The Big Hack: What are the Implications for Oregonians?

The world of cybersecurity is full of unexpected surprises and attacks that are amazingly inventive and amazingly nefarious all at the same time. We’re talking of course about what’s being called the Big Hack. In an explosive report, Bloomberg is claiming that the Chinese military used a tiny chip implanted on server motherboards to infiltrate some of America’s top companies. The risk is significant, potentially allowing Chinese hackers to gain access to sensitive information or even take control over the servers.

It should be noted that following the initial report, the main players  in the story including Amazon, Apple and Supermicro, a manufacturer of server boards, issued statements disputing the report.

What’s particularly alarming to many in all of this is the implication that China was able to weaponize the complex supply chain through which most sophisticated electronics are built.  However, supply chain attacks of this nature are real and something that has been of concern to the IT industry for many years, according to Charlie Kawasaki, vice chair of the Oregon Cybersecurity Advisory Council.

“If the story in fact turns out to be true, it both demonstrates the threat, but also the solution,” says Kawasaki. “It’s a lopsided fight. The IT industry has to secure everything, everywhere. The adversaries only have to find one flaw.”

Nonetheless, as reported by Bloomberg, it was the IT team at Amazon, one of the companies impacted by the compromised server boards, who found the flaw by conducting extensive analysis.

“This is a great example of what the industry is doing in cybersecurity, and needs to do more of,” Kawasaki adds.

In terms or next steps, “most Oregonians don’t need to do anything about this particular attack,” Kawasaki says. “As this incident illustrates, it’s more important than ever that consumers follow best practices such as good password management including the use of multi-factor authentication, making sure their systems are updated and patched and exercising caution against phishing.”

In an interview that aired on October 4, 2018 on KATU in the Portland market, Kawasaki discussed the implications in more detail: