This attack reached about 30 organizations in the US, including Apple and Amazon
Amazon began to evaluate a startup company called Elemental Technologies, as potential purchase thinking about its expansion to the streaming service, what we now know as Amazon Prime Video today. Elemental developed software to compress massive video files and optimize them for different devices.
According to Bloomberg reports, Amazon Web Services hired a third party to assess Elemental security. During this audit, some drawbacks were found that led Amazon to take a closer look at the primary development of Elemental: the costly servers that customers installed on their networks to handle video compression. These servers were assembled for elemental by Super Micro Computer Inc., a San Jose-based company, which is also one of the world’s largest suppliers of server motherboards, fiberglass-mounted chip sets and capacitors that act like data center neurons. At the beginning of 2015, Elemental packaged several servers and sent them to Ontario, Canada, for the security company contracted by AWS to test them.
The auditors found a small microchip hosted on the servers’ motherboard, barely the size of a grain of rice, which was not part of the motherboard’s original design. Amazon reported this to the US authorities, warning between security specialists and digital forensics, as the Elemental servers can be found in the Department of Defense data centers, operations with CIA drones and networks aboard the US Navy warships.
In this research, classified as secret, digital forensics experts concluded that these chips allowed creating hidden doors on any network that worked with altered devices. Many people familiar with the matter say that the researchers found that the microchips had been inserted into factories run by subcontractors in China.
This attack is considered more serious than the software-based security incidents that everyone knows. Hardware hacking is harder to carry out and potentially more dangerous, promises the long-term silent access that spy agencies have hoped to have for years, and for which they are willing to pay millions of dollars.
Experts in digital forensics believe that if there is a country capable of intervening hardware in this way in, that country is China. In China are manufactured 75% of cell phones and 90% of the PCs used worldwide. Even so, achieving such an attack would involve working with too many variables, from the complete understanding of the material it works with, to getting the hardware involved to dodge the security measures that are being submitted worldwide.
And that’s just what happened; the chips were inserted during the manufacturing process of the motherboards by agents of a unit of the People’s Liberation army, mention two US intelligence agents. Chinese spies seem to have found in Supermicro Inc the perfect conduit to attack a more significant supply chain that has been made against US organizations.
According to reports of specialists in digital forensics from the International Institute of Cyber Security, the attack reached almost 30 companies, including a major bank, government contractors and even Apple, the most valuable company in the world. Apple was an important customer of Supermicro and had planned to order more than 30000 of its servers for a new global network of data centers, but they cut their relationship with Supermicro after, supposedly, having found these malicious microchips.
Despite this, Amazon Web Services, Apple and Supermicro Inc have pronounced against this information, alleging that at no time have they identified any kind of intervention in their supply chain. The sayings of the three companies enter into complete contradiction of what is exposed by six senior national security officers, active and retired, who have detailed the discovery of these chips.
According to American officers, the attack was carried out as Follows:
- A Chinese military unit designed and manufactured microchips as small as the tip of a pencil. Some of these chips were built to mimic as components of a motherboard. Subsequently, they incorporated memory, network capacity and processing capacity for an attack
- Microchips were inserted into Chinese factories supplying Supermicro Inc, one of the largest vendors of server motherboards
- Compromised motherboards were inserted into the Supermicro servers
- Sabotaged servers stepped into data centers operated by dozens of companies
- When one of these servers was installed, the microchip modified the kernel of the operating system so that it could accept modifications. The chip could also contact the attacker-controlled computers for further instructions and code
Currently Supermicro INC sells more server motherboards than anyone else. It also dominates the market for motherboards used for special purpose equipment, from magnetic resonance equipment to weapon systems. Its developments can be found in server configurations made to order in banks, cloud service providers and Web hosting, among other fields of Computing. Supermicro has assembly facilities in California, the Netherlands and Taiwan, but its motherboards, its main product, are almost all manufactured by contractors in China. According to experts in digital forensics, Supermicro is like the Microsoft hardware.
Before concrete evidence of this attack emerged, US intelligence sources reported that Chinese intelligence had plans to introduce malicious microchips into the supply chain. It was not until the mid-2014 that intelligence officers flocked to the White House with something more concrete: China’s Army was preparing to insert chips into the Supermicro’s motherboards destined for American Companies.
Although the investigation is still open and no person has been prosecuted as part of the investigations, digital forensics experts from the International Institute of Cyber Security warn that it is likely that at the end of the investigation you will reach the Conclusion that, indeed, Chinese intelligence has compromised the Supermicro supply chain to install hardware that would allow them to spy on American organizations. The US government will continue to investigate these facts.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.