Bloomberg revealed a probe was started in 2015 regarding data center equipment run by Amazon Web Services (AWS) and Apple may have been subject to surveillance from the Chinese government via a tiny microchip inserted during the equipment manufacturing process at factories run by subcontractors in China. The chips were used for gathering intellectual property and trade secrets from American companies and may have been introduced by a Silicon Valley company called Super Micro. Though Apple, AWS and Super Micro deny knowledge of the claims or investigation, a probe that started 3 years ago is still open.
In early 2015, Amazon was looking to expand their web streaming services and began working with Elemental Technologies, based in Oregon. Elemental, which has government contracts, made software for compressing massive video files and formatting them for different devices. Its technology has been used to communicate with the International Space Station and funnel drone footage to the Central Intelligence Agency.
The chips were discovered after AWS hired a third-party security company to scrutinize Elemental’s products. The company examined the servers that customers installed in their networks to handle the video compression. Testers found tiny microchips, not much bigger than a grain of rice, nested on the servers’ motherboards that weren’t part of the boards’ original design. Amazon reported the findings to the US authorities. These servers were assembled for Elemental by Super Micro, who has their servers assembled by manufacturing subcontractors in China.
During the top-secret probe, investigators determined that the chips allowed the attackers to create a doorway into any network that included the altered machines. This kind of tampering is especially hard to accomplish because it means developing a deep understanding of a product’s design, manipulating components at the factory, and ensuring that the doctored devices made it through the global logistics chain to the desired location.
Investigators found that the tampered products eventually affected almost 30 companies, including a major bank, government contractors, and Apple Inc. Apple had planned to order more than 30,000 of its servers in two years for a new global network of data centers. Three senior insiders at Apple say that they also found malicious chips on Super Micro motherboards. Apple severed ties with Super Micro in 2016 for what they officially described as unrelated reasons.
Amazon, Apple and Super Micro deny any knowledge of planted chips though six current and former senior national security officials have detailed the discovery of the chips and the government’s investigation. One government official says China’s goal was long-term access to high-value corporate secrets and sensitive government networks. No consumer data is known to have been stolen.
We’d love to hear what you think. Check out our comments section and let us know!