[3] China, Russia, and other member states of the Shanghai Cooperation Organization proposed an “International code of conduct for information security” to the United Nations as early as 2011.[4] It included a pledge to ensure the supply chain security of information and communications technology products and services, in order to prevent other states from using their advantages in resources and technologies to undermine the interest of other countries.[5] We hope parties make less gratuitous accusations and suspicions but conduct more constructive talk and collaboration so that we can work together in building a peaceful, safe, open, cooperative and orderly cyberspace.[6] —Translated by Bloomberg News in Beijing[7]
[3] What is PRC alleging here? Are they accusing the U.S. of compromising their supply chain? Difficult for the American public to debate this when it is so opaque though this comment may be based directly on NSA interception of networking equipment to be used in China as one example.
[4] What was happening between U.S. and Russia at that point in time? PRC acts as if an agreement to this code would happen in a vacuum.
[5] A dig at U.S.
[6] Another dig at U.S.
[7] There has been no apparent demand for correction to any of this translation.
Like Supermicro’s response this one is very short and effective, giving little away.
I will preface this by saying, that I am completely uneducated on serious tech (and I’m sure it shows).
To their (Chinese gov’t) statement, I don’t know, but China and Russia were collaborating on a “safe” internet, in limiting access to outside material. “Sovereign Internet”.
China and Russia Join Hands for Internet Censorship
https://foreignpolicyblogs.com/2016/05/02/china-and-russia-join-hands-for-internet-censorship/
Then you have Ajit Pai who went through deceptive means of providing ‘proof’ of endorsement by the US population on killing net neutrality which, in reality, most people endorse. Is that a path to censorship?
Was the US government involved in the overall scheme? No idea. When Apple quit Super Micro they alleged a firmware issue (not hardware).
https://www.macrumors.com/2017/02/23/apple-ends-relationship-with-super-micro/
One thing I DO know about Apple, and that is that they will lie and cover any issues with their products, and gaslight the consumer into believing it’s all user error. It takes a very long time for them to come clean about virtually anything. And over the years, they have severely limited customization by the end user. They’ve integrated Siri through everything and so you can’t scrap it, as one example. At least I can’t.
When Apple quit Super Micro they alleged a firmware issue (not hardware).
And yet…
Rayne, I’m no expert on China cybersecurity but thought they had pretty effective controls around social media and information searches.
So when I read, “[1] It’s hard to argue that PRC defends its own cybersecurity resolutely”, I find I want it to read, “[1] It’s hard to argue that PRC does not defend its own cybersecurity resolutely.”
Am I mis-informed, confusing apples with oranges, or misunderstanding an Americanism?
You’re right, I dropped the ‘not’, will revise momentarily. Thanks!
Thanks for the interesting review and analysis.
Shorter translation of PRC statement from 2011: “But backdoors in Cisco equipment!”
The item in 2011 referred could be Lenovo’s un-deletable additive to windows through the UEFI implementation.
https://tech.slashdot.org/story/15/08/12/1427259/lenovo-installed-software-on-laptops-that-persisted-after-complete-wipes