China reportedly spied on US companies using chips hidden on servers, Apple and Amazon...

midian182

Posts: 5,866   +48
Staff member

The Bloomberg report claims that the rice-sized chips were hidden on server motherboards produced by San Jose-based firm Super Micro. Groups affiliated with Chinese government reportedly infiltrated the company’s supply chain, attaching the chips, which were disguised as signal conditioning couplers, to motherboards that ended up in US servers.

The chips were reportedly designed to steal IP and trade secrets from American companies. Bloomberg claims Amazon discovered them ahead of its 2015 acquisition of Elemental Systems and reported the chips to the FBI before removing them all within a one-month period. The find led to an investigation that is still ongoing.

One unnamed US official said the chips could modify the server’s operating systems, letting spies control the computers remotely and access the information held on them. In addition to large US companies, the motherboards also were used by Defense Department data centers and CIA drone operations.

Apple, AWS, Super Micro, and China’s Ministry for foreign affairs have all vehemently denied the report. “Bloomberg's reporters have not been open to the possibility that they or their sources might be wrong or misinformed,” said Apple, who ended its relationship with Super Micro in 2016. “Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple."

Bloomberg says its report is a result of information from 17 people, including six current and former senior national security officials, two from Amazon Web Services, and three Apple insiders.

Check out the full story and see the statements from the named companies here.

Permalink to story.

 
Last edited by a moderator:

stewi0001

Posts: 2,409   +1,914
TechSpot Elite
What I find most curious is that there is a spot on the motherboard for such a chip to be installed. Unless the motherboard design was altered.
 

Bluescreendeath

Posts: 234   +322
What I find most curious is that there is a spot on the motherboard for such a chip to be installed. Unless the motherboard design was altered.
The Bloomberg articles have more details. Apparently the motherboard subcontractors in China were approached by Chinese government agents and told to use altered designs.
 
  • Like
Reactions: stewi0001

erickmendes

Posts: 613   +269
I was reading the article... Ok, so let's asume China got it hardware backdoor around the world. Still USA got it's software backdoors all over the world.

And also, they talk about evidence it ocurred in Supermicro chinese factories, but still who can garantee the people behind this attack wouldn't be USA own gov? The motherboard design is made in Supermicro USA, it needed to be accept in Supermicro USA before it's even produced in China.
 
Last edited:
  • Like
Reactions: JaredTheDragon

stewi0001

Posts: 2,409   +1,914
TechSpot Elite
What I find most curious is that there is a spot on the motherboard for such a chip to be installed. Unless the motherboard design was altered.
The Bloomberg articles have more details. Apparently the motherboard subcontractors in China were approached by Chinese government agents and told to use altered designs.
I read the Bloomberg article, but I must have missed/forgotten the "altered design" part.
 

mbrowne5061

Posts: 1,523   +846
"Infiltrated the supply chain" implies that china produced chips that functioned as signal conditioning couplers, and were installed in their place. They didn't need to alter the design of the board, just swap out an existing component with one of their own.

Now, how exactly it worked is a mystery to me. SCCs are generally use for RF applications, so I am not sure what one is doing on a motherboard in the first place - never mind how they had all the capabilities they are reported to have.
 

Bluescreendeath

Posts: 234   +322
I was reading the article... Ok, so let's asume China got it hardware backdoor around the world. Still USA got it's software backdoors all over the world.

And also, they talk about evidence it ocurred in Supermicro chinese factories, but still who can garantee the people behind this attack wouldn't be USA own gov? The motherboard design is made in Supermicro USA, it needed to be accept in Supermicro USA before it's even produced in China.
Read the Bloomberg article before blaming the US for "hacking itself." The Chinese manufacturers responsible for physical production of the components changed the original design after meeting with Chinese government agents.

And your idea makes no sense. Many of the companies are defense contractors. Why would the US government need hardware backdoors to spy on American defense corporations who work with American government agencies? Government agencies literally just need to send someone to knock on Lockheed's door to easily get the information they want because all this tech and data belongs to the US government in the first place.
 
Last edited:
  • Like
Reactions: psycros

Uncle Al

Posts: 7,214   +5,600
The explanation sounds a little too convenient. The assertion that the US Govt would not spy on defense contractors is misinformed. The Govt spies on anyone they can, unfortunately because of the environment we all live in. The idea that Lockheed or any other large company would freely hand over information to the government is just as silly. If there's a buck to be made, these companies are going to make it and they won't make a dime by giving away anything.
 
