Oleg Zabluda's blog
Thursday, October 04, 2018
 
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
"""
In 2015, Amazon Inc. began quietly evaluating a startup called Elemental Technologies, a potential acquisition to help with a major expansion of its streaming video service, known today as Amazon Prime Video. Based in Portland, Ore., Elemental made software for compressing massive video files and formatting them for different devices. Its technology had helped stream the Olympic Games online, communicate with the International Space Station, and funnel drone footage to the Central Intelligence Agency. Elemental’s national security contracts weren’t the main reason for the proposed acquisition, but they fit nicely with Amazon’s government businesses, such as the highly secure cloud that Amazon Web Services (AWS) was building for the CIA.

To help with due diligence, AWS, which was overseeing the prospective acquisition, hired a third-party company to scrutinize Elemental’s security. The first pass uncovered troubling issues, prompting AWS to take a closer look at Elemental’s main product: the expensive servers that customers installed in their networks to handle the video compression. These servers were assembled for Elemental by Super Micro Computer Inc., a San Jose-based company (commonly known as Supermicro) that’s also one of the world’s biggest suppliers of server motherboards. In late spring of 2015, Elemental’s staff boxed up several servers and sent them to Ontario, Canada, for the third-party security company to test.

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.

During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. [...] had been inserted at factories run by manufacturing subcontractors in China. [...] by operatives from a unit of the People’s Liberation Army.
[...]
China makes 75 percent of the world’s mobile phones and 90 percent of its PCs.
[...]
it eventually affected almost 30 companies, including a major bank, government contractors, and Apple Inc. Apple [...] had planned to order more than 30,000 of its servers in two years for a new global network of data centers. Three senior insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards. Apple severed ties with Supermicro the following year, for what it described as unrelated reasons.
[...]
In emailed statements, Amazon (which announced its acquisition of Elemental in September 2015), Apple, and Supermicro disputed summaries of Bloomberg Businessweek’s reporting. “It’s untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental,” Amazon wrote. “On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server,” Apple wrote. “We remain unaware of any such investigation,” wrote a spokesman for Supermicro, [...] The FBI and the Office of the Director of National Intelligence, representing the CIA and NSA, declined to comment.
[...]
Trump administration has made computer and networking hardware, including motherboards, a focus of its latest round of trade sanctions against China, and White House officials have made it clear they think companies will begin shifting their supply chains to other countries as a result.
[...]
Supermicro has assembly facilities in California, the Netherlands, and Taiwan, but its motherboards are nearly all manufactured by contractors in China. [...] The majority of its workforce in San Jose is Taiwanese or Chinese, and Mandarin is the preferred language,
[...]
in the first half of 2014, [...] intelligence officials went to the White House with something more concrete: China’s military was preparing to insert the chips into Supermicro motherboards bound for U.S. companies.

Apple made its discovery of suspicious chips inside Supermicro servers around May 2015, after detecting odd network activity and firmware problems, [...] reported the incident to the FBI but kept details about what it had detected tightly held, even internally. [...] Apple didn’t provide government investigators with access to its facilities or the tampered hardware, the extent of the attack there remained outside their view.
[...]
Government investigators were still chasing clues on their own when Amazon made its discovery and gave them access to sabotaged hardware, [...] Amazon’s security team conducted its own investigation into AWS’s Beijing facilities and found altered motherboards there as well [...] In one case, the malicious chips [...] embedded between the layers of fiberglass
[...]
The chips on Elemental servers were designed to be as inconspicuous as possible, [...] Gray or off-white in color, they looked more like signal conditioning couplers, another common motherboard component, than microchips, and so they were unlikely to be detectable without specialized equipment.
"""
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

Labels:


| |

Home

Powered by Blogger