1. Home
  2. The Blog
  3. The Big Hack: Inside the Chinese Cyberspies’ Bag of Tech Tricks

The Big Hack: Inside the Chinese Cyberspies’ Bag of Tech Tricks

03 Feb
03Feb

In the most significant known supply chain attack ever against U.S. companies, Chinese hackers implanted tiny microchips in servers that made their way into data centers of some of the world’s biggest companies, including Amazon.com Inc. and Apple Inc., according to a Bloomberg Businessweek investigation. Here are the nine most important takeaways from the cover story that outlines how it went down:



The impact of the attack was felt widely.

Aside from Amazon and Apple, the list includes almost 30 companies, including a major bank and government contractors. It was aimed at scooping up sensitive company trade secrets and national security data stored in government contractors’ computer networks, a U.S. official says.



Investigators say China is behind the attack.

According to U.S. officials with knowledge of the investigation, operatives from a unit of the People’s Liberation Army inserted the chips during the manufacturing process. U.S. agencies traced the chips to subcontracting factories that built motherboards for a San Jose-based company called Super Micro Computer Inc. In some cases, middlemen—claiming to be Supermicro representatives or suggesting that they had ties to government—approached plant managers. They used bribes or threats of inspections that could slow or halt production to ram through changes to motherboards’ original designs.



relates to The Big Hack: Inside the Chinese Cyberspies’ Bag of Tech Tricks
After 3 years, the top-secret investigation into the most significant supply chain attack in U.S. history remains ongoing.Read the full story.Photographer: Victor Prado for Bloomberg Businessweek

Supermicro was a primary conduit.

Founded in 1993, Supermicro worked extensively with Chinese contractors, and it had more than 900 customers in 100 countries by 2015, when the attacks took place. It offered inroads to a bountiful collection of sensitive targets.



U.S. officials were girding for an attack.

Long before evidence of the attacks surfaced inside companies, intelligence sources were reporting that China’s spies planned to introduce malicious microchips into the supply chain. In the first half of 2014, officials went to the White House with a breakthrough: China’s military was preparing to insert the chips into Supermicro motherboards bound for U.S. companies.

Apple and Amazon made their own discoveries of malicious chips, insiders say.

Amazon came across affected servers in 2015, while it was considering an acquisition of Elemental Technologies, a company that would help it expand video streaming services. Testers working on behalf of Amazon found a tiny microchip, not much bigger than a grain of rice and not part of the original design, embedded in an Elemental server. Amazon’s security team also found altered motherboards in Amazon Web Services servers inside China. Apple found added chips in its network the same year.

Supermicro, Amazon, and Apple deny that an attack took place. Bloomberg Businessweek’s reporting is extensive.

In emailed statements, Amazon, Apple, and Supermicro disputed summaries of Bloomberg Businessweek’s reporting. However, the account is based on more than a year of reporting and more than 100 interviews, including several current and former senior national security officials and insiders at Apple and Amazon. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks.

Placement of the chips was important.

The chips found in Supermicro servers were manufactured into a distinctive spot on the motherboards. They were machine-soldered onto the electrical conduits—called traces, or buses—that connect to a superchip of sorts, called a baseboard management controller.

The BMC creates a kind of intentional backdoor to a system, allowing administrators to remotely log in to servers, even those that have crashed or are turned off. It has direct access to both the server’s network communications chip, which connects to other computers, and to its memory, notably to the spot where the instructions that make up the computer’s operating system are temporarily stored before being executed by the central processor. Connecting the chips to the BMC would allow the attackers to do two important things: phone home to anonymous computers on the internet that were operated by the attackers, and inject a small payload directly into the operating system’s kernel, or core; then modify it to accept further modifications. Via the chip, the hackers could infiltrate the most protected code on the server, tricking the operating system into believing that anything the chip told it to do was authorized.

Locating the chips in data centers was critical to stealing information.

An ordinary server makes an innocuous staging area for future probing of a target network. Because data centers can have thousands of identical servers in them, an attacker who sets up shop in one could hypothetically conduct long-term reconnaissance missions, scanning the layout of the target network and sending that data back home without great risk of being caught. An ultimate goal could be to reach higher-value targets such as network routers, switches, or servers with access to protected parts of the network. For nation-state attackers with time on their side, that work is best done slowly and inconspicuously. The U.S. investigation remains open. No consumer data is known to have been taken.

China’s approach to hacking differs from that of the U.S.

The Edward Snowden leak shows that the U.S. National Security Agency does a lot of hardware hacking, too. But the main difference relates to each country’s manufacturing capabilities. One leaked photo from Snowden shows U.S. government personnel intercepting a shipment of equipment from networking giant Cisco Systems Inc., installing implants in the devices’ firmware, boxing the shipments back up, and sending them along to the intended recipients. The Snowden documents show that the U.S. government is a master at this form of hardware manipulation, which is known as interdiction. What the attack against Supermicro hardware shows, according to people familiar with the U.S. government’s investigation, is that China’s government has permitted its spies to infiltrate factories on the mainland, modifying computer hardware bound for the U.S. and other countries—an approach so difficult and audacious that few organizations even bother inspecting their computer hardware for manipulations.

source:here

30May
3 Ways to Make Yourself Stronger at the Broken Places
19Jan
Mobile Phone Security: All You Need to Know
10Feb
Hype Your Brand on Instagram
Comments
* The email will not be published on the website.
I BUILT MY SITE FOR FREE USING