Will you buy your servers from a Chinese company?

Will you buy your servers from a Chinese company?

Summary: Lenovo's purchase of IBM's server hardware product line could cause businesses to rethink buying options.

SHARE:
23

With yesterday’s announcement that Lenovo would be acquiring a portion of IBM’s server hardware product line, much as they did their desktop PC and laptop business back in 2005, the question of the security once again rears its ugly head related to made in China computer hardware.

This is not an issue about the quality of the products; the ThinkPad line of Lenovo notebooks, considered one of the best products on the market from IBM, has retained its standing as a quality and innovative product in the 8 years since the Chinese acquisition. But in light of the many alleged Chinese-based hacking attacks on the US, and concerns over hardware based malware,  the issue of building your datacenter around hardware that is owned by a Chinese company and built in China, is a real one.

Back in March 2013, the US government banned the purchase of Chinese-made hardware after a series of hacking attacks on government sites supposedly at the direction of the Chinese government. While these attacks were officially denied by China, it did raise a specter of fear over the potential that hardware coming from China could already be compromised. The government ban did allow for the purchase of equipment provided that the FBI approved the purchase after assuring that the hardware was not compromised and that there was no cyber security risk associated with the hardware.

According to an article last July in the Australian Financial Review, intelligence agencies in the US, Britain, Canada, New Zealand, and Australia had already internally banned the use of Chinese-made computers (though the Australia Department of Defense later denied the claim, stating that here was no ban on the use of Lenovo hardware on their networks, but that no one had, at the time of the report, asked to have Lenovo hardware accredited for use on their networks).

It should be noted that this sale to Lenovo was only of the X86-based server line. IBM retains the manufacturing and ownership of the various Power-based servers, z system mainframes, and its Pure series of appliance hardware.  Lenovo will become a global reseller of many of the IBM products it is not acquiring, aiding IBM’s entry into Asian markets, specifically China, where it has been having problems gaining a toehold.

So how do you feel about this issue? Is the potential for built-in security problems enough to stop you from building your datacenters on Lenovo server systems?

Topics: Data Centers, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

23 comments
Log in or register to join the discussion
  • Yes ...

    ... anything from the US is now last on my list!

    Until there is a combined hardware and software initiative from a trustworthy source aimed at locking out Government agencies and preserving my privacy and freedom I shall continue to feel unsafe.
    jacksonjohn
    • Hard to say which is worse

      b/t a server assembled by commie and one produced in US loaded w/ NSA backdoor spyware.
      LBiege
      • congratulations

        for using buzz words without knowing what they mean
        theoilman
        • What, calling a commie a commie offends you?

          I guess to other Marxists, "commie" is an accurate term but now considered politically incorrect.

          S***w you and all your commie friends.
          robajoseph15
  • Days to hate chinese products is gone

    Days to hate chinese products is gone, We can't trust any US company also.
    Mac_Win
  • Two sources

    So the Chinese and the NSA have your information. The first via a hardware backdoor and the second through Windows. Maybe they could compare notes.
    Linux_Lurker
    • Well, If Windows actually did have a back door that would be a concern

      but seeing that's it been proven not to, I guess you'll be happy to run your Linux software on a Chinese built spy "satellite" sitting in your server room. ;)
      William.Farrel
      • How was it proven?

        I hadn't seen anything but assertions...

        But no proof.
        jessepollard
  • Thinkpads are still the best

    ThinkPads are still the best business PC laptop out there over the likes of Dell, HP, etc. They've been a top seller for years. This isn't much different. Why sensationalize the topic? Did this site get bought by Fox news?
    unredeemed
    • What?!

      What? Is only Fox News allowed to ask relevant questions? All others must drool over everything that is announced?

      I wish *more* journalists would ask these questions! China is *not* an ally, and do not have our best interests at heart. I give IBM *zero* credit for selling assets off to an enemy state, and would not consider anything bought from them to be secure. How many times do we have to learn? Just google the reports of poisonous substances and lead paints in imported toys made in China. Everything we get from them needs to be classified as "suspect".
      Techboy_z
  • Why not?

    You can pretty easily monitor everything that goes into or comes out of a server (wired or wireless), so I don’t think I’d worry about servers (or client PCs). What might worry me would be buying network infrastructure hardware from Chinese firms. Still, I’d probably only worry if I thought Beijing wanted to spy on me (e.g. if I worked for a military firm, did research with potential military applications, etc.).

    In general, both Washington and Beijing (along with others) spy on us. For the average person in the West who supports liberal democracy, human rights, etc., Washington is less likely to be a threat than Beijing. Even so, neither is really hostile. I object to a lot of Beijing’s policies (e.g. in Tibet), but decisions were taken by democratic governments to open up trade with China, so that’s just the way it is.
    WilErz
    • You can monitor the communications channels you KNOW about...

      The NSA catalog has items provided that allow covert communications external to any wired/wireless interfaces you may have...
      jessepollard
      • Sure they do

        If I put a server without any wireless interfaces in a room with shielding to prevent wireless transmissions, and have only a single, monitored, wire going out of the room, how do the NSA supposedly communicate with my server? The answer is they don’t, or if they do, the activity over the wire will be monitored.

        It’s pretty easy to hack most systems in the real world, but it’s because of poor security practices (people are usually the weakest link in the chain), and not because of imaginary NSA back doors or secrete voodoo transmission technology. We know from the Snowden data, for example, that one of the ways the NSA collect data they want from Google is by simply hacking into Google’s servers (and they can obviously do the same with Apple’s, Microsoft’s, Amazon’s, etc.). The NSA don’t need back doors or technical voodoo, because it’s easier, safer and cheaper to just hack their way in.

        You’re probably just trolling anyway, as usual, but some people fall for posts by trolls when they aren’t familiar with the topic. Anyway, I don’t even mind feeding the trolls when I’m bored. It’s sometimes good for a laugh.
        WilErz
        • Not necessarily.

          The monitoring tools you have available only work within specific frequency ranges.

          Covert channels do not use those ranges.

          For a simple example, you can plug a radio antenna into a wired ethernet... NONE of the network tools will realize there is an extra channel....

          How do you think cable companies do it?

          Now, assuming you can afford the cost of a good faraday cage (hint - they cost several 10s of thousands of dollars for just an 8'x8'x8' room (I used to work next door to one),
          AND you have no wiring going in/out of that room (and that includes power wiring, then yes - you will be protected...

          You can't. Even power wiring can be used for covert channels (ever hear of powerline networking?).

          Even phone lines were used for covert channels - that is how DSL worked...
          jessepollard
  • US has off shored most manufacturing anyway

    A sensationalist headline designed to attract eyeballs. Given that most US "manufacturers" off shore production (iPhones and Macs are a very obvious example), and the top business laptops are already made by Lenovo, all this article seems to be attempting is to prop up jingoistic support for the NSA and the economic and political spying that acts as a prop to the US economy.
    Master668
    • And all memory... and most peripherals too.

      Disks, tapes, memory sticks, ...

      If you even look, the "smart cards" used for credit are from China.

      Even the government id cards get chips from either Vietnam or China...
      jessepollard
  • You've always been buying your servers from China

    You've always been buying your servers from China. The only difference now is the little sticker/logo on the front of the machine.
    georgeou
  • Where are servers from Dell and HP made?

    (nt)
    larry@...
    • Or, for that matter...

      The server line that IBM is selling to Lenovo
      larry@...
  • Why

    What s the problem with Chinese companies? And besides everything these days seems to me are all made from china(mostly). So nothings new.
    Koymik