Nicole Perlroth

One base stayed in China, while the other moved its new official headquarters to Irvine, California to serve the U.S. market. TP-Link wants you to believe this split means it's no longer Chinese. And as this episode was coming together, TP-Link's general counsel sent me a tersely worded message saying, quote, Any claim TP-Link is a Chinese company is, quote, unlawful and legally actionable.

One base stayed in China, while the other moved its new official headquarters to Irvine, California to serve the U.S. market. TP-Link wants you to believe this split means it's no longer Chinese. And as this episode was coming together, TP-Link's general counsel sent me a tersely worded message saying, quote, Any claim TP-Link is a Chinese company is, quote, unlawful and legally actionable.

According to this lawyer, quote, TP-Link is a US-based company that manufactures routers for the US market in Vietnam. But a week after TP-Link's lawyers put me on notice, Bloomberg published its own investigation, which found that Vietnam is effectively just a final assembly point. Their words, that only half a percent of TP-Link's components come from Vietnam.

According to this lawyer, quote, TP-Link is a US-based company that manufactures routers for the US market in Vietnam. But a week after TP-Link's lawyers put me on notice, Bloomberg published its own investigation, which found that Vietnam is effectively just a final assembly point. Their words, that only half a percent of TP-Link's components come from Vietnam.

The rest are still imported from China. And then there's what Rob Joyce, the NSA's former cybersecurity chief, testified to Congress and told our live panel podcast in March. He testified that TP-Link's push into the U.S. isn't just smart business. It's strategic. Rob told us the company is selling its routers at a loss, a deliberate move to flood the U.S.

The rest are still imported from China. And then there's what Rob Joyce, the NSA's former cybersecurity chief, testified to Congress and told our live panel podcast in March. He testified that TP-Link's push into the U.S. isn't just smart business. It's strategic. Rob told us the company is selling its routers at a loss, a deliberate move to flood the U.S.

with cheap routers and build what he called a PRC platform.

with cheap routers and build what he called a PRC platform.

It reminded me of that line from Huawei's founder, a country without its own program controlled switches is like one without an army. TP-Link disputes all of this and emphasizes that its security is on par, if not better, than leading routers. That said, a recent Microsoft assessment took a careful look at one of these Chinese botnets.

It reminded me of that line from Huawei's founder, a country without its own program controlled switches is like one without an army. TP-Link disputes all of this and emphasizes that its security is on par, if not better, than leading routers. That said, a recent Microsoft assessment took a careful look at one of these Chinese botnets.

They call it Covert Network 1658, and it's used by multiple Chinese APTs. Microsoft determined it was comprised of 8,000 compromised devices, the vast majority of them TP-Link. Now, that could just come back to the fact that more Americans are using TP-Link routers than ever before. Or it could not. U.S.

They call it Covert Network 1658, and it's used by multiple Chinese APTs. Microsoft determined it was comprised of 8,000 compromised devices, the vast majority of them TP-Link. Now, that could just come back to the fact that more Americans are using TP-Link routers than ever before. Or it could not. U.S.

investigators are now probing just how closely TP-Link Systems Inc., the new American incarnation of the company, is tied to China. And if they find it presents a, quote, unacceptable risk, Washington could use new authorities to ban TP-Link from the U.S., Politicians across the aisle are now zeroing in on the issue.

investigators are now probing just how closely TP-Link Systems Inc., the new American incarnation of the company, is tied to China. And if they find it presents a, quote, unacceptable risk, Washington could use new authorities to ban TP-Link from the U.S., Politicians across the aisle are now zeroing in on the issue.

Here's Democratic Congressman Raja Krishnamoorthi at a hearing on cyber threats in March. For context, he's holding up a TP-Link router.

Here's Democratic Congressman Raja Krishnamoorthi at a hearing on cyber threats in March. For context, he's holding up a TP-Link router.

TP-Link's routers, I should note here, aren't just sold on Amazon. They're everywhere. In fact, if you go to any U.S. military base and head to the commissary, you'll find TP-Link routers featured prominently on the shelves. But the routers are just the first step in breaking into U.S. infrastructure.

TP-Link's routers, I should note here, aren't just sold on Amazon. They're everywhere. In fact, if you go to any U.S. military base and head to the commissary, you'll find TP-Link routers featured prominently on the shelves. But the routers are just the first step in breaking into U.S. infrastructure.

It's what these hackers do or don't do once they're in that makes these attacks really difficult to detect. Once they're in, they often don't act immediately. In some cases, they lie completely dormant on a victim's networks for 60, sometimes 90 days, which puts them well outside the period most companies even keep logs or can flag anything unusual. Here's John Holquist again.

It's what these hackers do or don't do once they're in that makes these attacks really difficult to detect. Once they're in, they often don't act immediately. In some cases, they lie completely dormant on a victim's networks for 60, sometimes 90 days, which puts them well outside the period most companies even keep logs or can flag anything unusual. Here's John Holquist again.