Computer/Network gear that is designed, manufactured, sold and distributed by Chinese companies should be assumed to come with MSS-infected microcode, SecureBoot ([U]EFI/BIOS), firmware and operating systems that are vulnerable in ways that offer “plausibly deniability” as to the intent of the manufacturer. In some cases, the infected payload will be transmitted to the customer environment through updates supplied by Chinese websites, again in ways that allow for “plausibly deniability” as to their intention. Hacking Fortune 100 companies was one thing (because, shame on the Fortune 100 companies), but the recent move by China to hack Anthropic and use Claude as a cyber weapon is most definitely the straw that has broken the camel’s back, unleashing bi-partisan congressional support for a wide range of limits on China’s market access. Many products, distributors and services WILL be removed from the global marketplace, but the wheels are turning slowly and in the meantime, we need to be vigilant and stay safe.
PS: The entertaining hacks (aka “influencers”) on YouTube, Reddit and in the blogger-sphere in general, are aware of these risks but recommend potentially dangerous Chinese systems and networking products anyway. In many cases, they will falsely portray the items as already being popular and The Way that everyone is doing IT. While their defense might be “don’t blame the player, blame the game”, people were shot at and died to create the freedom that they are now putting others at risk of losing with such reckless recommendations. It’s not just hardware either. These same video grifters will cheerfully recommend remote-access software (and kvm) products without even including the most basic of warnings. Should these irresponsible influencers be “de-platformed” by a faceless “Trust and Safety” team that’s somehow expected to come up to speed on the complex risks of every product that is otherwise (for the moment) still being legally distributed? No! In the 250 year history of the United States and for a century or two prior in Europe, there have been entire classes of crackpots roaming the countrysides peddling everything from hair-regrowth medicine, cult religions and life-extending hot springs (my favorite was the story of “Zzyzx” that seemed to hit on all three). The people who are making these infomercials while intentionally leaving out any account of the danger their viewers are placing themselves in by following such “advice” will ultimately feel the same wrath and suffer the common outcome associated with such behavior: being locked out of the economy and deprived of their assets. <cue https://youtu.be/BD2kWCfTcaU>
Computer/Network gear that is designed, manufactured, sold and distributed by Chinese companies should be assumed to come with MSS-infected microcode, SecureBoot ([U]EFI/BIOS), firmware and operating systems that are vulnerable in ways that offer “plausibly deniability” as to the intent of the manufacturer. In some cases, the infected payload will be transmitted to the customer environment through updates supplied by Chinese websites, again in ways that allow for “plausibly deniability” as to their intention. Hacking Fortune 100 companies was one thing (because, shame on the Fortune 100 companies), but the recent move by China to hack Anthropic and use Claude as a cyber weapon is most definitely the straw that has broken the camel’s back, unleashing bi-partisan congressional support for a wide range of limits on China’s market access. Many products, distributors and services WILL be removed from the global marketplace, but the wheels are turning slowly and in the meantime, we need to be vigilant and stay safe.
PS: The entertaining hacks (aka “influencers”) on YouTube, Reddit and in the blogger-sphere in general, are aware of these risks but recommend potentially dangerous Chinese systems and networking products anyway. In many cases, they will falsely portray the items as already being popular and The Way that everyone is doing IT. While their defense might be “don’t blame the player, blame the game”, people were shot at and died to create the freedom that they are now putting others at risk of losing with such reckless recommendations. It’s not just hardware either. These same video grifters will cheerfully recommend remote-access software (and kvm) products without even including the most basic of warnings. Should these irresponsible influencers be “de-platformed” by a faceless “Trust and Safety” team that’s somehow expected to come up to speed on the complex risks of every product that is otherwise (for the moment) still being legally distributed? No! In the 250 year history of the United States and for a century or two prior in Europe, there have been entire classes of crackpots roaming the countrysides peddling everything from hair-regrowth medicine, cult religions and life-extending hot springs (my favorite was the story of “Zzyzx” that seemed to hit on all three). The people who are making these infomercials while intentionally leaving out any account of the danger their viewers are placing themselves in by following such “advice” will ultimately feel the same wrath and suffer the common outcome associated with such behavior: being locked out of the economy and deprived of their assets. <cue https://youtu.be/BD2kWCfTcaU>