Chinese hackers have managed to implant spying microchips in servers used by data centers of U.S. companies, including tech giants Apple and Amazon, Bloomberg Business reported on Thursday.
Citing government and corporate sources, the publication said that the Chinese spy chips have been the subject of a top secret U.S. government investigation since 2015, and the investigation is still ongoing three years after it was opened.
Multiple people familiar to the matter reportedly claimed that investigators discovered that the chips were inserted at factories run by manufacturing subcontractors in China.
The chips may have been introduced by the Chinese server company SuperMicro, which assembled machines used in the data centers of tech giants. The chips reportedly gather intellectual property and trade secrets from American companies.
“Investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines,” Bloomberg said.
SuperMicro motherboards are used around the world by different industries. The motherboards are used in weapons systems, MRI machines, and data centers used by tech companies.
According to The Verge, the company manufactures servers for hundreds of customers, which include the video compression startup Elemental Technologies that Amazon acquired in 2015.
The report claimed that it was Elemental, via SuperMicro, that was a prime target since Elemental’s servers could be found in the CIA’s drone operations, Department of Defense data centers, and onboard networks of Navy warships.
Nearly 30 U.S. companies, which include government contractors and one major bank, were reportedly affected by the attack.
Apple, Amazon, and SuperMicro denied the claims. In a statement, Apple said that it did not find the chips, “hardware manipulations,” or vulnerabilities that were intentionally planted in any of its servers as asserted by Bloomberg. The iPhone maker also said that it is not aware of any investigation by the FBI about such an incident.
“We did not uncover any unusual vulnerabilities in the servers we purchased from Super Micro when we updated the firmware and software according to our standard procedures,” Apple said in an email published by Bloomberg.
Amazon also denied allegations that it knew about servers that contain malicious chips. The company also rebuffed claims that it worked with the FBI to investigate or provide data about the malicious hardware.
“We’ve found no evidence to support claims of malicious chips or hardware modifications,” Amazon said.
SuperMicro also disputed the report that it introduced the chips during manufacturing.
Source: Read Full Article