China hardware hacks Amazon,Apple, and other US companies

[welfare]

https://www.bloomberg.com/news/featu...-top-companies

Quote:

In 2015, Amazon.com Inc. began quietly evaluating a startup called Elemental Technologies, a potential acquisition to help with a major expansion of its streaming video service, known today as Amazon Prime Video. Based in Portland, Ore., Elemental made software for compressing massive video files and formatting them for different devices. Its technology had helped stream the Olympic Games online, communicate with the International Space Station, and funnel drone footage to the Central Intelligence Agency. Elemental’s national security contracts weren’t the main reason for the proposed acquisition, but they fit nicely with Amazon’s government businesses, such as the highly secure cloud that Amazon Web Services (AWS) was building for the CIA.

To help with due diligence, AWS, which was overseeing the prospective acquisition, hired a third-party company to scrutinize Elemental’s security, according to one person familiar with the process. The first pass uncovered troubling issues, prompting AWS to take a closer look at Elemental’s main product: the expensive servers that customers installed in their networks to handle the video compression. These servers were assembled for Elemental by Super Micro Computer Inc., a San Jose-based company (commonly known as Supermicro) that’s also one of the world’s biggest suppliers of server motherboards, the fiberglass-mounted clusters of chips and capacitors that act as the neurons of data centers large and small. In late spring of 2015, Elemental’s staff boxed up several servers and sent them to Ontario, Canada, for the third-party security company to test, the person says.


Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.

During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.

This attack was something graver than the software-based incidents the world has grown accustomed to seeing. Hardware hacks are more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get.

[welfare]

Apple, Amazon, and homeland security deny any threat. Which would be expected.

https://techcrunch.com/2018/10/07/ho...y-chip-report/

Quote:

Homeland Security has said it has “no reason to doubt” statements by Apple, Amazon and Supermicro denying allegations made in a Bloomberg report published earlier this week.

It’s the first statement so far from the U.S. government on the report, casting doubt on the findings. Homeland Security’s statement echos near-identical comments from the U.K.’s National Cyber Security Center.

Bloomberg said, citing more than a dozen sources, that China installed tiny chips on motherboards built by Supermicro, which companies across the U.S. tech industry — including Amazon and Apple — have used to power servers in their datacenters. The chip can reportedly compromise data on the server, allowing China to spy on some of the world’s most wealthy and powerful companies.

Apple, Amazon and Supermicro later published statements on their websites. Bloomberg said it’s sticking by its story. And yet, this latest twist isn’t likely to leave anyone less confused, days after the story was first published.

Homeland Security protects the nation’s cyber defenses from both domestic and foreign threats. It’s rare for the government to issue a statement on an apparent threat which, according to Bloomberg, is a classified matter that’s been under federal investigation for three years.

The reality is that days after this story broke, it seems many of the smartest, technically minded, rational cybersecurity experts still don’t know who to believe — Bloomberg, or everyone else.

And until someone gets their hands on these apparent chips, don’t expect that to change any time soon.

[SkinnyPupp]

How does a story like that gain so much traction without anything backing it up other than "sources"

[asian_XL]

https://www.businessinsider.com/appl...-spies-2018-10

[R1CED`]

supermicro shares were razed to the ground for 2 days
of course apple and amazon will deny to protect their financial interests

Quote:

Originally Posted by SkinnyPupp

How does a story like that gain so much traction without anything backing it up other than "sources"

the original piece was rather sensationalist, but Bloomberg is not exactly Fox News and they're doubling down with the Israeli and Norwegian intelligence also supporting the claims
espionage is srs business, even in recent years we're still seeing Russia poison dissidents overseas and China kidnapping ones from Hong Kong...so why wouldn't you conceal your identity if you can?

[Dragon-88]

10 years ago when I was in computer sales, we used to sell Supermicro boards to BC Hydro, i'm pretty sure they still stick with the same brand..

[Drow]

Huge if true