A crew of unknown men mosey into a chip manufacturer in China and say, “to hell with the blueprints, jam this pencil-tip size chip in the middle of everything; if you do, you get a bunch of money; if you don’t, you fail your next inspection and your factory is done.”
In Bloomberg Businessweek’s “The Big Hack: How China Used a Tiny Chip to Infiltrate America’s Top Companies,” Jordan Robertson and Michael Riley identify the bad actors as “middlemen” and go on to describe how, through the implant, they likely infiltrated the backbone of 30 prominent US businesses, including Apple and Amazon, and those who do business with them.
It made its rounds — Apple and Amazon deny; Bloomberg doubles-down saying they spent a year conducting over “more than 100 interviews, including several current and former senior national security officials and insiders at Apple and Amazon. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks.”
And then nothing. It appears as if Americans are not concerned that a foreign government could have outfoxed Amazon, Google, and our own federal government and walked away with volts of information.
When it’s a foreign adversary perpetrating the heist against Americans, we call it espionage; when it’s citizen-on-citizen, we call it cybercrime. Our journalists call the perpetrators, “middlemen” and “hackers.” At this moment in time, our personal data is a resource as life-giving as it is lethal. I’d call anybody in the business of stealing it a thug.
Bloomberg recounts how in September 2015, President Barack Obama and Chinese President Xi Jinping met at the White House to announce a cybersecurity deal: China would no longer support hackers who stole intellectual property from US companies for the benefit of Chinese companies. In the weeks after the deal was touted, we learn, the Pentagon quickly and quietly ushered the country’s leading tech executives and investors to McClean, Virginia to see if anyone could create a product which would identify hardware implants.
Bloomberg concludes its article by proclaiming, “In the three years since the briefing in McLean, no commercially viable way to detect attacks like the one on [these] motherboards has emerged — or has looked likely to emerge.”
That’s fair — until now.
Distributed ledger technology, the technology behind blockchain, changes everything.
There’s an Arms Race, and the Bad Guys Are Winning
The alleged chip implants allowed The Chinese People’s Liberation Army to gain control of the systems they were put into. Gaining control of mission-critical devices doesn’t have to require chip implants though. Take for example the hack which blew out half of the internet in October 2016 — three guys between nineteen and twenty years old from Pennsylvania and Louisiana compromised a bunch of DVRs and webcams and then directed them to attack the servers which host our favorite websites when they told the devices they no longer belonged to their owners.
At the end of the day, in all cases, it comes down to “transmission control.”
TCP/IP — which is the abbreviation for Transmission Control Protocol/Internet Protocol — is a bundle of protocols developed by DARPA between 1978–1983 and from which the internet spawned. We analogize TCP/IP as the information superhighway; architecturally, it is responsible for connection establishment, management, and reliable data transport between software processes on devices.
The problem, though, is TCP/IP, as we know it, doesn’t do anything to govern the processes which run on the hardware it connects. If a central server says, “Hey, I’ve decided Jonathan Manzi’s iPhone no longer belongs to him and belongs to Elon Musk instead” then, presto, TCP/IP makes it happen.
How We Can Throw a Knockout Punch with Distributed Ledger Technology
When each device is manufactured, it follows a recipe — the list of ingredients is called the BOM, or bill of materials. The parts which can have malicious software loaded on them — for example, the microchips — are, at the finest level of detail, unique due to the properties of silicon. In other words, each has a unique fingerprint.
In a distributed ledger framework, each device — take my iPhone — would have the fingerprints of its pertinent parts stored on it — and here’s the kicker — it would have the fingerprints of all the pertinent parts of all other iPhones in the Universe also stored on it. And when a new iPhone is manufactured, my iPhone and all other iPhones in the Universe add the new iPhone’s fingerprints.
This way, if through TCP/IP, a treacherous message comes through — Manzi’s iPhone now belongs to Musk — Manzi’s iPhone understands the Universe recognizes Musk’s iPhone as being assigned to fingerprints which Manzi’s phone does not have. It doesn’t allow the hack to happen.
To be clear, TCP/IP need not be replaced, we just need to introduce a distributed ledger based protocol to sit on top and coordinate decide-to-device communication.
A Status Quo Which Will Be Our Ruin; A Breakthrough to Unite Us
As we enter the era of cyberware, every gadget and device is a new battleground.
Imagine if an adversary had control of our traffic grids and the delivery rooms of our hospitals.
Just like we united globally around technology to create the internet, we must unite again to prevent cybercrime by bolting on a universal protocol for node-to-node coordination on-top of TCP/IP.
Jonathan Manzi is the Co-Founder and CEO of Beyond Protocol, Inc., a mostly stealth Silicon-Valley distributed ledger technology venture building “the internet of the new era — the ethical language of machines.”