China Infiltrated US Companies to Spy on them Using a Tiny Chip, According to Report
The Chinese government has tried to penetrate US companies via chips on server motherboards. That claims financial news agency Bloomberg. The companies involved and the Chinese government are denying the story.
China has been spying on some of the most important companies in the world for years. It has done it not through software vulnerabilities, but with a much more delicate system: a tiny chip that managed to integrate into Supermicro servers used by all those companies.
An exclusive and surprising research report by Bloomberg reveals how the Chinese People’s Liberation Army (EPL) managed to infiltrate companies like Apple and Amazon, which now deny they have been affected. The evidence nevertheless seems to show that we are facing one of the most important cases of espionage by hardware hacking in all of history.
Amazon as the key to discovering the crack
In 2006, three engineers in Oregon realized that the demand for the mobile video was growing incredibly. The problem was that the creators of content had no way of adjusting the format of their traditional broadcasts to these devices that would eventually derive in our current smartphones, and hence the birth of their company, which they called Elemental Technologies.
The company managed to adapt that video content in a really efficient and powerful way thanks to the use of GPGPU computing, and they started designing servers to sell these machines to all kinds of companies.
The success was overwhelming and soon served both content companies and military or intelligence agencies that needed a system to process the recordings made by video surveillance cameras or cameras installed in drones.
A division of the government of the United States ended up being key so that the employees of Elemental arrived at the Department of Defense, the NASA, the Congress or the Department of National Security. The company had such a demand that it reached an agreement with Super Micro Computer, Inc (popularly known as Supermicro) for its manufacture.
Everything seemed normal, but in 2015 Amazon began to consider the purchase of Elemental. The idea is to take advantage of its potential for the service we know today as Amazon Prime Video. As part of that idea, Amazon began to investigate everything related to Elemental, including its servers.
An independent company hired by Amazon was responsible for conducting the analysis of those servers, and that’s when they found something strange. A chip the size of a grain of rice had been integrated into a board was there for no apparent reason.
As determined by the researchers who analyzed the operation of that board, that chip was not part of the original design: it was intended to create a back door and give remote access to any network to which the server was connected. Who had put it there?
Companies denied any hole
The investigation ended up alerting the US intelligence agencies, which began to trace the path that the chip had left for its inclusion in the board. They managed to discover the four manufacturing plants of the Supermicro motherboards that had been affected by the problem for at least two years.
The process was relatively simple – the directors of these plants had interviewed people who claimed to represent Supermicro or who held some government office. Those people, belonging to the People’s Liberation Army, bribed those managers to integrate those chips, and even threatened to close the plants if their demands were not met.
From there, it was also possible to determine which clients had been affected by the hacked servers. There are 30 major companies around the world, but in Bloomberg’s research, two are specifically mentioned – Amazon and Apple.
Both have denied the arguments of the Bloomberg report. On Amazon, they state that “it is false that AWS was aware of the presence of malicious chips on the servers […] or that AWS collaborated with the FBI to investigate or provide data on this malicious hardware”.
Basically, in that line are the official statements of Apple, whose officials strongly deny that they have found malicious chips,” hardware manipulations” or vulnerabilities intentionally integrated into their servers. They also deny “having had contact with the FBI or any other agency about this incident.”
Amazon reported the discovery to the US authorities, causing chills to the intelligence community. The Elemental servers can be found in the data centers of the Department of Defense, the operations of unmanned aircraft of the CIA and the networks on board the warships of the Navy. And Elemental was just one of the hundreds of Supermicro customers.
During the subsequent highly secret investigation, which remains open more than three years later, the researchers determined that the chips allowed the attackers to create a hidden door in any network that included the altered machines. Many people familiar with the matter say that the researchers discovered that the chips had been inserted into factories run by subcontractors in China.
This attack was something more serious than cyber-attacks using software that have been seen in the world. Hardware intrusions are harder to achieve and potentially more devastating, promising long-term stealth access, something espionage agencies are willing to spend millions of dollars on for many years to come.
