China Compromises Tech Companies With Malicious Microchips

Uploaded on 2018-10-08 in INTELLIGENCE--International, INTELLIGENCE-Hot Spots-China, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, NEWS-Cybersecurity News

An investigative report from Bloomberg  says that the Chinese military has successfully implanted malicious microchips in motherboards used by almost 30 US companies as well as intelligence agencies. 

Implanting microchips is a hardware hack that literally adds a piece that shouldn’t be there, opening a door for further attacks. 

The Bloomberg report is, however, disputed by several of the US technolgy companies allegedly affected.

What did the microchips do? 
The specific components added by a unit of the People’s Liberation Army allowed the motherboards to communicate with and be controlled or modified by an outside computer. That meant that these systems were pre-programmed to accept modifications, including, for example, manipulation of the requirement for a password. 

Bloomberg quoted Joe Grand, a hardware hacker, as saying that “Having a well-done, nation-state-level hardware implant surface would be like witnessing a unicorn jumping over a rainbow.” 

How did they get there? 
The motherboards with the malicious chips were manufactured in China for the US company Supermicro. That company assembles its products in the US, but its main product, motherboards, is manufactured in China. Supermicro, although not a household name for many Americans, supplies the hardware, often custom-built, for a wide range of companies and government agencies. 

That means that compromising the motherboards manufactured by Supermicro was an easy way to give China uninhibited access to key American industries and government operations. That’s exactly what happened. 

More specifically, the microchips themselves were manufactured by the Chinese military. Its officers then approached Chinese factories making motherboards for Supermicro and, with bribes and threats, had those microchips inserted during production. Those motherboards then became part of servers sold by Supermicro and used in US data centers. 

How was the problem discovered? 
As Bloomberg reports, the problem was discovered when Amazon looked into acquiring video compressing and formatting start-up Elemental Technologies. As part of its review, Amazon had a third-party security firm analyze Elemental’s servers.

That review found that within the motherboards used in the company’s servers was a tiny microchip that wasn’t part of the original design. 

Amazon reported this to US. authorities. Elemental's products, in addition to working on commercial projects like streaming the Olympics, also were used by the Department of Defense, CIA drone operations, and Navy warships. 

How big was the problem? 
The problem was much bigger than Elemental and affected almost 30 companies. That’s because it wasn’t just Elemental who used Supermicro motherboards, but more than 900 companies in 100 countries in 2015. The supply chain itself had been compromised. 

When did we learn about it? 
Intelligence sources had long said that the Chinese were attempting this sort of hardware attack, but the first report of activity targeted at Supermicro came in 2014 in a report made to the Obama White House. Washington was limited in its response because no attack had been reported and they had few details to act on. 

In May 2015, Apple reported suspicious activity to the FBI but kept the details quiet. Apple quietly cut ties with Supermicro soon after. The Amazon report to the FBI seems to have been much more cooperative and allowed better government understanding of the supply chain breach.

After that, Amazon also worked to cut ties with its data center in China and eventually sold it off. The full investigation, however, is still ongoing. 

What was China after? 
According to the Bloomberg report, Beijing wanted “long-term access to high-value corporate secrets and sensitive government networks.” Consumer data does not appear to have been the target. 
What do the companies involved have to say? 

Amazon, Apple, and Supermicro have all disputed the findings of Bloomberg’s report. Those statements, however, are disputed by the series of interviews, documents, and other information provided by both industry insiders and government officials involved in the matter to Bloomberg. 

What are some key takeaways? 
For one thing, this report undermines the long-held confidence that China wouldn’t want to try a hardware hack because it might hurt international trust in Chinese products driving lucrative manufacturing away from the country. It also means that although the US has been focused on software attacks, added vigilance on imported hardware is also necessary. 

Additionally, this means that China already likely has much, much more information on both US industry and military operations than was previously thought, and that Beijing is willing to aggressively and illegally go after this information. 

Finally, for President Trump’s promise of a better trade deal with China, it lends more credibility to claims of improper behavior on the part of Beijing, and perhaps justifies domestic production of key industries — not steel, but perhaps motherboards.

Washington Post:            Bloomberg

You Might Also Read:

New Microchip Increases Military Intelligence:

Modern Fiction: A Novel  Is Required Reading At The Pentagon:

 

« Google Is Building A Search Engine For Fact Checks
Buy A Dark Web Passport Scan For $15 »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

JumpCloud

JumpCloud

JumpCloud's Directory-as-a-Service (DaaS) is the single point of authority to authenticate, authorize, and manage the identities of a business’s employees and the systems and IT resources they need.

Institute for National Security and Counterterrorism (INSCT)

Institute for National Security and Counterterrorism (INSCT)

INSCT is a center for the study of national security, international security, and counterterrorism. Research programs include New Frontiers in Science, Cyber, & Technology

Infrascale

Infrascale

Infrascale specialise in providing cloud backup and disaster recovery services.

NESEC

NESEC

NESEC is a specialist in information security consulting services and solutions.

Thomas Miller Specialty

Thomas Miller Specialty

Thomas Miller Specialty is a commercial Managing General Agency providing specialty risks insurance including Cyber & e-crime insurance.

Data61

Data61

Data61 is Australia’s leading digital research network offering the research capabilities, IP and collaboration programs to unleash the country’s digital & data-driven potential.

IronNet Cybersecurity

IronNet Cybersecurity

IronNet’s product and services provide enterprise-wide security management and visibility of your network, users and assets.

Uniwan

Uniwan

Uniwan is an IT services company specializing in networking and security.

ShiftLeft

ShiftLeft

ShiftLeft is a continuous application security platform, purpose-built for the modern software development life cycle.

Hubraum

Hubraum

Hubraum is Deutsche Telekom’s tech incubator, helping startups to create new business opportunities in areas including data analytics, AI, robot process automation and cyber security.

ColorTokens

ColorTokens

ColorTokens Xtended ZeroTrust Platform protects from the inside out with unified visibility, micro-segmentation, zero-trust network access, cloud workload and endpoint protection.

MAXXeGUARD Data Safety

MAXXeGUARD Data Safety

MAXXeGUARD: The High Security Shredder. MAXXeGUARD easily destroys hard disks up to the highest security levels as well as other digital data carriers like SSD’s, LTO’s, USB’s, CD’s etc.

NetGain Technologies

NetGain Technologies

NetGain Technologies helps small to medium-sized businesses gain access to expert IT talent. We provide strategies that use technology as a driving force behind business growth.

ViewQwest

ViewQwest

ViewQwest is a regional telecommunications & information technology services company. We specialize in providing Connectivity, Managed Network, Managed SD-WAN, and Managed Security solutions.

AWARE7

AWARE7

IT security for human and machine. With the help of our products and services, we work with you to increase the IT security level of your organization.

Lighthouse IT

Lighthouse IT

At Lighthouse IT, we are focused on delivering seamless and reliable services to unlock the value of technology for your business.