// BIG NEWS // How China Would Have Managed the Biggest Hack of All Time!

in #news6 years ago

By integrating a virtually undetectable "backdoor" microchip into the world's # 1 server motherboards, Chinese authorities could have reached the secrets of thirty American companies, including Amazon and Apple.

chinese-hacker2.jpg
Source

It has the size of a grain of rice and takes the shape of a microscopic chip, which Bloomberg has revealed by publishing a long survey.

Tiny and nevertheless colossal, this microchip already causes a crisis as rarely the IT security has known. A tidal wave that damages the security of hundred thousand servers in the data centers of giants like Amazon or Apple, and by extension that of their hundreds of millions users, individuals, companies and administrations.

DQmdpsoEfLe5nRg4Q1oKWHNjLdMnAucCYfRou1yF5Yiwrzs.png

The story of a small giant

Everything begins with a Californian company whose headquartered is situated in the North of San Jose, in the heart of the Silicon Valley, near its international airport. The company is called Super Micro Computer, generally shortened in Supermicro. It was founded in 1993 by Charles Liang, a Taiwanese engineer and his wife, and quickly became the number one of the server motherboards market. Components that we find in MRI machines, web servers, banking servers or cloud (without forgetting the control systems of the army). Charles Liang's company dominates widely the market, to the point of selling almost so many motherboards as all other actors combined.

As many US companies in the 90s, Supermicro followed the wave of the relocation of its production at first in Taiwan, then to mainland China. A logical evolution, facilitated by the strong Chinese culture of the society and where the important meetings take first place in English and then in mandarin, explains Bloomberg.

DQmdpsoEfLe5nRg4Q1oKWHNjLdMnAucCYfRou1yF5Yiwrzs.png

A stowaway almost undetectable

It’s this relocation that seems to have allowed the break-in of the century. In the small world of States hacking, to compromise equipment two solutions are possible. The first one, has the favors of the US agencies, as revealed by Edward Snowden. It consists in intercepting the equipment between the place of manufacturing and the delivery address.

The second is more complex because it requires a modification in the factory, with all that it involves: A strong complicity on behalf of the manufacturer (or of his subcontractors) covered by a state power. It also implies a thorough knowledge of hacker circuits. Because the goal is to add a chip on the circuits that will provide access to the machine and information that pass through its circuits.

bd912a6aa296480adad3244229ccc.jpg

Here is for the theory… become reality in 2015.
This year, two companies, Amazon and Apple, each discover from their own a secret microchip on Supermicro motherboards installed on servers. One of these machines was reserved for an Apple laboratory, while others were being analyzed by Amazon's security audit teams. Alerted, the American intelligence services dealt with these cases and concluded that these informers, capable of communicating with Chinese servers to take instructions, were indeed added during the manufacture.

A back-door almost undetectable wide open to allow further attacks.

Soundcloud part 1

Soundcloud part 2

According to US analysts, not less than thirty companies would have been concerned by this hack: Apple and Amazon (whose cloud service is omnipresent), but also big banks, contractors of the American Federal state, etc.

The collapse of a reliable system

From the moment when "pirate" chips have been detected, the big question is to know if others did not escape the expert’s surveillance. Can we trust the services of these companies pirated from the inside? Are the data safe? Because despite all their willingness and their strong principles, the companies that resort to these servers are betrayed, without their knowledge.

It is not surprising that some of the actors concerned (Supermicro, Apple, Amazon and naturally the Chinese State) defend each other not being concerned by this affair. China clams to be a "resolute defender of cyber-security" and reminds being also victim of the dishonest production chains. Whereas Apple declares to lead investigations before each commissioning of this kind of product and not to have detected any irregularities, excepted that reported in 2015. The company moreover specifies not to work anymore with Supermicro since 2016.

DQmdpsoEfLe5nRg4Q1oKWHNjLdMnAucCYfRou1yF5Yiwrzs.png

China and State hacking

Nevertheless, the survey of the American economic site goes further and indicates that the arguments of Apple, Amazon and Supermicro are countered by several testimonies, those of American administration agents and employees of Apple, especially. Before the microchip was discovered by Apple engineers, it’s not less than 7 000 Supermicro servers that would have turned on the network of the Cupertino firm, with all the risks of data leak that suggests.

Bloomberg specifies however that no personal data was stolen. Because the objective of the spies - resolutely identified as serving China - is to steal intellectual property or secret governmental data.

This investigation tells the path followed by the US secret service investigators to trace back these hacked motherboards from their origin. How Chinese officials have corrupted or threatened the subcontractors (sometimes sub-contractors of Supermicro's subcontractors) so that the design of these cards is modified.

Behind these attacks, according to Bloomberg, we find units of the People's Liberation Army specialized in the material hack. At a time when the relations between China and the United States are not at best, these revelations risk to upset many things and to cast doubt on numerous services. Not necessarily for best.

Source: Bloomberg

DQmdpsoEfLe5nRg4Q1oKWHNjLdMnAucCYfRou1yF5Yiwrzs.png

DQmNuF3L71zzxAyJB7Lk37yBqjBRo2uafTAudFDLzsoRV5L.gif

Sort:  

YOU JUST GOT UPVOTED

Congratulations,
you just received a 14.43% upvote from @steemhq - Community Bot!

Wanna join and receive free upvotes yourself?
Vote for steemhq.witness on Steemit or directly on SteemConnect and join the Community Witness.

This service was brought to you by SteemHQ.com

Coin Marketplace

STEEM 0.21
TRX 0.20
JST 0.034
BTC 90550.95
ETH 3108.45
USDT 1.00
SBD 2.92