According to the reports by Bloomberg Business week, China conducted a giant corporate surveillance back in 2015. A Chinese microchip, about the size of a rice grain, was reported to have been found concealed in the Supermicro’s server motherboards that were used by over 30 US Companies, including government contractors, tech giant APPLE INC & largest web marketer AMAZON.COM INC.
Further, the reports revealed that this extensive attack relied on the microchip that was inserted in the servers during the manufacturing process in China. The tiny chip was originally developed by the US IT Company, “Super Micro”, but later compromised by the government-affiliated groups during equipment assembling.
The chip enabled the Chinese spies to sneak in major US Intelligence, military agencies, major banks & US based business internal servers through compromised devices.
History of the Giant Hardware Attack
In 2015, AMAZON.COM INC began to contact Elemental Technologies, to help with the major inflation of its streaming video service, known as Amazon Prime Video. Elemental Technologies made software that could compress massive video files & format them for different devices.
The technology developed by Elemental Technologies is renowned to have helped stream Olympic Games online, communicate with the International Space Station & channelize drone footage to Central Intelligence Agency. These national security contracts were not the main reason behind this expected project procurement, however, the contracts fit perfectly with Amazon’s government pursuits, like highly defended cloud that Amazon Web Services was framing for the Central Intelligence Agency.
A third party security agency from Ontario, Canada was hired to conduct tests on various Elemental servers. Immediate security issues followed up after the testers found a tiny Chinese microchip nested on the server’s motherboards.
Upon investigation, testers found that the chips were disguised for hardware hacks & slightly varied in size. It immediately led to the conclusion that attackers have supplied different motherboard batches. The attack was graver than software-based incidents & difficult to pull off. The stealth access was kind of long-term & potentially more devastating. The chip was capable of extracting the data & letting in new malign codes like Trojan horse.
Amazon and Apple reacted to Bloomberg’s Statement
According to Bloomberg, Amazon reported the discovery of this malicious Chinese microchip to U.S. authorities back in 2015, which served as a wave of shiver to the entire intelligence community. Elemental’s servers could be established in CIA’s drone operations, Department of Defense data centers & onboard network of Navy submarines.
Apple found these tiny chips in 2015 and then detached the ties with Supermicro in 2016, says the report. No clear reasons were mentioned for severing the ties.
Facebook, the social media giant, identified malware in the Supermicro’s software & hence removed the servers from its datacenters.
However, Apple & Amazon have denied and disputed the summaries of Bloomberg Businessweek’s reporting.
Amazon says that it is “untrue” that AWS knew of supply chain compromise, servers containing malicious Chinese microchip or data center modifications based in China. Amazon claims to have reviewed its records related to Elemental acquisition for any potential SuperMicro issues & have found no evidence that supports claims of malevolent chips & hardware alterations.
In addition to that Apple is equally definitive, stating “Apple has never found malicious chips, hardware modifications or any potential vulnerabilities planted in the servers on its network in 2015.” It also denied to have restricted any FBI investigations related to the SuperMicro chips.
What Supermicro has to say about these claims?
Supermicro reacted to the claims & stated that they are not aware of any investigations related to assertions nor they have been contacted by any government agency.
Further, Supermicro claims that it is making every effort to contact a variety of vendors, industry partners & government agencies & share information on potential threats & best practices to avoid them. Supermicro announced that it doesn’t design or manufacture networking chips or any related firmware.
China’s statement on the matter
The China’s Ministry of Foreign Affairs stated that China is adamant defender of Cybersecurity. It encourages the international community to work together to tackle Cybersecurity threats on the grounds of mutual respect, benefit & equality. The main spokesperson recalled that China offered International code of conduct for Information Security in 2011 & brought the discussion to the conclusion with Obama’s and Xi Jinping’s cyber pact that was signed in 2015.