technology The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

[BetaguyGZT]

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

Article link | Bloomberg.com website

Oh dear.  

Quote

The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.

ILLUSTRATOR: SCOTT GELBER FOR BLOOMBERG BUSINESSWEEK

 

By Jordan Robertson and Michael Riley

In 2015, Amazon.com Inc. began quietly evaluating a startup called Elemental Technologies, a potential acquisition to help with a major expansion of its streaming video service, known today as Amazon Prime Video. Based in Portland, Ore., Elemental made software for compressing massive video files and formatting them for different devices. Its technology had helped stream the Olympic Games online, communicate with the International Space Station, and funnel drone footage to the Central Intelligence Agency. Elemental’s national security contracts weren’t the main reason for the proposed acquisition, but they fit nicely with Amazon’s government businesses, such as the highly secure cloud that Amazon Web Services (AWS) was building for the CIA.

 

To help with due diligence, AWS, which was overseeing the prospective acquisition, hired a third-party company to scrutinize Elemental’s security, according to one person familiar with the process. The first pass uncovered troubling issues, prompting AWS to take a closer look at Elemental’s main product: the expensive servers that customers installed in their networks to handle the video compression. These servers were assembled for Elemental by Super Micro Computer Inc., a San Jose-based company (commonly known as Supermicro) that’s also one of the world’s biggest suppliers of server motherboards, the fiberglass-mounted clusters of chips and capacitors that act as the neurons of data centers large and small. In late spring of 2015, Elemental’s staff boxed up several servers and sent them to Ontario, Canada, for the third-party security company to test, the person says.

 

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design (emphasis added). Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.

 

During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China. (emphasis added)

(....)

But that’s just what U.S. investigators found: The chips had been inserted during the manufacturing process, two officials say, by operatives from a unit of the People’s Liberation Army. In Supermicro, China’s spies appear to have found a perfect conduit for what U.S. officials now describe as the most significant supply chain attack known to have been carried out against American companies.

 

(read the rest of the story at the article link above -- Neowin posting rules prohibit quoting more of the story than this.)

/sigh .... 

 

Kinda figures it'd be something like this.  It's a safe bet people in Washington are gonna go grape ape over this one.

[Obi-Wan Kenobi]

Oh my goodness! I'm not surprised. Probably been going on since outsourcing all of our jobs. I wouldn't be surprised if every piece of electronic anything that comes from over there is somehow spying.

[BetaguyGZT]

8 hours ago, Obi-Wan Kenobi said:

Oh my goodness! I'm not surprised. Probably been going on since outsourcing all of our jobs. I wouldn't be surprised if every piece of electronic anything that comes from over there is somehow spying.

I've wondered about that very possibility for a long time -- could this development be related to the recent goings on concerning Huawei and ZTE, and we're just now being made privy to it? We knew China needed to be kept at arm's length, but this ... yeesh.

 

What do you think, @DocM? 

[DocM]

This chip manipulation and embedded malware issue has been going on for some time, same as IP theft and currency manipulations, but before the political will wasn't there to whack China betwixt the eyes with a baseball bat. Not a problem now.

 

This is where smashmouth diplomacy is 100% appropriate. Should have been done long ago.

[BetaguyGZT]

Yeah.

 

Reading an additional story on this matter and there are contradictions now -- from Apple and Amazon both. It's from the Washington Post, so of course they're going to run a counter-piece to refute anything that negatively impacts Amazon.

 

https://www.sciencealert.com/china-inserted-surveillance-microchip-in-servers-used-by-amazon-and-apple if anyone is interested.

[Jim K Global Moderator]

Yea, I would caution against the accuracy of the Bloomberg article before raising pitchforks any higher. Apple has strongly refuted the article.  tl:dr ... Apple doesn't know what Bloomberg is talking about. 

 

https://www.apple.com/newsroom/2018/10/what-businessweek-got-wrong-about-apple/

 

Quote

Over the course of the past year, Bloomberg has contacted us multiple times with claims, sometimes vague and sometimes elaborate, of an alleged security incident at Apple. Each time, we have conducted rigorous internal investigations based on their inquiries and each time we have found absolutely no evidence to support any of them. We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg’s story relating to Apple.

 

On this we can be very clear: Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.

 

/snip

That is not a soft denial, or a "we're looking into this report" ... Apple is saying "Nope!"

[cork1958]

You get what you pay for and in this case, maybe even extra!

 

Dang Chinese s**t!! Can't say as I hadn't wondered about something like this for a long time though.

[Guest]

isnt this fake news and debunked already?

[BetaguyGZT]

If it is, then good. I'll be the first one to be pleased as punch over it being fake.

[FloatingFatMan]

Y'know... You'd think that, for a tech forum, people on here would be a lot more savvy when it comes to rubbish like this.

 

Anyone that knows anything at all about electronics could tell you that that teeny tiny chip, and it's location, wouldn't actually be capable of doing anything at all.

[BetaguyGZT]

You'd be surprised what can be done now.

 

That being said ... yeah. The evidence isn't really there the more this is being looked into.

[tiagosilva29]

1 hour ago, FloatingFatMan said:

Anyone that knows anything at all about electronics could tell you that that teeny tiny chip, and it's location, wouldn't actually be capable of doing anything at all.

After discovering about The Thing, I began a ritual to wrap myself in tinfoil every morning, while humming "Neobond is love".

[Dick Montage]

23 minutes ago, tiagosilva29 said:

Neobond is love

Keep drinking that Kool-ade, fanboi

[tiagosilva29]

6 minutes ago, Human.Online said:

Keep drinking that Kool-ade, fanboi

Neobond is love. Neobond is life.