The great China Hack - Epic infiltration

Status
Not open for further replies.

OVERKILL

$100 Site Donor 2021
Joined
Apr 28, 2008
Messages
57,912
Location
Ontario, Canada
https://www.bloomberg.com/news/feat...ip-to-infiltrate-america-s-top-companies

Quote
To help with due diligence, AWS, which was overseeing the prospective acquisition, hired a third-party company to scrutinize Elemental's security, according to one person familiar with the process. The first pass uncovered troubling issues, prompting AWS to take a closer look at Elemental's main product: the expensive servers that customers installed in their networks to handle the video compression. These servers were assembled for Elemental by Super Micro Computer Inc., a San Jose-based company (commonly known as Supermicro) that's also one of the world's biggest suppliers of server motherboards, the fiberglass-mounted clusters of chips and capacitors that act as the neurons of data centers large and small. In late spring of 2015, Elemental's staff boxed up several servers and sent them to Ontario, Canada, for the third-party security company to test, the person says.

Nested on the servers' motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn't part of the boards' original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental's servers could be found in Department of Defense data centers, the CIA's drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.

During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.

This attack was something graver than the software-based incidents the world has grown accustomed to seeing. Hardware hacks are more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get.


It's a long article but worth the read.
 
Another side effect of offshoring manufacturing to another country. One day we will look at the "true costs" of moving manufacturing to other jurisdictions whether it be quality issues or national security like this.
This is really sad and cause for concern.
frown.gif
 
Last edited:
Excellent read, I will note that the few years I operated a small datacenter I packed it with shelves of tower computers consisting mostly of consumer grade desktop hardware vs buying Supermicro servers and had very few hardware failures. A friend had a bunch of Supermicro servers and he had more trouble with them than I had with my desktop computers. And I saved a lot of money up front because I'd buy cheap MicroATX cases for $20 vs expensive Supermicro servers, refurbished hardware off eBay (mostly MSI motherboards, a few ASRock and Biostar motherbaords, all budget brands, again, no failures if I remember right). Only thing that sucked was when I closed my business and went to work at the auto parts store instead of doing that business my desktop hardware had no resale value and was hard to sell and I was literally installing Windows on them all and selling individual computers on Craigslist vs the Supermicro gear sold easily by the pallet for the big bucks on eBay LOL (he closed his business shortly after). Gosh I don't miss getting woken up at 2AM and driving two hours round trip in my 96 GMC Yukon I had at the time to the office building I had my little datacenter in to deal with something. I made more money though!
 
Last edited:
It's obvious to me that China is a bigger threat to US than Russia despite the current frenzy against Russia by many in America.

PS: I tried to avoid making this a 'political' statement but if it is judged to be...delete it.
 
Originally Posted by StevieC
Another side effect of offshoring manufacturing to another country. One day we will look at the "true costs" of moving manufacturing to other jurisdictions whether it be quality issues or national security like this.
This is really sad and cause for concern.
frown.gif



Reading through this article, this is WAYYYYY past sad and cause for concern, this is hardware-level infiltration; physical backdoor chips that call out to anonymous servers to gain access to more functions that could be anything. The number of well-beyond-sensitive locations that these motherboards have been used? The implications are staggering.
 
Originally Posted by pbm
It's obvious to me that China is a bigger threat to US than Russia despite the current frenzy against Russia by many in America.

PS: I tried to avoid making this a 'political' statement but if it is judged to be...delete it.


That's quite accurate. We sold our souls to the Chinese for cheap manufacturing and they in turn stole our IP and have been using this relationship to advance domestically and further the acquisition of sensitive information through cyber espionage technics like the one this article illustrates. But beyond simple surveillance, these plants allow for manipulation of data and could theoretically, depending on the use of the host server, be used to launch a nuclear strike.

Far, FAR more dangerous than Russian meddling, phishing or hacking. This allows a level of infiltration they couldn't come close to touching.
 
Originally Posted by oil_film_movies
....and those are just the ones found. Imagine how much is out there that hasn't been caught yet.


That's the biggest unsaid implication in the article. We have a rough idea of how many in Apple were affected. We have a rough idea with Amazon. But we know the scope of customers (30 according to the article) is much larger and includes numerous government agencies. These things could be on subs and aircraft carriers. They could be in NASA or the DOD.

We know there are already multiple generations of this chip as well, so we really don't have any idea as to the impact.
 
Originally Posted by Quest
You folks ought to read up on George Orwell's 1984.

It's good reads.

Q.


Yes, I'm well aware of the parallels between Orwell's writings and the present
smile.gif
 
This is the cost of US electronics manufacturing selling their souls to the devil almighty bottom line dollar. Anyone who has read about multinational corporations' behavior prior to WW II can see the parallels...
 
Originally Posted by HemiHawk
I'm sure the US would never think of doing something like this
whistle.gif



The US is not the world's largest producer of semiconductors or communications equipment, China is. That's why these motherboards were all produced in China. That's why your iPhone or Android phone is produced in China. So while the US can "think" about this, they lack the means of execution, whilst China had it dropped directly in their lap.
 
Not to start a war here but the US. Canada and the U.K. intelligence agencies just to name a few are just as guilty of this kind of thing maybe not on the hardware level but it's not like any of these countries I listed aren't engaged in similar things. Not saying it makes it right but before we go getting all righteous. It's just harder to find evidence because of the way it's being done doesn't leave physical traces as easily as finding a chip on a motherboard. But don't forget about the CIA router hacking that was brought to light.
wink.gif
(Not aimed at anyone, just a statement)

https://gizmodo.com/leaked-files-show-how-the-cia-can-hack-your-router-to-s-1796165706
 
Last edited:
Originally Posted by OVERKILL
Originally Posted by HemiHawk
I'm sure the US would never think of doing something like this
whistle.gif



The US is not the world's largest producer of semiconductors or communications equipment, China is. That's why these motherboards were all produced in China. That's why your iPhone or Android phone is produced in China. So while the US can "think" about this, they lack the means of execution, whilst China had it dropped directly in their lap.


I fully agree with some of the reasons quoted as to why the Chinese were more easily able to pull this off via the motherboards. But government espionage is an ever evolving area. In the US (North America) we have a tendency to demonize every country but our own... You can be sure the US/Canada is thinking up new ways to do the exact same thing to other countries.
Capitalism means corporations can outsource if its cheaper elsewhere. If we like that model, this is one of the consequences.

Also, I do want to say I appreciate the link to the article. It is staggering stuff.

I noticed in the thread about Amazon's minimum wage increasing there were some who baulked at it. "I mowed the lawn in -20F weather for $1 an hour and was happy about it!". If we moved the production of these Chinese manufactured goods to the US, what would they want to pay people? Most on this board would argue the work doesn't deserve a living wage in NA.
 
Originally Posted by StevieC
Not to start a war here but the US. Canada and the U.K. intelligence agencies just to name a few are just as guilty of this kind of thing maybe not on the hardware level but it's not like any of these countries I listed aren't engaged in similar things. Not saying it makes it right but before we go getting all righteous. It's just harder to find evidence because of the way it's being done doesn't leave physical traces as easily as finding a chip on a motherboard. But don't forget about the CIA router hacking that was brought to light.
wink.gif
(Not aimed at anyone, just a statement)

https://gizmodo.com/leaked-files-show-how-the-cia-can-hack-your-router-to-s-1796165706


But again, you aren't putting consumer routers inside aircraft carriers, so the ramifications aren't anywhere near the same level.

Cyber espionage has been and continues to be a thing. But generally it is done use exploits and software backdoors, not physical hardware. That's the massive difference here, as well as the specific equipment being affected.
 
Originally Posted by HemiHawk
Originally Posted by OVERKILL
Originally Posted by HemiHawk
I'm sure the US would never think of doing something like this
whistle.gif



The US is not the world's largest producer of semiconductors or communications equipment, China is. That's why these motherboards were all produced in China. That's why your iPhone or Android phone is produced in China. So while the US can "think" about this, they lack the means of execution, whilst China had it dropped directly in their lap.


I fully agree with some of the reasons quoted as to why the Chinese were more easily able to pull this off via the motherboards. But government espionage is an ever evolving area. In the US (North America) we have a tendency to demonize every country but our own... You can be sure the US/Canada is thinking up new ways to do the exact same thing to other countries.
Capitalism means corporations can outsource if its cheaper elsewhere. If we like that model, this is one of the consequences.

Also, I do want to say I appreciate the link to the article. It is staggering stuff.

I noticed in the thread about Amazon's minimum wage increasing there were some who baulked at it. "I mowed the lawn in -20F weather for $1 an hour and was happy about it!". If we moved the production of these Chinese manufactured goods to the US, what would they want to pay people? Most on this board would argue the work doesn't deserve a living wage in NA.


I'd argue if we can afford to pay auto workers a living wage, we can do the same for folks doing motherboards and electronics. Yes, there will be a cut into margins, but those margins are pretty healthy.

You are quite welcome for the link. This is "next level" stuff. We are all aware of what has been done with hacking, exploits phishing, backdoors....etc. This is a whole other level of infiltration because it is baked into the hardware itself and subsequently has a much broader scope of capabilities.
 
You could stick a glass eye up a Ducks behind and be able to see that coming. Don't forget Bill Clinton's transfer of U.S electronic tech to China for political donations. Our politicians and corporations do not have "our nations" best interests in mind.
 
  • Like
Reactions: pbm
Status
Not open for further replies.
Back
Top