Bloomberg News
A major American telecommunications company discovered manipulated hardware from Super Micro Computer (Supermicro) in its network and removed it in August – fresh evidence of China tampering in critical technology components bound for the US, a security expert working for the company has said.
The expert, Yossi Appleboum, provided documents, analysis and other evidence of the discovery that detailed how China’s intelligence services had ordered subcontractors to plant malicious chips in Supermicro server motherboards over a two-year period ending in 2015.
Appleboum previously worked in the technology unit of the Israeli Army Intelligence Corps and is now co-chief executive officer of Sepio Systems in Gaithersburg, Maryland.
His firm specialises in hardware security and was hired to scan several large data centres belonging to the telecommunications company.
The company is not being identified because of Appleboum’s nondisclosure agreement with the client.
Unusual communications from a Supermicro server and a subsequent physical inspection revealed an implant built into the server’s Ethernet connector, a component that’s used to attach network cables to the computer, Appleboum said.
Unusual communications from a Supermicro server and a subsequent physical inspection revealed an implant built into the server’s Ethernet connector, a component that’s used to attach network cables to the computer, Appleboum said.
He said he has seen similar manipulations of different vendors’ computer hardware made by contractors in China, not just products from Supermicro.
Appleboum said his concern was that there are countless points in the supply chain in China where manipulations could be introduced, and deducing them can in many cases be impossible.
Appleboum said his concern was that there are countless points in the supply chain in China where manipulations could be introduced, and deducing them can in many cases be impossible.
“That’s the problem with the Chinese supply chain,” he said.
Headquartered in San Jose, California, Supermicro was founded in 1993 by Taiwanese-American Charles Liang.
Headquartered in San Jose, California, Supermicro was founded in 1993 by Taiwanese-American Charles Liang.
Bloomberg News first contacted Supermicro for comment on this story on Monday morning Eastern time and gave the company 24 hours to respond.
Supermicro said after a Bloomberg BusinessWeek report last week that it “strongly refutes” reports that servers it sold to customers contained malicious microchips.
Supermicro said after a Bloomberg BusinessWeek report last week that it “strongly refutes” reports that servers it sold to customers contained malicious microchips.
China’s embassy in Washington did not return a request for comment on Monday.
Chinese mole or Trojan horse: Charles Liang opened gates to Chinese intelligence services.
Chinese mole or Trojan horse: Charles Liang opened gates to Chinese intelligence services.
In response to the earlier Bloomberg BusinessWeek investigation, China’s Ministry of Foreign Affairs didn’t directly address questions about the manipulation of Supermicro servers but said supply chain security was “an issue of common concern”.
The more recent manipulation is different from the one described in the report last week, but it shares key characteristics: They’re both designed to give attackers invisible access to data on a computer network in which the server is installed, and the alterations were found to have been made at the factory as the motherboard was being produced by a Supermicro subcontractor in China.
Based on his inspection of the device, Appleboum determined that the telecoms company’s server was modified at the factory where it was manufactured.
The more recent manipulation is different from the one described in the report last week, but it shares key characteristics: They’re both designed to give attackers invisible access to data on a computer network in which the server is installed, and the alterations were found to have been made at the factory as the motherboard was being produced by a Supermicro subcontractor in China.
Based on his inspection of the device, Appleboum determined that the telecoms company’s server was modified at the factory where it was manufactured.
He said that he was told by Western intelligence contacts that the device was made at a Supermicro subcontractor factory in Guangzhou, a port city in southeastern China.
Guangzhou is 90 miles upstream from Shenzhen, called the “Silicon Valley of Hardware”, and home to giants such as Tencent Holdings and Huawei Technologies.
The tampered hardware was found in a facility that had large numbers of Supermicro servers, and the telecommunications company’s technicians couldn’t answer what kind of data was pulsing through the infected one, said Appleboum, who accompanied them for a visual inspection of the machine.
It’s not clear if the telecommunications company contacted the FBI about the discovery.
Guangzhou is 90 miles upstream from Shenzhen, called the “Silicon Valley of Hardware”, and home to giants such as Tencent Holdings and Huawei Technologies.
The tampered hardware was found in a facility that had large numbers of Supermicro servers, and the telecommunications company’s technicians couldn’t answer what kind of data was pulsing through the infected one, said Appleboum, who accompanied them for a visual inspection of the machine.
It’s not clear if the telecommunications company contacted the FBI about the discovery.
An FBI spokeswoman declined to comment on whether it was aware of the finding.
Representatives for AT&T and Verizon had no immediate comment on whether the malicious component was found in one of their servers.
Representatives for AT&T and Verizon had no immediate comment on whether the malicious component was found in one of their servers.
T-Mobile US and Sprint didn’t immediately respond to requests for comment.
Sepio Systems’ board includes Chairman Tamir Pardo, former director of the Israeli Mossad, the national defence agency of Israel, and its advisory board includes Robert Bigman, former chief information security officer of the US Central Intelligence Agency.
US communications networks are an important target of Chinese intelligence agencies because data from millions of mobile phones, computers, and other devices pass through their systems.
Sepio Systems’ board includes Chairman Tamir Pardo, former director of the Israeli Mossad, the national defence agency of Israel, and its advisory board includes Robert Bigman, former chief information security officer of the US Central Intelligence Agency.
US communications networks are an important target of Chinese intelligence agencies because data from millions of mobile phones, computers, and other devices pass through their systems.
Hardware implants are key tools used to create covert openings into those networks, perform reconnaissance and hunt for corporate intellectual property or government secrets.
In emails, Appleboum and his team refer to the implant as their “old friend” because he said they had previously seen several variations in investigations of hardware made by other companies manufacturing in China.
In Bloomberg Businessweek’s report, one official said investigators found that the Chinese infiltration through Supermicro reached almost 30 companies, including Amazon and Apple.
People familiar with the federal investigation into the 2014-2015 attacks say that it is being led by the FBI’s cyber and counter-intelligence teams, and that the Homeland Security Department may not have been involved.
Counter-intelligence investigations are among the FBI’s most closely held, and few officials and agencies outside those units are briefed on the existence of those investigations.
Appleboum said that he had consulted intelligence agencies outside the US and that they told him they had been tracking the manipulation of Supermicro hardware, and the hardware of other companies, for some time.
In emails, Appleboum and his team refer to the implant as their “old friend” because he said they had previously seen several variations in investigations of hardware made by other companies manufacturing in China.
In Bloomberg Businessweek’s report, one official said investigators found that the Chinese infiltration through Supermicro reached almost 30 companies, including Amazon and Apple.
People familiar with the federal investigation into the 2014-2015 attacks say that it is being led by the FBI’s cyber and counter-intelligence teams, and that the Homeland Security Department may not have been involved.
Counter-intelligence investigations are among the FBI’s most closely held, and few officials and agencies outside those units are briefed on the existence of those investigations.
Appleboum said that he had consulted intelligence agencies outside the US and that they told him they had been tracking the manipulation of Supermicro hardware, and the hardware of other companies, for some time.
Aucun commentaire:
Enregistrer un commentaire