Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.
October 4, 2018
Chinese spies compromised server hardware for nearly 30 US companies, including Amazon and Apple, as well as the US government, in a bold espionage attempt to compromise the US's entire technology supply chain, according to a Bloomberg report early Thursday.
Amazon.com Inc. (Nasdaq: AMZN) discovered spy chips mounted on the motherboards of servers manufactured by Super Micro Computer for Elemental Technologies, in 2015. Amazon was considering acquiring Elemental, which made video streaming software, to bolster its Prime video service, according to the Bloomberg report. Apple discovered the attacks independently at about the same time in its own data center server hardware.
The allegations, if true, have broad implications. Super Micro Computer, also known as Supermicro, is one of the world's biggest suppliers of server motherboards. Elemental's servers can be found in Department of Defense Data Centers, CIA drone operations and onboard networks for Navy warships. And Elemental is just one of hundreds of Supermicro customers, Bloomberg reports.
Amazon reported their findings to US authorities. The US government is continuing to probe the incident more than three years later. It determined the chips allow attackers to "create a stealth doorway into any network that included the altered machines," Bloomberg said. "Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China," according to the report. China, which dominates electronics manufacturing, is uniquely poised to pull off this kind of attack, though even China would find an attack on this level extremely difficult.
Now entering its fifth year, the 2020 Vision Executive Summit is an exclusive meeting of global CSP executives focused on navigating the disruptive forces at work in telecom today. Join us in Lisbon on December 4-6 to meet with fellow experts as we define the future of next-gen communications and how to make it profitable.
Bloomberg says US officials describe the incident as "the most significant supply chain attack known to have been carried out against American companies."
One official says investigators found that it eventually affected almost 30 companies, including a major bank, government contractors, and the world's most valuable company, Apple Inc. Apple was an important Supermicro customer and had planned to order more than 30,000 of its servers in two years for a new global network of data centers. Three senior insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards. Apple severed ties with Supermicro the following year, for what it described as unrelated reasons.
In emailed statements, Amazon (which announced its acquisition of Elemental in September 2015), Apple, and Supermicro disputed summaries of Bloomberg Businessweek's reporting. "It's untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental," Amazon wrote. "On this we can be very clear: Apple has never found malicious chips, 'hardware manipulations' or vulnerabilities purposely planted in any server," Apple wrote. "We remain unaware of any such investigation," wrote a spokesman for Supermicro, Perry Hayes. The Chinese government didn't directly address questions about manipulation of Supermicro servers, issuing a statement that read, in part, "Supply chain safety in cyberspace is an issue of common concern, and China is also a victim." The FBI and the Office of the Director of National Intelligence, representing the CIA and NSA, declined to comment.
On the other hand, Bloomberg says it has 17 people confirming its story, including "six current and former senior national security officials," and Amazon and Apple insiders.
"One government official says China's goal was long-term access to high-value corporate secrets and sensitive government networks. No consumer data is known to have been stolen," says Bloomberg.
Bloomberg has a great deal more information in its in-depth report: The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies.
The Bloomberg investigation lends credence to claims that China is implanting spy technology in the electronics it exports to the US, which at times have appeared like political posturing, notes my colleague Jamie Davies at Telecoms.com. (See Maybe the Chinese espionage rhetoric is more than political hot air.)
Huawei Technologies Co. Ltd. and ZTE Corp. (Shenzhen: 000063; Hong Kong: 0763) have been subject to sweeping bans by the US government in doing business in America. Huawei recently launched an effort to convince the Federal Communications Commission to open the doors to US trade. (See Huawei Hasn't Given Up on US Market, Pitches the FCC.)
— Mitch Wagner Executive Editor, Light Reading
Read more about:Asia
Executive Editor, Light Reading
San Diego-based Mitch Wagner is many things. As well as being "our guy" on the West Coast (of the US, not Scotland, or anywhere else with indifferent meteorological conditions), he's a husband (to his wife), dissatisfied Democrat, American (so he could be President some day), nonobservant Jew, and science fiction fan. Not necessarily in that order.
He's also one half of a special duo, along with Minnie, who is the co-habitor of the West Coast Bureau and Light Reading's primary chewer of sticks, though she is not the only one on the team who regularly munches on bark.
Wagner, whose previous positions include Editor-in-Chief at Internet Evolution and Executive Editor at InformationWeek, will be responsible for tracking and reporting on developments in Silicon Valley and other US West Coast hotspots of communications technology innovation.
Beats: Software-defined networking (SDN), network functions virtualization (NFV), IP networking, and colored foods (such as 'green rice').
You May Also Like
Rethinking AIOPs — It's All About the DataMar 12, 2024
SCTE® LiveLearning for Professionals Webinar™ Series: Fiddling with Fixed WirelessMar 21, 2024
SCTE® LiveLearning for Professionals Webinar™ Series: Cable and 5G: The Odd Couple?Apr 18, 2024
SCTE® LiveLearning for Professionals Webinar™ Series: Delivering the DAA DifferenceMay 16, 2024