  • Like
Reactions: JaredTheDragon

Bluescreendeath

Posts: 234   +322
The explanation sounds a little too convenient. The assertion that the US Govt would not spy on defense contractors is misinformed. The Govt spies on anyone they can, unfortunately because of the environment we all live in. The idea that Lockheed or any other large company would freely hand over information to the government is just as silly. If there's a buck to be made, these companies are going to make it and they won't make a dime by giving away anything.
I'm not referring to any random piece of information. I'm referring to technology and intellectual property - as that is what seems to be what the hardware devices are trying to steal. The articles from Bloomberg and other sources on this topic are referring to the hardware devices as a part of a greater system to steal technology and intellectual property.

Lockheed's defense technology and many of its other technologies does not belong to Lockheed in the first place. All that fancy tech already belongs to the US government because the government is paying Lockheed billions of dollars to do R&D and production. The same goes for Google developing tech and drones for the government.

Lockheed doesn't go and make its defense tech on its own to sell to the government. It gets contracted and paid by the government via government proposals/RFPs to develop technologies, and if it meets approval will get a separate contract to build them. All the intellectual property in these situations belong to the US government already.

And for privately developed technology, the US government has powerful "legal" channels to take control of private tech or prevent its use on the open market. The US can legally use eminent domain to take technology, or classify something as a secret to prevent development on a technology. Not to mention the court system or government audits can get plenty of other information in other ways. You just hit these domestic companies with a court order or a national security classification and voila, that privately developed tech is now the property of the US government!

Again, I don't see why the US government would go through inefficient, round-about, and illegal methods to obtain information when it has easier, legal methods of obtaining information from its own defense contractors.

Edit: Besides, how would American agents travel all the way to China, somehow convince/pressure Chinese manufacturing companies in China to insert spy hardware, all while unnoticed by the Chinese security agencies? And all for what? To spy on American companies in America by hoping they buy these rigged hardware from China to get tech from American companies...when there far simpler methods for the US government to get what they want from domestic companies? That is an extremely convoluted and inefficient scheme if you think the US government is behind this. It makes much more sense that the Chinese government is doing this.

As Occam's razor says, the simplest solution tends to be the right one.
 
Last edited:

psycros

Posts: 3,152   +3,283
Why is this surprising? We already knew the Chinese were never friends of the Free World (what's left of it, anyway). China's entire economy is built on the theft of intellectual property. They operate the most active spy network on the planet by far, even leaving Russia in the dust. 30% of of all Chinese engineers and technical workers in America have either been busted for espionage or are under investigation. The louder the media bleats about the "trade war" that's somehow going to destroy America's already destroyed economy the more certain we can be that Trump is right. Its long, LONG past time to kick China to the curb, and to hell with the top corporate managers who have sent all the jobs overseas and torn down our borders just so they can afford a second yacht. The only reason the tech barons are denying this story is because they want to keep the flow of Chinese H1B wage slaves going full steam. Screw 'em - they can hire some of their countrymen for a change. There are also plenty of places around the globe more trustworthy than China to produce goods...for example, the actual countries where all those consumers live!
 

Danny101

Posts: 1,318   +526
I'm not referring to any random piece of information. I'm referring to technology and intellectual property - as that is what seems to be what the hardware devices are trying to steal. The articles from Bloomberg and other sources on this topic are referring to the hardware devices as a part of a greater system to steal technology and intellectual property.

Lockheed's defense technology and many of its other technologies does not belong to Lockheed in the first place. All that fancy tech already belongs to the US government because the government is paying Lockheed billions of dollars to do R&D and production. The same goes for Google developing tech and drones for the government.

Lockheed doesn't go and make its defense tech on its own to sell to the government. It gets contracted and paid by the government via government proposals/RFPs to develop technologies, and if it meets approval will get a separate contract to build them. All the intellectual property in these situations belong to the US government already.

And for privately developed technology, the US government has powerful "legal" channels to take control of private tech or prevent its use on the open market. The US can legally use eminent domain to take technology, or classify something as a secret to prevent development on a technology. Not to mention the court system or government audits can get plenty of other information in other ways. You just hit these domestic companies with a court order or a national security classification and voila, that privately developed tech is now the property of the US government!

Again, I don't see why the US government would go through inefficient, round-about, and illegal methods to obtain information when it has easier, legal methods of obtaining information from its own defense contractors.

Edit: Besides, how would American agents travel all the way to China, somehow convince/pressure Chinese manufacturing companies in China to insert spy hardware, all while unnoticed by the Chinese security agencies? And all for what? To spy on American companies in America by hoping they buy these rigged hardware from China to get tech from American companies...when there far simpler methods for the US government to get what they want from domestic companies? That is an extremely convoluted and inefficient scheme if you think the US government is behind this. It makes much more sense that the Chinese government is doing this.

As Occam's razor says, the simplest solution tends to be the right one.
This is by definition, the military industrial complex. Including the fact that both civilian and government employees on certain projects must be cleared for classified access. It's a partnership.
 

