Report: Chinese Military Used ‘Hardware Hack’ for Massive Penetration of U.S. Computers

OMSK, RUSSIA - AUGUST 5, 2016: China's serviceman carries a Chinese flag during the opening ceremony for the Maintenance Battalion competition among maintenance units in the village of Cheryomushki as part of the 2016 Army Games, an international event organized by the Russian Defense Ministry. Sergei Bobylev/TASS (Photo by Sergei …
Sergei Bobylev\TASS via Getty Images

An explosive report published by Bloomberg Businessweek on Thursday claimed the Chinese military sabotaged circuit boards used by dozens of major American companies and government contractors by implanting a tiny chip that gave the People’s Liberation Army backdoor access to supposedly secure systems.

The report cited a U.S. investigation long in progress but only now revealed to the public.

Amazon.com reportedly hired security consultants in 2015 to evaluate the products of a promising startup called Elemental Technologies, which makes media storage servers that would be highly useful to Amazon’s Prime Video service. The consultants discovered the Elemental servers, assembled by yet another company called Super Micro Computer or “Supermicro,” had been sabotaged with “a tiny microchip not much bigger than a grain of rice.”

This minuscule alien chip allowed hackers to open a “stealth doorway into any network that included the altered machines.” It was designed to quietly signal outside computers controlled by hackers and give them such powerful access to the motherboard that they could effectively disable password systems, steal encryption keys, and sabotage security software. The extent of the attack was discovered, in part, by intercepting the signals sent by compromised computers to the waiting hackers.

The spy chip was not put there by Supermicro. It was already on the circuit boards they purchased from suppliers, which in turn obtained them from factories in China.

This is the kind of “seeding” technique that prompted some of the highest-profile U.S. actions against Chinese electronics companies.

It would appear the Amazon-Elemental-Super Micro discovery was on the minds of policymakers all along because the little spy chip was duly reported to the U.S. government as soon as it was discovered. The U.S. intelligence community was already working on a tip from about a year earlier about Chinese plans to compromise the servers used by American corporations and sensitive government agencies.

Critics of the seeding model of cyberwarfare have always argued it would be very difficult to pull off. One hacking expert told Bloomberg Businessweek finding a real live seeding attack orchestrated by a nation-state was like “witnessing a unicorn jumping over a rainbow.” The Bloomberg report also conceptualized it as “throwing a stick in the Yangtze River upstream from Shanghai and ensuring that it washes ashore in Seattle.”

What this means is that seeding involves planting poison chips in circuit boards at the very beginning of a manufacturing and distribution process that passes through at least six or seven layers before it reaches an end user, as in the case of the corrupted computers that almost made it to Amazon Prime Video. A malefactor would have to compromise a lot of circuit boards to have a decent chance of slipping hardware hacks into major corporate or government networks.

The Bloomberg report contends that this is what the People’s Liberation Army of China did, pulling off what U.S. officials see as “the most significant supply chain attack known to have been carried out against American companies.” Compromised computers found their way into almost 30 American companies, “including a major bank, government contractors, and the world’s most valuable company, Apple Inc.”

Although it is not clear from the report if all, or even most, of Elemental’s highly-regarded video compression servers suffered from Chinese hardware hacks, the report includes this wonderfully-written line summarizing how broad the company’s customer base is: “Two of Elemental’s biggest early clients were the Mormon church, which used the technology to beam sermons to congregations around the world, and the adult film industry, which did not.”

Elemental has also done business with CIA contractors, the Pentagon, and the Department of Homeland Security, making the company a very attractive target for Chinese intelligence.

Supermicro, in turn, is one of the biggest motherboard suppliers in the world. As the end note of the report duly notes, its customers include Bloomberg LP itself.

The report points out the workforce at its San Jose plant is mostly from Taiwan and China, making Mandarin Chinese the “preferred language” in the facility. U.S. intelligence investigators are reportedly still “examining” whether Chinese spies were planted among Supermicro’s staff to help propagate the hardware hack.

It does not sound like that level of espionage was necessary, because it was easy for PLA operatives to bribe or bully Chinese factory managers into allowing them to alter their chip designs. One of the U.S. officials quoted in the report said the PLA has a highly secretive unit specializing in hardware hacks, which American agencies have been tracking “for longer than we’d like to admit.”

Bloomberg Businessweek implies Apple discovered compromised chips in Supermicro computers just as it was about to order 30,000 of them but did not tell anyone, instead preferring to sever its relationship with the supplier for “unrelated reasons.”

Amazon, Apple, and Supermicro all disputed Bloomberg’s account of their knowledge of corrupted chips in written statements that were quoted in the report.

The Bloomberg report is sourced to “six current and former senior national security officials” familiar with the largely classified investigation during both the Obama and Trump administrations, plus 11 other sources who confirmed compromised chips were found in Supermicro computers. These sources were confident the spy chips were developed by the Chinese military and planted in the supply chain by PLA operatives.

A number of reasons for keeping the investigation quiet are explored in the report, including the ongoing status of the investigation, political necessity – the Obama administration was working on a big cyberespionage deal with China and a splashy summit meeting between President Barack Obama and Communist Party leader Xi Jinping – and the desire to avoid a corporate panic that could have sent computer prices skyrocketing and triggered an enormous market meltdown.

The implications for globalism were dire as well since China’s attack plan could only work if American companies set aside security concerns to voraciously gobble up bargain-priced chips and boards manufactured overseas. As Bloomberg Businessweek puts it:

Over the decades, the security of the supply chain became an article of faith despite repeated warnings by Western officials. A belief formed that China was unlikely to jeopardize its position as workshop to the world by letting its spies meddle in its factories. That left the decision about where to build commercial systems resting largely on where capacity was greatest and cheapest.

“You end up with a classic Satan’s bargain,” one former U.S. official says. “You can have less supply than you want and guarantee it’s secure, or you can have the supply you need, but there will be risk. Every organization has accepted the second proposition.”

According to CNBC on Thursday, Supermicro shares are down over 40 percent since the publication of the Bloomberg Businessweek report, while Apple and Amazon are down 1 and 1.5 percent respectively. Apple and Amazon continue to dispute the accuracy of the report. An Apple representative told CNBC the Bloomberg reporters might be confusing a relatively minor security incident from 2016 with the massive hardware hack they described and suggested someone deliberately “misinformed” them

CNBC also noted on Thursday that just a day earlier, the Department of Homeland Security issued its latest cybersecurity warning to American corporations. The alert warned that nation-state actors are targeting cloud services to steal intellectual property, disrupt communications, and damage American business endeavors. The report did not specify China as the nation-state attacker, but many of the recent high-profile cyber-espionage cases in the U.S. have involved Chinese nationals.

The Chinese government, of course, denied the entire report and insisted China remains a “resolute defender of cybersecurity,” not to mention a “victim” of espionage itself. Chinese officials have implied the Trump administration is attempting to whip up cybersecurity paranoia to augment its anti-globalist economic message and reinforce its trade war with China.

“We hope parties make less gratuitous accusations and suspicions but conduct more constructive talk and collaboration so that we can work together in building a peaceful, safe, open, cooperative and orderly cyberspace,” the Chinese Foreign Ministry said on Thursday.

.