China Infiltrates 30 US Corporations Using Chips Implanted on Motherboards Other Devices

Discussion in 'Technical' started by 3M-TA3, Oct 4, 2018.

  1. 3M-TA3

    3M-TA3 Cold Wet Monkey Site Supporter++

    The hardware alterations were caught during a security inspection of SuperMicro motherboards, but this isn't limited to them. Likely there are many, many more affected devices. I am aware of some grey market Cisco routers my company had unintentionally purchased several years ago. We went to register the SN's with Cisco and found out that they were grey market. They wound up being sent to Cisco for evaluation and we found out that they had also been "chipped". This is not a new thing.

    Bloomberg - Are you a robot?

    "In 2015, Inc. began quietly evaluating a startup called Elemental Technologies, a potential acquisition to help with a major expansion of its streaming video service, known today as Amazon Prime Video. Based in Portland, Ore., Elemental made software for compressing massive video files and formatting them for different devices. Its technology had helped stream the Olympic Games online, communicate with the International Space Station, and funnel drone footage to the Central Intelligence Agency. Elemental’s national security contracts weren’t the main reason for the proposed acquisition, but they fit nicely with Amazon’s government businesses, such as the highly secure cloud that Amazon Web Services (AWS) was building for the CIA.

    To help with due diligence, AWS, which was overseeing the prospective acquisition, hired a third-party company to scrutinize Elemental’s security, according to one person familiar with the process. The first pass uncovered troubling issues, prompting AWS to take a closer look at Elemental’s main product: the expensive servers that customers installed in their networks to handle the video compression. These servers were assembled for Elemental by Super Micro Computer Inc., a San Jose-based company (commonly known as Supermicro) that’s also one of the world’s biggest suppliers of server motherboards, the fiberglass-mounted clusters of chips and capacitors that act as the neurons of data centers large and small. In late spring of 2015, Elemental’s staff boxed up several servers and sent them to Ontario, Canada, for the third-party security company to test, the person says.

    Featured in Bloomberg Businessweek, Oct. 8, 2018. Subscribe now.
    Photographer: Victor Prado for Bloomberg Businessweek
    Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.

    During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.

    This attack was something graver than the software-based incidents the world has grown accustomed to seeing. Hardware hacks are more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get. ..." More at link above
  2. oil pan 4

    oil pan 4 Monkey+++

    During the Obama years they hacked everything. I figured o-dip stick was just letting them.
    Now maybe they did "hack in" by back door in tiny additional hardware and or software on devices.
    Ura-Ki, Dunerunner and sec_monkey like this.
  3. Asia-Off-Grid

    Asia-Off-Grid RIP 11-8-2018

    Pretty serious. For me, war-serious.
    Ura-Ki, Dunerunner and sec_monkey like this.
  4. arleigh

    arleigh Goophy monkey

    The beauty of this is, that it will nullify the pressure to force people to be chipped .
    it's a proven fact every thing is hackable, the chip is no exception .
    Flooding the market with chips like this is like printing money backed with nothing.
    Ura-Ki likes this.
  5. sec_monkey

    sec_monkey SM Security Administrator

    this is not news, china plus russia plus others have compromised a lot more than 30 companies
    Brokor, Ura-Ki and 3M-TA3 like this.
  6. oil pan 4

    oil pan 4 Monkey+++

    The chip that spies on you has a chip that spies on it.
    Conspiracy theorist dream or nightmare come true.
    Ura-Ki, 3M-TA3 and sec_monkey like this.
  7. duane

    duane Monkey+++

    We make the chips overseas now, the DEC pant in Hudson is gone as is the TI plant that made chips near here. Digital, Wang, Bull, Nixdorf, Burroughs, , I worked for a company that did things for them all, now it is parking lots, repurposed buildings, etc. Does anyone honestly expect the Chinese to not do things that they consider in their best interests when they build our chips in their country? The next war may well be ended by our reliance on the lowest bidder and "Ching Fat Inc" or whatever, may in the end be found to be in a Chinese gov company and would in fact build the chips for free if they could put their zombie chip in the completed product.
  8. Dunerunner

    Dunerunner Brewery Monkey Moderator

    Imagine an enemy that could shut down your automated military offensive and defensive systems or turn them on you.... No wonder they have kept it secret.

    Would make a great Bond movie, though!!
    Ura-Ki and sec_monkey like this.
  9. HK_User

    HK_User A Productive Monkey is a Happy Monkey Site Supporter

    But But, they are our trusted trading partner!!!!!!!!

