My name is Hai Pham. I am a software developer and I have been working in software development for almost 18 years. Although I have worked in software development, but many projects that I worked relate to security. Therefore, I am trying to pursue a cybersecurity program to increase my knowledge in IT security. In the long run, I really wanted to work in the IT Security field. Hopefully, once I am done with my Cybersecurity field, I would have a chance to move from software development to IT Security or Cybersecurity field.
My blog's purpose is to talk about the current information security threats that happen in IT security in general. It can be a current virus, cyber attack, ransomware attack, phishing attack, spy hardware, etc. Life is constantly facing new security threats every day and it is wise to be able to know and stay alert with those threats so that we could "Mitigate it, eliminate it, transfer it, or accept it" (Shostack, 2014).
One crazy security threat from last month that really drew my attention was the tiny spy chip. A report from CNBC mentioned that "the Chinese government snuck a pencil tip–size spy chip into equipment from an Amazon and Apple component supplier " (McKinley, 2018). The spy chip compromised America’s technology supply chain. It impacted almost 30 US companies: including two major companies: Apple and Amazon. We often see software attack, such as trojans, worms, viruses, and they are very common. The spy chip that China created was a hardware attack. This is not common, and I think this is a more complicated attack. Hardware attacks are very hard to detect and potentially more devastating.
(BLOOMBERG BUSINESSWEEK, 2018)
According to the Bloomberg BusinessWeek Report, the chips were used for gathering intellectual property and trade secrets from the US companies. I am surprised that the problem was found in 2015 by independent security investigators but the chip was not reported to the public until Oct 2018. The chip is small like a grain of rice and had been inserted during the manufacturing process of the motherboard. The main impact was “the microchip altered the operating system’s core so it could accept modifications. The chip could also contact computers controlled by the attackers in search of further instructions and code” (Bloomberg, 2018).
Referemce:
McKinley, E. (2018, Oct 5). China pencil-tip spy chip’s ultimate market risk: The profits built on big tech’s low-cost global supply chain. Retrieved from https://www.cnbc.com/2018/10/05/chinas-cyber-spying-keeps-a-lot-of-us-tech-ceos-up-at-night.html
Bloomberg. (2018, Oct 4). The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies. Retrieved from https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
