For years, security researchers have warned that unscrupulous hardware manufacturers or foreign governments could hijack the manufacturing process, installing backdoors into equipment that would be difficult to detect or stop. Now, we’ve caught the Chinese red-handed, and the fallout could be ugly.
An extensive report from Bloomberg details how Amazon’s investigation into deploying servers manufactured by Elemental Technologies led to the discovery of hardware backdoors smaller than a grain of rice. The chips had been hidden on Supermicro motherboards. You can see the “before” picture above — the “after” photo, with the actual espionage processor (EPU?) is below:
After discovering the chips in 2015, the government spent three years investigating the situation. They’ve determined that the hardware creates “a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.”
There are two methods for performing this kind of hardware-based attack. One of them, which the US has historically used, is to intercept shipments and perform the modification in transit. The other is to build the modifications in from the beginning, which is what was done in China. US officials describe the attack as the most sophisticated supply chain compromise that we’re aware of, ever. Everyone who bought and deployed servers from Elemental Technologies, which specialized in video compression technology, was impacted. And it’s not just Elemental — Apple, too, found its own servers had been compromised and severed relations with Supermicro in 2016 for what the company claims are unrelated reasons.
It should be noted that Apple, Amazon, Supermicro, and the Chinese government all contest this story with various arguments about how it’s wrong. Bloomberg notes that their denials are countered by:
[Six] current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government’s investigation. One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon; the official and one of the insiders also described Amazon’s cooperation with the government investigation. In addition to the three Apple insiders, four of the six U.S. officials confirmed that Apple was a victim. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks.
Under the circumstances, we’ll be taking the word of Bloomberg over the word of some corporate flunkies trying to protect their own stock prices.
We have to give you one additional quote from the Bloomberg piece, which goes into extensive detail in how the hack was carried out and why we’re certain it’s connected to the Chinese government. It deals with why companies were interested in Elemental Technologies servers in the first place:
Elemental servers sold for as much as $100,000 each, at profit margins of as high as 70 percent, according to a former adviser to the company. Two of Elemental’s biggest early clients were the Mormon church, which used the technology to beam sermons to congregations around the world, and the adult film industry, which did not.
These attacks are part of why the Trump Administration’s embargo against China has targeted computer components. And it may help explain why most computer manufacturers had no luck getting themselves exempted from tariff considerations.