Chinese Spy Chips in NSA Server and Apple and Amazon Cloud

in #news2 years ago

As far as computer hacking goes, this is potentially the biggest one in history.

The story starts in 2015, when Amazon wants to buy Elemental Technologies because of their video expertise (Amazon Prime Video, anyone?).
Elemental’s technology was also used for example by the ISS streaming or drone videos.

For acquiring Elemental, Amazon had to do some checks on the company and ordered a third party to do them. And that third party company found a tiny microchip on Elemental’s servers, just a very few cubic millimeters big, disguised as a normal, “dumb” piece of hardware.


Elemental used servers by Super Micro Computer Inc., or better known under the short name Supermicro. Supermicro is based in San Jose, but as everyone their IT tech is made in China. They supply a sizable part of the world’s server motherboards.

During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.

One official says investigators found that it eventually affected almost 30 companies, including a major bank, government contractors, and the world’s most valuable company, Apple Inc.

Put it into the cloud, they said! It is safer, they said!

But this hardware hack into the supply chain means that potentially everyone could be affected. Maybe the Chinese government has the keys to your Cryptocurrency on every exchange and online wallet? Or for that matter: all keys you use on Steemit?

More background in the source article in Bloomberg



Oh.. fun...

Just wonderful. Didn't read the article yet, but did they find a way to interrupt or block the intrusion?

That is not possible. That is the point of hardware injection: The only way to prevent is to not use an injected hardware module.

Of course you could have a deep look on every mainboard )and try to get off the module without destroying the MB), but that is not really doable, right?

Well, I wouldn't exactly say it's not possible. You may not be able to remove the chip, but there are ways to defeat it. At the very least you could stop it from communicating with anyone. It would just be a matter of blocking whichever protocol or port it was using to communicate. The most difficult would be if it was communicating over port 80, you would need to block whomever it was trying to contact, and any fail-safes it had.

Most corporate and government sites lock down most protocols by default. The last corporate job I had, I had a divice that blocked IP's by country. I had most of the world blocked, and only allowed certain IP's by white list. (It was a PolyWall by bandura systems.) I also had an IDS/IPS from SourceFire.