China planted tiny chips on US computers for cyber espionage
5.10.2018 securityaffairs BigBrothers
China used tiny chips implanted on computer equipment manufactured for US companies and government agencies to steal secret information.
According to a report published by Bloomberg News, China used tiny chips implanted on computer equipment manufactured for US companies and government agencies, including Amazon and Apple, to steal secret information.
The tiny chips have a size of a grain of rice, they were discovered after an investigation that is still ongoing and that that started three years ago.
“Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community.” reads the report.
The tiny chips were used as a “stealth doorway” into computer equipment, a hardware backdoor very hard to detect.
According to unnamed US officials cited in the report, the spying hardware was designed by a unit of the People’s Liberation Army and was inserted on equipment manufactured in China for US-based Super Micro Computer Inc.
Amazon discovered the tiny chips when it acquired software firm Elemental and conducted a security assessment of equipment made for Elemental by California-based Supermicro.
Elemental manufactured equipment for Department of Defense data centers, the CIA’s drone operations, and onboard networks of Navy warships.
“Elemental also started working with American spy agencies. In 2009 the company announced a development partnership with In-Q-Tel Inc., the CIA’s investment arm, a deal that paved the way for Elemental servers to be used in national security missions across the U.S. government.” continues the report.
“Public documents, including the company’s own promotional materials, show that the servers have been used inside Department of Defense data centers to process drone and surveillance-camera footage, on Navy warships to transmit feeds of airborne missions, and inside government buildings to enable secure videoconferencing. NASA, both houses of Congress, and the Department of Homeland Security have also been customers. This portfolio made Elemental a target for foreign adversaries.”
The tiny chips were designed to be implanted directly on the motherboards, the backbone for computer equipment used in data centers of the major US firms.
Amazon confirmed that it was not aware of the supply chain compromise.
“It’s untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental,” Amazon wrote.
Apple denied having found the spy chips on his equipment.
“On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server,” Apple wrote.