Author Topic: The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies  (Read 280 times)

adroth

  • Administrator
  • Boffin
  • *****
  • Posts: 6170
    • View Profile
    • The ADROTH Project
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising Americaís technology supply chain, according to extensive interviews with government and corporate sources.

https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

In 2015, Amazon.com Inc. began quietly evaluating a startup called Elemental Technologies, a potential acquisition to help with a major expansion of its streaming video service, known today as Amazon Prime Video. Based in Portland, Ore., Elemental made software for compressing massive video files and formatting them for different devices. Its technology had helped stream the Olympic Games online, communicate with the International Space Station, and funnel drone footage to the Central Intelligence Agency. Elementalís national security contracts werenít the main reason for the proposed acquisition, but they fit nicely with Amazonís government businesses, such as the highly secure cloud that Amazon Web Services (AWS) was building for the CIA.

< Edited >

The first pass uncovered troubling issues, prompting AWS to take a closer look at Elementalís main product: the expensive servers that customers installed in their networks to handle the video compression. These servers were assembled for Elemental by Super Micro Computer Inc., a San Jose-based company (commonly known as Supermicro) thatís also one of the worldís biggest suppliers of server motherboards, the fiberglass-mounted clusters of chips and capacitors that act as the neurons of data centers large and small. In late spring of 2015, Elementalís staff boxed up several servers and sent them to Ontario, Canada, for the third-party security company to test, the person says.

Nested on the serversí motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasnít part of the boardsí original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elementalís servers could be found in Department of Defense data centers, the CIAís drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.

< Edited >

During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.

< Edited >