HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » Latest Breaking News (Forum) » The Big Hack: How China U...

Thu Oct 4, 2018, 02:55 PM

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

Source: Bloomberg

In 2015, Amazon.com Inc. began quietly evaluating a startup called Elemental Technologies, a potential acquisition to help with a major expansion of its streaming video service, known today as Amazon Prime Video. Based in Portland, Ore., Elemental made software for compressing massive video files and formatting them for different devices. Its technology had helped stream the Olympic Games online, communicate with the International Space Station, and funnel drone footage to the Central Intelligence Agency. Elementalís national security contracts werenít the main reason for the proposed acquisition, but they fit nicely with Amazonís government businesses, such as the highly secure cloud that Amazon Web Services (AWS) was building for the CIA.

To help with due diligence, AWS, which was overseeing the prospective acquisition, hired a third-party company to scrutinize Elementalís security, according to one person familiar with the process. The first pass uncovered troubling issues, prompting AWS to take a closer look at Elementalís main product: the expensive servers that customers installed in their networks to handle the video compression. These servers were assembled for Elemental by Super Micro Computer Inc., a San Jose-based company (commonly known as Supermicro) thatís also one of the worldís biggest suppliers of server motherboards, the fiberglass-mounted clusters of chips and capacitors that act as the neurons of data centers large and small. In late spring of 2015, Elementalís staff boxed up several servers and sent them to Ontario, Canada, for the third-party security company to test, the person says.


Featured in Bloomberg Businessweek, Oct. 8, 2018. Subscribe now.PHOTOGRAPHER: VICTOR PRADO FOR BLOOMBERG BUSINESSWEEK
Nested on the serversí motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasnít part of the boardsí original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elementalís servers could be found in Department of Defense data centers, the CIAís drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.

During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.

Read more: https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies



Wow- this is a really f-ed up thing. A Security Failure that got into the computer supply chain for the CIA and others.

7 replies, 1460 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 7 replies Author Time Post
Reply The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies (Original post)
RainCaster Oct 2018 OP
Jokerman Oct 2018 #1
CloudWatcher Oct 2018 #2
OhNo-Really Oct 2018 #4
BamaRefugee Oct 2018 #5
ancianita Oct 2018 #3
onethatcares Oct 2018 #6
BumRushDaShow Oct 2018 #7

Response to RainCaster (Original post)

Thu Oct 4, 2018, 03:10 PM

1. More IP surveillance cameras found with backdoors built into the code

I know a vendor who insists that ALL Chinese made surveillance cameras have code allowing government access.

"A Chinese CCTV camera company has been forced to issue patches to its products after being accused of leaving backdoors in several its products."

https://www.scmagazineuk.com/ip-surveillance-cameras-found-backdoors-built-code/article/1475110

"The hidden URL, accessible to the internet, could allow a hacker to remotely download the full user database with all credentials and permissions, choose an admin user, copy the login names and password hashes and use them as source to remotely log in to the Dahua devices."

Reply to this post

Back to top Alert abuse Link here Permalink


Response to RainCaster (Original post)

Thu Oct 4, 2018, 03:10 PM

2. bullsh*t

I'm no fan of buying Chinese, but as ARS reports,

Apple's denial in particular is unusually verbose, addressing several different parts of the Bloomberg report explicitly, and is a far cry from the kind of vague denial that one might expect if the company were subject to a government gag order preventing it from speaking freely about the alleged hack.


Ref: https://arstechnica.com/gadgets/2018/10/bloomberg-super-micro-motherboards-used-by-apple-amazon-contained-chinese-spy-chips/

Apple's email with details refuting the "facts" in the article:

https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond

Reply to this post

Back to top Alert abuse Link here Permalink


Response to CloudWatcher (Reply #2)

Thu Oct 4, 2018, 03:18 PM

4. Thank you. Great article.

You would think that whoever intalls these motherboards onto servers etc. would check to make sure they match the original design.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to OhNo-Really (Reply #4)

Thu Oct 4, 2018, 03:24 PM

5. Indeed, which adds to the suspicious nature of this...

Reply to this post

Back to top Alert abuse Link here Permalink


Response to RainCaster (Original post)

Thu Oct 4, 2018, 03:14 PM

3. Supermicro's chips are in everything-- server motherboards in the West -- then Apple dropped them.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to RainCaster (Original post)

Thu Oct 4, 2018, 03:42 PM

6. what does this mean to we consumers

what are the effects on our wallets?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to RainCaster (Original post)

Thu Oct 4, 2018, 05:13 PM

7. I used to build caseless machines to run various linux distros as a hobby

and one of them was a dual-CPU Supermicro motherboard (I think I put 2, PIII 600MHz CPUs in it and overclocked them). That was back in the early - mid 2000s so not sure what the timeframe was for this story and when they really found what they found. Apparently the subcontracted company Elemental built machines using SM server mobos for server farms (now called "clouds"...lol).

I have read numerous stories over the years about code included on certain microchips coming from China - and notably when there was a lot of speculation about what was going on in San Francisco where the big trans-Pacific fiber comm lines were coming and the NSA and whatnot... But based on these recent stories, they may have limited that to certain motherboard configurations that are known to be used for servers.

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread