Perhaps in one of the biggest data breaches of all time, Chinese spies seem to have secretly infiltrated as much as 30 tech companies in the US including biggies like Apple and Amazon.
This was done with the help of malicious microchips installed into the motherboards of the servers belonging to these companies, according to a Bloomberg Businessweek report.
The attack has been reportedly carried out via a US-based company called Supermicro, which is know to be one of the world’s biggest suppliers of server motherboards. Though the company is American, its assembly and manufacturing is taken care of in China.
How Was the Attack Carried Out?
According to the Bloomberg report, in 2015, Elemental Technologies, responsible for making software for compressing massive video files and formatting them for smaller devices was under Amazon's radar for the expansion of its video streaming app which is now known as Amazon Prime Video.
Elemental’s servers that handled the video compression for the Amazon Web Services (AWS) were manufactured by Supermicro in China. When the motherboards were delivered to the concerned parties, it was discovered that small microchips “not much bigger than a grain of rice” were nestled in the motherboards which weren’t a part of the original design.
According to the report, “multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.”
One affected company had offered its services to clients of the US government, including Department of Defense data centres, Navy warships and the CIA, in its drone operations.
Elemental was just one of Supermicro’s customers. Imagine the scale at which these chips would have been installed into multiple servers.
Elemental came out with its own statement reported in the Washington Post saying that “at no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems.
Nor have we engaged in an investigation with the government. There are so many inaccuracies in this article, as it relates to Amazon that they’re hard to count.”
System Compromised?
The Bloomberg Businessweek report revealed that the malicious chips allowed attackers to “create a stealth doorway into any network that included the altered machines.”
This meant that any information on the server could be accessed as the chips are able to subvert the hardware they are installed on, allowing hackers to siphon off great amount of data.
The report further added that, Amazon and Apple had discovered the hack through internal investigations and reported the same to US authorities. However, the publication added that there was no direct evidence to believe that companies’ data – or that of users – was compromised, but both firms quietly and smartly removed the compromised servers from their system.
This attack can be considered to be much graver compared to a software hack, as hardware hacks are more difficult to execute and far more devastating in the long-term. Because to remove the threat one has to destroy the entire hardware or replace it completely.
Apple & Amazon Still Not Budging
Both Apple and Amazon have completely refuted Bloomberg's report.
At one end, Amazon said it was untrue that it knew anything about “servers containing malicious chips or modifications in data centers based in China,” or that it “worked with the FBI to investigate or provide data about malicious hardware.”
Apple too retaliated by telling Bloomberg: “On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server.”
However, a constellation of sources countered the arguments present by Apple and Amazon.
Current and former senior national security officials along with two people working inside AWS corroborated Bloomberg’s claim and providing extensive information on how the attack was carried out at Elemental and Amazon. They also described Amazon’s cooperation with the government investigation.
In addition to this, three Apple insiders also confirmed that Apple was a victim of the attack.
You can read the full statements of Apple and Amazon denying the breach here.
According to the report, the US intelligence community’s investigation into this matter is still going on. Though it also said that many servers across the world might already have used the sabotaged motherboards in their own data centres before the issue was discovered.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)