Secret Spy Chip
A secret spy chip was discovered on SuperMicro servers a few days ago. That chip would allow hackers to access the system and steal trade secrets. That breech will have serious ramifications for international trade between the United States of America and The People’s Republic of China.
Amazon Discover Security Anomalies
To follow the timeline, we have to go back to 2015 when Amazon.com Inc had wanted to buy Elemental Technologies, a cloud-based, video processing and delivery service platform with a view to using it to boost its own Portland, Oregon based based streaming service, Amazon Prime.
In order to ensure that all protocols were duly observed, and as part of their due diligence, Amazon hired a third-party company to make sure that Elemental Technologies was compliant with the security checks the acquisition process required. It was this third party that first observed some security breaches in Elemental’s systems and alerted Amazon that something was not quite right.
From this tip, Amazon decided to examine the servers that Elemental used to handle the video compression for their streaming service. The servers were assembled for Elemental by Super Micro Computer Inc based in San Jose, California. They are one of the biggest suppliers of computer motherboards. Supermicro had provided several servers for the third-party security company to test in 2015. It was during this testing that the security company found a microchip no bigger than a grain of rice; which was not part of the original design of the motherboards. Amazon promptly reported the issue to the American authorities.
How Wide Spread is the Security Hole?
The story sent shockwaves through the Intelligence community, because Elemental was not the only people who had used Supermicro’s motherboards in their datacenters. Supermicro’s customers are in the thousands and they include software companies like Apple as well as the CIA and the American Department of Defense. There are even Supermicro servers on America’s Warships and CIA drones. The American Defense Authorities launched a probe into what happened.
Three years later, it was finally determined that the microchips had been inserted by sub-contractors is the Chinese factories. They also determined that the chips allowed the attackers to create a backdoor into any network the altered machines were in. The government of China, through its subcontractors, had infiltrated America’s top companies.
This attack is different from the common software virus attacks that the IT industry is used to, in that hacking hardware is more difficult and more devastating than software attacks. Generally, hackers avoid compromising hardware because it is almost impossible to do without physical access to the system. Joe Grand, the founder of Grand Idea Studio Inc. said, “Hardware is just so far off the radar, it’s almost treated like black magic.”
It is reported that the hack affected 30 companies including a major bank and several government contractors. However, the most important victim of the hack is the world’s most valuable company: Apple. Apple had been creating a global network of data centres over the past two years and had planned to order more than thirty thousand servers from Supermicro. However, insiders at Apple continue to deny that the company was affected, saying that Apple had also found some malicious chips on the Supermicro motherboards in 2015 and had severed ties with the company.
Aims of the Attack and Data Lost so Far
Of course, since the investigation is still ongoing, all the details have not been revealed yet. However, what is known so far, China’s goal was to put the microchips in the motherboards for long term access to high value corporate and government secrets. It is believed that so far that no personal data of individuals were stolen.
It is possible the reason Supermicro’s systems were targeted, is that Supermicro supplies so many influential organizations in the world. The company has nine hundred customers in one hundred countries and thus, it is possible that the chips are not just in the United States motherboards but in computers all over the world.
The implication is that China has an easy vantage point to spy on other countries. It is also believed that China was able to gain an understanding of how SuperMicro servers motherboard worked due to most of SuperMicro’s workforce being in China. Plant manager were pressured modifying the board designs by people posing as SuperMicro executives or government officials.
It is not the first time that US officials caught China experimenting with hardware tampering technology, but it is the first time they have been able to create an hardware hack this comprehensive. The Investigators speculate that the chip insertions come from a part of the People’s Liberation Army (The Army of the People’s Republic of China) that specializes in hardware and cyber based attacks.
According to the US officials who have been investigating the hackings, it is found that the hack worked via the following processes
- A Chinese military unit designed and manufactured microchips which can be as small as a sharpened pencil tip. Some of the chips were built to look like signal conditioning couplers and memory, networking capacity and sufficient processing power in order to be able to attack any server they are inserted in
- The microchips were then inserted into the motherboards were then inserted by the contractors at Supermicro, one of the biggest sellers of the motherboards
- The compromised motherboards were built into the servers to be used in the United States
- The compromised servers then made their way into the data centres of the hundreds of affected companies
- When the server is installed and switched on the microchip altered the Operating system’s core so that it could accept modifications. The chip could also contact computers controlled by the hackers in order to get further instructions and code
Aftermath of the Attack
The White House has mentioned that computer hardware, including system motherboards, are going to be part of the sanctioned products from China, and that America might be moving its manufacturing to other countries as a result. Security experts and tech officials have been talking for years about the need to ensure that China does not have the monopoly of computer hardware entering the United States. Before the news of the hack broke, as early as in 2015, there have been high level meetings between the president and his senior security advisers.
The news of the hack has dealt Supermicro a harsh blow, with the company’s shares falling by fifty percent. China declared that it had no knowledge of the attacks and is willing to work with the United States to formulate better cyberterrorism laws. Despite such overtures, intelligence officers in the U.S still maintain the officials within the Chinese Government were aware of the attack.
Beyond economic implications, it is difficult to know how much data the Chinese Government collected from compromised servers. If Apple was breached, then thousands of their users are in danger of having their data fall into the wrong hands. Investigators are saying that it is doubtful any personal data in the affected companies were taken, there is no assurance that China, or the people who created the hack cannot later take the consumer’s data if they feel it could undermine the United States or serve another useful purpose. There has also been no word yet that other countries were affected. It is possible that China is also spying on other countries and stealing critical government and industrial secrets.
How can we Minimize Exposure
The investigations are still ongoing, so it is unknown how many companies in how many countries have been compromised. Individuals and companies would have to bring their systems to be checked by specialists. It will be a long process, but a painstaking check will have to be done to ensure that sensitive information is well protected. Companies are hiring consultants to evaluate their risk, but they do not make that public for fear of alarming their customers and investors.
For companies who use Super Micro servers as part of their core infrastructure the big question now is, how can we minimize exposure? In our follow-up blog later this week we will explore that question in depth.
Sign up below to be notified of
Part 2 in our Supermicro Hack series.
Have something to add? Let us know your thoughts in the comments below!