A story has recently surfaced from Bloomberg about the supposed discovery of tiny ‘spy chips’ installed on servers constructed for an American firm (Super Micro) that sells to large, publicly-visible customers such as Apple and Amazon, as well as lower-profile customers such as the US Department of Defense, the CIA, and the US Navy.
According to these reports, which have been denied by both Apple and Amazon, these tiny chips are capable of modifying the operating system of the servers, and allowing the servers to ‘phone home’ for further instructions. The existence of this alleged hardware hack has stunned many security experts, one of whom is quoted as saying “having a well-done, nation-state-level hardware implant surface would be like witnessing a unicorn jumping over a rainbow”.
Whether or not a unicorn did ever actually jump over any rainbows is still in dispute, but what is interesting is the methodology that US intelligence agencies and a Canadian security firm are reported to have used to trace the provenance of this hack.
As background, the servers in question were produced for a firm called Elemental Technologies, that creates video compression servers for, among others, Amazon, the CIA, the Church of Latter Day Saints (Mormons), and the adult film industry. The company producing them is Supermicro. However, Supermicro does not actually make these servers, but subcontracts the manufacture to fabrication plants: and the motherboards, on which the hacks are said to have been installed, are almost all created in China.
However, the fabrication plants producing the motherboards often run out of capacity, according to the article where this story first surfaced, giving the work to other companies, and these four sub-subcontractors were identified by the serial numbers of the suspect motherboards, and from there more
information was gathered from communications intercepts, tracking phones and phone records of key players, and from human sources.
It is reported that these firms were approached by individuals who claimed to represent either Supermicro or the Chinese government, who used threats and bribes to force changes to be made to the motherboard design incorporating the spy chips. These individuals are believed to be part of a special unit of the Chinese People’s Liberation Army specialising in hardware attacks.
How does this affect you?
Happily, it is extremely unlikely that your business will be affected by this alleged act of espionage, even if it does turn out to be true. However, hacking and data theft, implemented by simpler and less complex means, do occur on a regular basis, and catching the perpetrators is not always straightforward.
It often relies on a ‘join-the-dots’ technique, searching through gigabytes or more of data to identify and create connections, which lead to the identification of those involved in the data breach or cyberattack.
First Response is experienced in using the world’s most advanced forensic tools to help organisations track down the methods and the sources of such attacks, and to set up defences against future attacks.
Of course, prevention is always better than cure, and First Response is happy to work with you to create a Cyber Incident Response Plan which allows you to work together with us to prevent successful cyberattacks, and to mitigate the damage in the event that such an attack does take place.