Amazon, Apple Servers Completely Compromised by Chinese Hardware Backdoors

Amazon, Apple Servers Completely Compromised by Chinese Hardware Backdoors

For years, security researchers have warned that unscrupulous hardware manufacturers or foreign governments could hijack the manufacturing process, installing backdoors into equipment that would be difficult to detect or stop. Now, we’ve caught the Chinese red-handed, and the fallout could be ugly.

An extensive report from Bloomberg details how Amazon’s investigation into deploying servers manufactured by Elemental Technologies led to the discovery of hardware backdoors smaller than a grain of rice. The chips had been hidden on Supermicro motherboards. You can see the “before” picture above — the “after” photo, with the actual espionage processor (EPU?) is below:

Click to enlarge.
Click to enlarge.

After discovering the chips in 2015, the government spent three years investigating the situation. They’ve determined that the hardware creates “a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.”

There are two methods for performing this kind of hardware-based attack. One of them, which the US has historically used, is to intercept shipments and perform the modification in transit. The other is to build the modifications in from the beginning, which is what was done in China. US officials describe the attack as the most sophisticated supply chain compromise that we’re aware of, ever. Everyone who bought and deployed servers from Elemental Technologies, which specialized in video compression technology, was impacted. And it’s not just Elemental — Apple, too, found its own servers had been compromised and severed relations with Supermicro in 2016 for what the company claims are unrelated reasons.

It should be noted that Apple, Amazon, Supermicro, and the Chinese government all contest this story with various arguments about how it’s wrong. Bloomberg notes that their denials are countered by:

[Six] current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government’s investigation. One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon; the official and one of the insiders also described Amazon’s cooperation with the government investigation. In addition to the three Apple insiders, four of the six U.S. officials confirmed that Apple was a victim. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks.

Under the circumstances, we’ll be taking the word of Bloomberg over the word of some corporate flunkies trying to protect their own stock prices. Apple and Amazon have strongly denied the claims, and Bloomberg has strongly defended them. Given the potential implications of acknowledging you’ve deployed backdoored hardware, the companies in question have every reason to lie. For that matter, it’s possible that the companies are under a national security agreement not to acknowledge these attacks to avoid tipping the perpetrators off that the US was aware of them at all. If such an agreement was made back in 2015 – 2016, it wouldn’t have been suspended today just because Bloomberg went public (in fact, if you recall from the Snowden controversy, there were discussions about what program details could be discussed publicly even after news of their existence had formally leaked).

We have to give you one additional quote from the Bloomberg piece, which goes into extensive detail in how the hack was carried out and why we’re certain it’s connected to the Chinese government. It deals with why companies were interested in Elemental Technologies servers in the first place:

Elemental servers sold for as much as $100,000 each, at profit margins of as high as 70 percent, according to a former adviser to the company. Two of Elemental’s biggest early clients were the Mormon church, which used the technology to beam sermons to congregations around the world, and the adult film industry, which did not.

These attacks are part of why the Trump Administration’s embargo against China has targeted computer components. And it may help explain why most computer manufacturers had no luck getting themselves exempted from tariff considerations.

Continue reading

14.8 Million Accounts Compromised in 500px Breach
14.8 Million Accounts Compromised in 500px Breach

The first question you have to ask in a situation like this is, "Why are we only hearing about this now?"

Hackers Spied on Microsoft Email Accounts Via Compromised Admin Login
Hackers Spied on Microsoft Email Accounts Via Compromised Admin Login

The issue has been corrected, but it's not clear how long the breach went undetected or exactly what the attackers could see.