Abraka

Posts: 176   +54
Well, Intel is making CPUs that are deliberately full of holes to spy on the entire world. AMD is having a little bit less, but still quite a few deliberate security holes. Routers made in any country are full of holes. The BlueTooth standard was made deliberately easily crackable, so that viruses can be sent and data stolen among all the devices that have BT. Including phones, laptops, smart TVs, cars.

Google Android operating system is basically one big spyware. All other Google services are free only because they are spying on you.

So, basically everything in 21st century is made to spy on you. Orwell missed 20-25 years but he was right. Except he was still an optimist. He thought that only your TV will spy on you, and that Party will buy you the TV. Boy, was he wrong! In 21st centiry YOU buy your own spying device with your hard-earned money. To spy on you. Not like during the cold war when CIA or KGB would plant you the spying device for free. Oh, no. Nowadays you have to buy it yourself. And it's not cheap!
 

erickmendes

Posts: 613   +269
I'm not referring to any random piece of information. I'm referring to technology and intellectual property - as that is what seems to be what the hardware devices are trying to steal. The articles from Bloomberg and other sources on this topic are referring to the hardware devices as a part of a greater system to steal technology and intellectual property.

Lockheed's defense technology and many of its other technologies does not belong to Lockheed in the first place. All that fancy tech already belongs to the US government because the government is paying Lockheed billions of dollars to do R&D and production. The same goes for Google developing tech and drones for the government.

Lockheed doesn't go and make its defense tech on its own to sell to the government. It gets contracted and paid by the government via government proposals/RFPs to develop technologies, and if it meets approval will get a separate contract to build them. All the intellectual property in these situations belong to the US government already.

And for privately developed technology, the US government has powerful "legal" channels to take control of private tech or prevent its use on the open market. The US can legally use eminent domain to take technology, or classify something as a secret to prevent development on a technology. Not to mention the court system or government audits can get plenty of other information in other ways. You just hit these domestic companies with a court order or a national security classification and voila, that privately developed tech is now the property of the US government!

Again, I don't see why the US government would go through inefficient, round-about, and illegal methods to obtain information when it has easier, legal methods of obtaining information from its own defense contractors.

Edit: Besides, how would American agents travel all the way to China, somehow convince/pressure Chinese manufacturing companies in China to insert spy hardware, all while unnoticed by the Chinese security agencies? And all for what? To spy on American companies in America by hoping they buy these rigged hardware from China to get tech from American companies...when there far simpler methods for the US government to get what they want from domestic companies? That is an extremely convoluted and inefficient scheme if you think the US government is behind this. It makes much more sense that the Chinese government is doing this.

As Occam's razor says, the simplest solution tends to be the right one.
Joint Venture of USA and China to spy on all rest of the world... Server hardware is not used only in China or USA.
 
When the **** did AMD and INTEL make their CPU's full of security holes. Please provide a source for these claims and also how to best burn all my life savings I spent into my computer. But really a source and is there any way to fix this?
Search for “spectre” and “meltdown”. Anyone who actually read/understood the accompanying researching papers about these two exploits wouldn’t spout such nonsense. (Not you, the person you’re quoting) Simple fact is such sophisticated exploits are entirely unnecessary, especially for spy agencies targeting anyone who’s not a foreign gov., the ultimate unpatchable exploit will always be the easiest, the end user. The PEBCAK
 

Bullwinkle M

Posts: 346   +214
In Todays News.....

TechCrunch....
the story is “credible,” but “even if it turns out to be untrue, the capability exists and you need to architect your networks to detect this.”

SanFrancisco CBS Local....
The report cites 17 different government and corporate sources with knowledge of the investigation, who say the Chinese military worked for years to insert a tiny, inconspicuous chip — oftentimes no larger than the tip of a pencil — onto the motherboards of servers.


What Techcrunch is saying >
We must spy on everything to detect others spying on everything

What CBS Local is saying >
After a year long investigation, 17 sources ALL Confirmed the story to Bloomberg AND ONLY BLOOMBERG!

No other news agency was notified by even ONE of the sources

WHY NOT?????????

It sounds more like a Trump propaganda stunt to push policy
 
  • Like
Reactions: erickmendes

mark kram

Posts: 47   +10
The Bloomberg article pointed out that AWS servers in China had also been hacked to spy on Chinese companies, industries, and banks. Amazon sold it off. What it did not tell you is that every cell phone, desktop, laptop, and server made for domestic consumption contains a variant of these chips so they can spy on the Chinese people at their leisure. This is one reason the government can find anybody in China within 5 minutes and arrest them. It is in the USA's best interest to move manufacturing facilities to India.