China Infiltrated 30 US Companies Including Apple and Amazon with Hardware Hack

Amazon discovered a hardware hack while testing servers supplied by a Chinese company. Apple was hit as well.

Bloomberg has a fascinating report on how China used a tiny chip to infiltrate U.S. companies. The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.

Please consider The Big Hack.

In 2015, Amazon.com Inc. began quietly evaluating a startup called Elemental Technologies, a potential acquisition to help with a major expansion of its streaming video service, known today as Amazon Prime Video. Based in Portland, Ore., Elemental made software for compressing massive video files and formatting them for different devices. Its technology had helped stream the Olympic Games online, communicate with the International Space Station, and funnel drone footage to the Central Intelligence Agency. Elemental’s national security contracts weren’t the main reason for the proposed acquisition, but they fit nicely with Amazon’s government businesses, such as the highly secure cloud that Amazon Web Services (AWS) was building for the CIA.

In late spring of 2015, Elemental’s staff boxed up several servers and sent them to Ontario, Canada, for the third-party security company to test, the person says.

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships.

The chips on Elemental servers were designed to be as inconspicuous as possible, according to one person who saw a detailed report prepared for Amazon by its third-party security contractor, as well as a second person who saw digital photos and X-ray images of the chips incorporated into a later report prepared by Amazon’s security team. Gray or off-white in color, they looked more like signal conditioning couplers, another common motherboard component, than microchips, and so they were unlikely to be detectable without specialized equipment.

This system could let the attackers alter how the device functioned, line by line, however they wanted, leaving no one the wiser. To understand the power that would give them, take this hypothetical example: Somewhere in the Linux operating system, which runs in many servers, is code that authorizes a user by verifying a typed password against a stored encrypted one. An implanted chip can alter part of that code so the server won’t check for a password—and presto! A secure machine is open to any and all users. A chip can also steal encryption keys for secure communications, block security updates that would neutralize the attack, and open up new pathways to the internet.

Tiny Chips Disguised as Couplers

Big Hack

Satan's Bargain

Over the decades, the security of the supply chain became an article of faith despite repeated warnings by Western officials. A belief formed that China was unlikely to jeopardize its position as workshop to the world by letting its spies meddle in its factories. That left the decision about where to build commercial systems resting largely on where capacity was greatest and cheapest.

You end up with a classic Satan’s bargain,” one former U.S. official says. “You can have less supply than you want and guarantee it’s secure, or you can have the supply you need, but there will be risk. Every organization has accepted the second proposition.”

Bloomberg notes there was a small, invite-only meeting in McLean, Va., organized by the Pentagon to discuss these attacks. "Attendees weren’t told the name of the hardware maker involved, but it was clear to at least some in the room that it was Supermicro."

No Commercially Viable Way to Detect Attacks

In the three years since the briefing in McLean, no commercially viable way to detect attacks like the one on Supermicro’s motherboards has emerged—or has looked likely to emerge. Few companies have the resources of Apple and Amazon, and it took some luck even for them to spot the problem. “This stuff is at the cutting edge of the cutting edge, and there is no easy technological solution,” one of the people present in McLean says. “You have to invest in things that the world wants. You cannot invest in things that the world is not ready to accept yet.”

The report is fascinating as well as scary. 30 US corporations were hit.

Hardware chips can do virtually anything. These tiny chips communicated to external servers and received instructions back from them.

The report did not say what information was stolen. Likely, no one even knows.

Mike "Mish" Shedlock

Comments
No. 1-17
Christian dk
Christian dk

This proves that the outsourcing mad rush was fueled by...greed...surprise.. Why not buy chinese jets, with a free..built in kill switch... (just like the f35, the Usa sells to all its allies.... Funny, that now they refuse to sell the defect/useless f35 to Turkey... witch is a blessing in disguise and Trump claimed that STEEL was a national security issue... basically just about every thing is...over 2$

Deter_Naturalist
Deter_Naturalist

Pathological trust: getting "mission critical" components from an adversary. This is globalism in a nutshell....stupid is as stupid does.

WildBull
WildBull

I'd be pretty sure that this is just the tip of the iceberg. If you have a router, smart tv, or anything connected to the internet with Chinese chips in it there there might be a Trojan. They might snoop, might self destruct on command. No one knows how many such things there are

Further, there is the domestic problem, both public and private. Do you have an Echo Dot, or smart TV with a microphone, fitbit.....??? all of this crap talks back to servers at the manufacturer's data centers. These things with microphones listen 24/7. There is no problem to make them record every word that is said and send it back time-stamped to the mother ship. Do they? There is no way to tell. 10000 words can be compressed into a 20k file, encrypted and sent as "maintenance packets." Then there is the public threat. The government agencies are required to snoop us to prevent terrorism. And they do.

The less of this stuff you have in your house the better. As for the larger threat to our infrastructure, I can't imagine. I know for sure that I won't buy a networked autonomous vehicle. Imagine 40,000,000 cars accelerating then making a hard left at 8:30 some workday. This stuff is terrifying.

abend237-04
abend237-04

An Occam's razor solution after noodling overnight on this: First, Super Micro is a corporate dead-man-walking. Every advanced manufacturing team on their customer list is likely scrambling to re-source elsewhere today and the sanity of any design team member proposing to source from Super Micro is instantly in question because of the cloud now over this vendor. Next, what is the likelihood this could have been happening for years without discovery? Nil, there's simply too much involved in the process: High-speed chip shooter programming, pick and place gear, etc., etc. It simply cannot have been happening without massive, ongoing plant management knowledge and collusion...and subsequent discovery by our NSA. The simplest answer: It's a deliberate leak and retaliation for the Chinese destroyer stunt of four days ago. Message: Don't screw with us; we can dump hundreds of thousands of unemployed, pissed off people on your streets if you do.

bradw2k
bradw2k

I'd be curious if the phone-home network activity of these chips raised alarms. Automatically alerting IT teams of suspicious network activity is a standard threat detection tool these days.

Stories