Technology corrupted at birth – another supply chain risk to consider

The sources of supply chain risk continually evolve and develop. Many are natural in origin - floods, earthquakes and so on. Some are political or organisational, while others are caused by malicious and deliberate actions. Those will always be driven by the creativity of the perpetrators – as one risk is closed down, another will spring up.

Last week we saw a new concept (to me anyway) – cybercriminals infecting computers with malware before they even leave the factory where they’re manufactured! As the BBC reported:

In a report detailing its work to disrupt the Nitol botnet, Microsoft said the criminals behind the malicious program had exploited insecure supply chains to get viruses installed as PCs were being built.

The viruses were discovered when Microsoft digital crime investigators bought 20 PCs, 10 desktops and 10 laptops from different cities in China. Four of the computers were infected with malicious programs even though they were fresh from the factory.

That’s incredible and more than a little worrying. Organisations in most cases at least take precautions against security threats once equipment is purchased and on their own premises; but it wouldn’t have occurred to me that brand new kit might come with its very own brand new problems!

It’s another argument for understanding your supply chain and the firms that are within it, and also perhaps an argument for not being seduced by low cost producers who may not have the controls of a more blue-chip name.

It could even be used as another argument against outsourcing and offshoring – although to be honest, there’s not an awful lot of IT manufacturing going on anywhere in the world except for the Far East these days. “Let’s all buy purely UK / US made technology” would probably leave us all using the abacus to work out our budgets...

Share on Procurious

Discuss this:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.