Lo0go techturning.com

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.

In 2015, Amazon.com Inc. began quietly evaluating a startup called Elemental Technologies, a potential acquisition to help with a major expansion of its streaming video service, known today as Amazon Prime Video. Based in Portland, Ore., Elemental made software for compressing massive video files and formatting them for different devices. Its technology had helped stream the Olympic Games online, communicate with the International Space Station, and funnel drone footage to the Central Intelligence Agency. Elemental’s national security contracts weren’t the main reason for the proposed acquisition, but they fit nicely with Amazon’s government businesses, such as the highly secure cloud that Amazon Web Services (AWS) was building for the CIA.

To help with due diligence, AWS, which was overseeing the prospective acquisition, hired a third-party company to scrutinize Elemental’s security, according to one person familiar with the process. The first pass uncovered troubling issues, prompting AWS to take a closer look at Elemental’s main product: the expensive servers that customers installed in their networks to handle the video compression. These servers were assembled for Elemental by Super Micro Computer Inc., a San Jose-based company (commonly known as Supermicro) that’s also one of the world’s biggest suppliers of server motherboards, the fiberglass-mounted clusters of chips and capacitors that act as the neurons of data centers large and small. In late spring of 2015, Elemental’s staff boxed up several servers and sent them to Ontario, Canada, for the third-party security company to test, the person says.

White House national security adviser John Bolton told Bloomberg that Chinese cyber attacks on the US validate the Trump administration’s emphasis on offensive cyber operations of its own. He did not confirm whether the White House was aware of the cyber hack before the Bloomberg report.

According to the report, Apple had earlier planned to order 30,000 Supermicro servers in two years. Bloomberg also reported that Apple 2015 found malicious chips in servers it purchased from the hardware maker, citing three unidentified company insiders. In 2016, Apple severed ties with Supermicro owing to unrelated reasons, the report said.

Apple and Amazon both denied the report on Thursday, according to Reuters. In a detailed statement on its website Apple wrote, The October 8, 2018 issue of Bloomberg Businessweek incorrectly reports that Apple found “malicious chips” in servers on its network in 2015. As Apple has repeatedly explained to Bloomberg reporters and editors over the past 12 months, there is no truth to these claims.

The investigation found that Elemental servers, which were assembled by Super Micro, were tainted with tiny microchips that were not part of their design, Bloomberg said. Amazon reported the matter to US authorities, who determined that the chips allowed attackers to create “a stealth doorway” into networks using those servers, the report said.
According to Bloomberg, Amazon in its three-year secret investigation uncovered the malicious chips while examining servers manufactured by a start-up called Elemental Technologies, which Amazon eventually acquired.

Bloomberg also reported that a unit of the Chinese People’s Liberation Army infiltrated the supply chain of computer hardware maker Super Micro Computer Inc to plant malicious chips that could be used to steal corporate and government secrets.

author

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *