di James Vincent
Chinese spies have infiltrated the supply chain for servers used by nearly 30 US companies, including government contractors, Apple, and Amazon, according to an explosive report from Bloomberg Businessweek.
The operation is perhaps the most audacious example of hardware hacking by a nation state ever publicly reported, with a branch of China’s armed forces reportedly forcing Chinese manufacturers to insert microchips into US-designed servers. The chips were “not much bigger than a grain of rice,” reports Bloomberg, but able to subvert the hardware they’re installed on, siphoning off data and letting in new code like a Trojan Horse.
According to Bloomberg, Amazon and Apple discovered the hack through internal investigations and reported it to US authorities. The publication says there’s no direct evidence that the companies’ data — or that of users — was stolen or tampered with, but both firms worked quietly to remove the compromised servers from their infrastructure.
The operation is perhaps the most audacious example of hardware hacking by a nation state ever publicly reported, with a branch of China’s armed forces reportedly forcing Chinese manufacturers to insert microchips into US-designed servers. The chips were “not much bigger than a grain of rice,” reports Bloomberg, but able to subvert the hardware they’re installed on, siphoning off data and letting in new code like a Trojan Horse.
According to Bloomberg, Amazon and Apple discovered the hack through internal investigations and reported it to US authorities. The publication says there’s no direct evidence that the companies’ data — or that of users — was stolen or tampered with, but both firms worked quietly to remove the compromised servers from their infrastructure.
Both Amazon and Apple strongly refute the story. Amazon says it is “untrue” that it knew of “servers containing malicious chips or modifications in data centers based in China,” or that it “worked with the FBI to investigate or provide data about malicious hardware.” Apple is equally definitive, telling Bloomberg: “On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server.”
The attack was reportedly carried out via the US-based company Super Micro Computer Inc, commonly known as Supermicro. The firm is one of the world’s biggest suppliers of server motherboards, and contracts out manufacturing to factories in China and elsewhere.
Continua la lettura su The Verge
