A report from Bloomberg today claims that China implanted spy chips into servers used by Apple, Amazon, U.S. government contractors, a major bank, and others.
The security breach was allegedly discovered during Amazon's evaluation of Elemental Technologies as a potential acquisition target. Elemental makes software for compressing large video files and sells powerful servers assembled by Supermicro that run the software. Its servers can be found in Department of Defense data centers, CIA drone operations, and on Navy warships.
After an initial security audit, Amazon uncovered some issues and had Elemental send a few servers to a third party company in Ontario, Canada for analysis. Nestled on the servers' motherboards, testers found a tiny microchip about the size of a grain of rice that wasn't part of the original design. Amazon reported the discovery to U.S. authorities and a top-secret investigation was launched.
During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.
Bloomberg sources say that a unit from the People’s Liberation Army inserted the chip during the manufacturing process. Servers from almost 30 companies were purportedly affected, including Apple.
Apple was an important Supermicro customer and had planned to order more than 30,000 of its servers in two years for a new global network of data centers. Three senior insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards. Apple severed ties with Supermicro the following year, for what it described as unrelated reasons.
Apple, Amazon, and Supermicro have all denied the report.
“On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server,” said Apple.
“We remain unaware of any such investigation,” wrote Supermicro spokesperson Perry Hayes.
Bloomberg says the security breach has been confirmed by seventeen different sources including six current and former senior national security officials. The discovery may be one of the reasons the Trump administration has focused on computer and networking hardware trade sanctions against China.
More details in the full report linked below...
Read More
The security breach was allegedly discovered during Amazon's evaluation of Elemental Technologies as a potential acquisition target. Elemental makes software for compressing large video files and sells powerful servers assembled by Supermicro that run the software. Its servers can be found in Department of Defense data centers, CIA drone operations, and on Navy warships.
After an initial security audit, Amazon uncovered some issues and had Elemental send a few servers to a third party company in Ontario, Canada for analysis. Nestled on the servers' motherboards, testers found a tiny microchip about the size of a grain of rice that wasn't part of the original design. Amazon reported the discovery to U.S. authorities and a top-secret investigation was launched.
During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.
Bloomberg sources say that a unit from the People’s Liberation Army inserted the chip during the manufacturing process. Servers from almost 30 companies were purportedly affected, including Apple.
Apple was an important Supermicro customer and had planned to order more than 30,000 of its servers in two years for a new global network of data centers. Three senior insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards. Apple severed ties with Supermicro the following year, for what it described as unrelated reasons.
Apple, Amazon, and Supermicro have all denied the report.
“On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server,” said Apple.
“We remain unaware of any such investigation,” wrote Supermicro spokesperson Perry Hayes.
Bloomberg says the security breach has been confirmed by seventeen different sources including six current and former senior national security officials. The discovery may be one of the reasons the Trump administration has focused on computer and networking hardware trade sanctions against China.
More details in the full report linked below...
Read More