    Sucker Bait I'd say.
    Dont, Dunerunner and Ura-Ki like this.
  10. Motomom34

    Motomom34 Monkey+++

    Apple and Amazon denied that report. They stated Bloomberg was incorrect-

    Apple said it had refuted “virtually every aspect” of the story in on-record responses to Bloomberg. “Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server,” the company said. Amazon Web Services (AWS) said it found no issues. Apple, Amazon deny Bloomberg report on Chinese hardware attack | Reuters

    It think it is one of those cases of who do you believe more. Personally I have a negative view of Amazon and Apple when it comes to trust so Bloomberg may be correct.
    Dont, Dunerunner and Ura-Ki like this.
  11. duane

    duane Monkey+++

    James Bond types could put a cell phone chip in a heat sink or a capacitor can on one of the military boards and in sleep mode it would use so little power it would probably never be found, but the raspberry pi demonstrates that you can do a lot with such a chip. That is hardware, no telling what they could insert into the software.
  12. Ura-Ki

    Ura-Ki Grudge Monkey

    Seen some pretty scary stuff coming out of the hard ware manufactures, Cant say what, how, or where, just to say it was proved.
    This isn't new or unheard of, it's just that China once again got caught with it's fingers in the cooky jar!

    There is a pretty good game running, all the players are trying to "do unto others before done unto themselves," and there is the whole see if we can get away with something with out getting caught kind of thing running along side. Don't think for one minute we haven't done these sorts of things ether!

    The world may very well end in ZEROS and ONES!
    Dont, Motomom34, Dunerunner and 3 others like this.
  13. SB21

    SB21 Monkey+++

    I can't believe the Chinese , N Korea , Russians , Iran , or anyone else would do that to us !!!..........[sarc2]
    What I'm glad to hear is,,,,,that we haven't heard about us doing this. Because , that means,,,,we haven't been caught !!! What's good ,,,is we are finding these things . That means some of our security detection technology is working. But this also means ,,,,,, we need to keep thinking ahead and find the spying techniques they're using that we don't know about. But so far , probably their most proven long lasting effective spying technique ,,,has been an overpaid foreign born aid hired on by the democrats. Like the Pakistani IT tech and his whole family that worked for Debbie Wasserman Shultz . Or , the Chinese Spy driver that worked for Diane Fienstien for 20 years. That's your good old fashioned spy stuff there,,, Infiltrated foreign workers ,,,and treasonous government officials. Seems like a great movie. But ,, it's actually real life America.
  14. Big Ron

    Big Ron Monkey+

    I watched a guest on c-span this morning.he had a book out called The hundred-year war if I remember that right. he pointed out how much of an enemy China really is. The Chinese really don't like President Trump. i liked that part.
    Dont and Motomom34 like this.
  15. duane

    duane Monkey+++

    China has always had one advantage over the USA. There are no losers contesting the election. hindering government operations, trying to take control every way they can as the democrats and republicans do in the USA. Their policy has been for the winners to destroy the losers, and while that may lead to decisions that drive them off a cliff, the great leap forward and such, they will do it at full speed and with little comment from anyone. Hitler had similar policies and fought well past the point where it was rational and we didn't help when the war ended. Under occupation from 1945 to 1950 about 3 million germans starved to death or died from lack of medical care and 15 million were made refugees. If peace had been made when the attempt was made on Hitler's life, several million people would most likely lived. China is very capable of making the same type of decisions and our fragmented leadership is very capable of making decisions to make problems much worse. Zombie micro chips may well be the least of our worries.
    Dont, Motomom34, Dunerunner and 2 others like this.
  16. Bandit99

    Bandit99 Monkey+++ Site Supporter+

    I seem to remember a USB flash drive scare that was much the same thing. I'm not sure what became of that one... The fact of the matter is many circuit boards and certainly motherboards are so complex that if a manufacture wanted to add something like this - well - one would never know and it would be almost impossible to find it. I am honestly impressed that they did find it; however, they were specifically looking for it.

    Personally, I think the story sounds a bit far fetch, definitely feasible but highly improbable. Why? I would think this would have to have approval from very high within the Chinese government because something like this is truly risking an international embargo, international law, their economy - hell - possibly war. So, if this was done by a corporation then...I think heads, and I do mean literary 'heads', will roll. Now, if it was the Chinese government....well...
    3M-TA3, SB21, Motomom34 and 1 other person like this.
  17. sec_monkey

    sec_monkey SM Security Administrator

    heads might roll jus to provide deniability

    jus sayn
    oldawg, 3M-TA3, SB21 and 1 other person like this.
  18. HK_User

    HK_User A Productive Monkey is a Happy Monkey Site Supporter

    May just be Pay Back.
    SB21 and Bandit99 like this.
  19. arleigh

    arleigh Goophy monkey

    I can see it now the next weapon is a chip gun.
    they don't kill the enemy they implant a chip .
    SB21 likes this.
  20. HK_User

    HK_User A Productive Monkey is a Happy Monkey Site Supporter

    The Kill of a Thousand Chips.
survivalmonkey SSL seal warrant canary