The statements of the companies denying the information are refuted by six current and former national security officials who, in negotiations that began during the administration of Barack Obama and continued under the government of Donald Trump, detailed the discovery of the chips and government research.
There are two ways in which spies can alter the insides of computer equipment. One, known as interdiction, involves manipulating devices when they are in transit from one manufacturer to another. This approach is driven by US spy agencies, according to documents leaked by former National Security Agency contractor Edward Snowden. The other method involves modifications from the beginning, a ‘seeding attack’.
One country, in particular, has an advantage in executing this type of attack – China, which according to some estimates represents 75 percent of the world’s mobile phones and 90 percent of computers.
However, achieving a ‘planting attack’ would actually mean developing a deep understanding of the design of a product, manipulating the components in the factory and ensuring that the manipulated devices have arrived through the global logistics chain to the desired location.
But that’s exactly what US researchers found – a unit of the People’s Liberation Army inserted chips during the manufacturing process.
In Supermicro, Chinese spies seem to have found a perfect conduit for what US officials now describe as the most important supply chain attack against US companies.
An official says investigators discovered the attack eventually affected nearly 30 companies, including a major bank, government contractors and the world’s most valuable company, Apple.
And yet the evidence seems resounding according to sources that Bloomberg has kept anonymous to protect their identities. Up to 17 people confirmed the manipulation of the Supermicro hardware, highlights the report, which also contains other elements that point to the fact that both Amazon and Apple were affected.
Apple, for example, ordered 6,000 servers to Supermicro in 2014. The goal was to install them in 17 data centers in different cities around the world, which added to another 4,000 servers installed in two of its large data centers in North Carolina and Oregon. That figure would go further, and in 2015 it was assumed that they were going to order 20,000 more servers to expand their infrastructure in this area.
However, Amazon and Apple ended up deleting the affected servers from the data centers where they were installed. Amazon sold its data centers in China to Beijing Sinnet in November 2016, while Apple began replacing the 7,000 affected Supermicro servers in its data centers in the summer of 2015. After doing so, Apple completely cut off its business relationship with Supermicro. The CEO of this company would comment weeks later that they had lost two important customers, and one of them has been identified as Apple.
Magnitude of the incident
What data has been stolen? It is the great question that everyone asks and that seems unlikely to be answered. One of the government’s investigators indicated that China’s objective was to have long-term access to corporate secrets and government networks with confidential information, but it is known that there has been no theft of data related to the clients of the companies consulted.
The microchips integrated into the motherboards of these servers were not even identical in all cases: the researchers detected different versions on different motherboards. In Amazon, they discovered how one of the affected servers in their data centers in China contained a chip that was so thin that they had imbibed it between the layers of fiberglass on which the different components are attached.
This incident once again puts into question the dependence that the technology industry has on Chinese manufacturing plants.
Those responsible for the investigation tried to detect what kind of information was being transferred through these chips, which were actually dedicated to ‘open doors’ to hackers. And yet, although they detected brief communications between the attackers and the sabotaged servers, they discovered no attempt to delete data. They seemed to be alone listening.
“The report that China sought to infiltrate the computer chip supply chain, if true, is deeply disturbing and the latest example of the lengths that Beijing will go to in order to steal America’s official and commercial secrets,” Representative Adam Schiff of California, the top Democrat on the House Intelligence Committee, said to Bloomberg.
The Chinese government did not directly address questions about the manipulation of Supermicro’s servers, issuing a statement that said, in part, that “the security of the supply chain in cyberspace is a common concern, and China is also a victim.” The FBI and the Office of the Director of National Intelligence, on behalf of the CIA and the NSA, declined to comment.
The investigation is still going, but the debate goes beyond the discovery and once again puts into questions the dependence that the technology industry has on Chinese manufacturing plants. The fears raised by the Trump administration, those that ended up causing partial or temporary vetoes to companies such as Huawei or ZTE, inevitably grow remarkably after a disturbing discovery.