#1 The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies by algernonpj 04.10.2018 12:11


Another result of off-shoring manufacturing:

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.

By Jordan Robertson and Michael Riley

In 2015, Amazon.com Inc. began quietly evaluating a startup called Elemental Technologies, a potential acquisition to help with a major expansion of its streaming video service, known today as Amazon Prime Video. Based in Portland, Ore., Elemental made software for compressing massive video files and formatting them for different devices. Its technology had helped stream the Olympic Games online, communicate with the International Space Station, and funnel drone footage to the Central Intelligence Agency. Elemental’s national security contracts weren’t the main reason for the proposed acquisition, but they fit nicely with Amazon’s government businesses, such as the highly secure cloud that Amazon Web Services (AWS) was building for the CIA.

To help with due diligence, AWS, which was overseeing the prospective acquisition, hired a third-party company to scrutinize Elemental’s security, according to one person familiar with the process. The first pass uncovered troubling issues, prompting AWS to take a closer look at Elemental’s main product: the expensive servers that customers installed in their networks to handle the video compression. These servers were assembled for Elemental by Super Micro Computer Inc., a San Jose-based company (commonly known as Supermicro) that’s also one of the world’s biggest suppliers of server motherboards, the fiberglass-mounted clusters of chips and capacitors that act as the neurons of data centers large and small. In late spring of 2015, Elemental’s staff boxed up several servers and sent them to Ontario, Canada, for the third-party security company to test, the person says.

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.

During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.

This attack was something graver than the software-based incidents the world has grown accustomed to seeing. Hardware hacks are more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get.

“Having a well-done, nation-state-level hardware implant surface would be like witnessing a unicorn jumping over a rainbow”

There are two ways for spies to alter the guts of computer equipment. One, known as interdiction, consists of manipulating devices as they’re in transit from manufacturer to customer. This approach is favored by U.S. spy agencies, according to documents leaked by former National Security Agency contractor Edward Snowden. The other method involves seeding changes from the very beginning.

One country in particular has an advantage executing this kind of attack: China, which by some estimates makes 75 percent of the world’s mobile phones and 90 percent of its PCs. Still, to actually accomplish a seeding attack would mean developing a deep understanding of a product’s design, manipulating components at the factory, and ensuring that the doctored devices made it through the global logistics chain to the desired location—a feat akin to throwing a stick in the Yangtze River upstream from Shanghai and ensuring that it washes ashore in Seattle. “Having a well-done, nation-state-level hardware implant surface would be like witnessing a unicorn jumping over a rainbow,” says Joe Grand, a hardware hacker and the founder of Grand Idea Studio Inc. “Hardware is just so far off the radar, it’s almost treated like black magic.”

But that’s just what U.S. investigators found: The chips had been inserted during the manufacturing process, two officials say, by operatives from a unit of the People’s Liberation Army. In Supermicro, China’s spies appear to have found a perfect conduit for what U.S. officials now describe as the most significant supply chain attack known to have been carried out against American companies.

One official says investigators found that it eventually affected almost 30 companies, including a major bank, government contractors, and the world’s most valuable company, Apple Inc. Apple was an important Supermicro customer and had planned to order more than 30,000 of its servers in two years for a new global network of data centers. Three senior insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards. Apple severed ties with Supermicro the following year, for what it described as unrelated reasons.


Officials familiar with the investigation say the primary role of implants such as these is to open doors that other attackers can go through. “Hardware attacks are about access,” as one former senior official puts it. In simplified terms, the implants on Supermicro hardware manipulated the core operating instructions that tell the server what to do as data move across a motherboard, two people familiar with the chips’ operation say. This happened at a crucial moment, as small bits of the operating system were being stored in the board’s temporary memory en route to the server’s central processor, the CPU. The implant was placed on the board in a way that allowed it to effectively edit this information queue, injecting its own code or altering the order of the instructions the CPU was meant to follow. Deviously small changes could create disastrous effects.
Since the implants were small, the amount of code they contained was small as well. But they were capable of doing two very important things: telling the device to communicate with one of several anonymous computers elsewhere on the internet that were loaded with more complex code; and preparing the device’s operating system to accept this new code. The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off.



Bild entfernt (keine Rechte)

#2 RE: The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies by algernonpj 04.10.2018 16:14


We Outsourced Our Computer Hardware to China, and China Hacked Us
October 4, 2018
Daniel Greenfield

China is an enemy state.

We allowed China and other Asian countries to eat up our tech hardware industry with their subsidies. As a result, our supposed secrets run on hardware manufactured by companies in China, or manufactured by Chinese companies.

The results are as surprising as putting Kaspersky anti-virus on your computer.

A bombshell Bloomberg report today suggests that the Chinese government has been hacking American companies in a fairly astonishing manner: inserting tiny chips into computers manufactured in China. The report claims that thousands of compromised servers were sold by Supermicro, which once supplied Apple and Amazon datacenters, and that multiple U.S. security agencies have been investigating the breach in a top-secret probe since at least 2014.

According to the report, Chinese spies developed pencil tip-sized chips that could be placed on computer motherboards and resembled innocuous components despite containing their own memory, networking, and processing capabilities. The spies allegedly infiltrated Supermicro’s subcontractors, adding the chips to servers without being detected. Once the servers were powered on, the chips compromised the server’s operating system and sat awaiting further instructions from attackers.

China’s goal, Bloomberg says, was to obtain long-term access to government networks and corporate secrets; neither consumer data nor computers sold to consumers are believed to have been affected. Yet as Supermicro is one of the world’s leading server motherboard suppliers and also “dominates” the supply of custom boards used in high-end electronics, its scope in hardware is said to be like Microsoft’s in software. “Attacking Supermicro motherboards is like attacking Windows,” a former U.S. intelligence official told Bloomberg. “It’s like attacking the whole world.”

The whole world runs on hardware made in Asia. There were warnings that exactly this would happen as far back as the eighties.

As long as that's the case, the world is vulnerable. President Trump has spoken about moving certain kinds of manufacturing back to the United States. Computer hardware should be at the top of the list. Rare earth supplies need to be secured. Because right now America's tech dominance is just a hollow shell sitting in Shanghai.

This was one incident. There were countless more, I'm sure. I doubt there's any secret that we have that China doesn't. And as long as our phones, our servers, and our systems are based on Chinese manufactured technology, we will have no secrets, corporate, military or technological, from the People's Republic.


Xobor Create your own Forum with Xobor