Thursday, October 4th 2018
Chinese Government Allegedly Used Supermicro Motherboards to Spy on US Enterprises
In a development that underlines the national security necessity of moving electronics manufacturing out of China, server motherboards made by Supermicro in China, have been found to carry a "spy chip." This startling development is the result of a secret 2015 US Government investigation unearthed by Bloomberg. The Chinese government has allegedly been using hardware-based spyware in Supermicro motherboards that are manufactured in China; to spy on major American enterprises, including (but not limited to) Amazon Web Services and Apple, among others, who use Supermicro motherboards in their data-centers. The level of surveillance includes attempts to steal trade-secrets and intellectual property.
Fearing loss in business, affected cloud-computing providers, including AWS and Apple, have each posted strong denials that their hardware infrastructure is vulnerable to foreign government surveillance. Apple stated: "We are deeply disappointed that in their dealings with us, Bloomberg's reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple."Amazon Web Services (AWS) stated: "As we shared with Bloomberg BusinessWeek multiple times over the last couple months, at no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems." The entity in the middle of the storm, the Chinese Government, posted a more restrained and cryptic denial. "China is a resolute defender of cybersecurity," said a Chinese Foreign Ministry spokesperson.
Sources:
CNBC, Bloomberg
Fearing loss in business, affected cloud-computing providers, including AWS and Apple, have each posted strong denials that their hardware infrastructure is vulnerable to foreign government surveillance. Apple stated: "We are deeply disappointed that in their dealings with us, Bloomberg's reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple."Amazon Web Services (AWS) stated: "As we shared with Bloomberg BusinessWeek multiple times over the last couple months, at no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems." The entity in the middle of the storm, the Chinese Government, posted a more restrained and cryptic denial. "China is a resolute defender of cybersecurity," said a Chinese Foreign Ministry spokesperson.
73 Comments on Chinese Government Allegedly Used Supermicro Motherboards to Spy on US Enterprises
Just wrote SM asking about their consumer boards. I doubt it's tampered with, but gave them some friendly advice anyhow. Tried not to be a jerk (just so they'll listen and not close my email immediately).
Either China has made 20 years of tech advances past us and has not told anyone, or something is being lost in translation. Or it's outright fake.
I want to see a guide on how to find these chips... I'm growing more skeptical by the minute.
The scarriest answer to me here is that this is 100% true, because if so, holy shit did we miss something. This is like the Oslo Report all over again...
www.supermicro.com/newsroom/pressreleases/2018/press181004_Bloomberg.cfm
That's assuming I understand it 100%. Still a ton of questions.
Looks like some reports are pointing the finger at Sub-contractors.
Lawsuits are coming
Super Micro (SMCI) Investigated by Block & Leviton LLP For Violations of Federal Securities Laws
Recover Losses: Ademi & O'Reilly, LLP Investigates Possible Securities Fraud of Super Micro Computer, Inc.
INVESTOR ALERT: Law Offices of Howard G. Smith Announces Investigation on Behalf of Super Micro Computer, Inc. Investors (SMCI)
Just a handful in the last two hours
On topic, wouldn't surprise me if true as the Chinese government has a lot more control over their top tech companies than western countries do, though as a non-governmental employee and an average joe, do I care more about China having my data than the US, UK and every other western super power monitoring it's subjects straight out of Orwell's 1984? no, not really. As it has already been mentioned, our own governments are up to far more sinister things than this on their own people, god know's what kind of tactics they employ to a foreign adversary government if that's how we as "citizens" are monitored.
If what they actually said is true it scares me to my core, because that should not be physically possible with present processes (let alone thermal issues). It would be like getting the Oslo report prior to WW2: Hard to believe. Doesn't make it false though.
It's true about our government... although what if I said even our own agencies work against each other and try to block or infiltrate each other's systems?
I trust Army/military intelligence however. That's about it.
So, yep. FBI is criminal enough, but CIA is insane.
That's a full-on Cortex-M0+ with additional components at 0.3mm...
Obviously this is cutting edge research stuff, but that's much smaller than the part claimed to be used here.
Its always nice to see 'who benefits the most' in these kinds of things.
And the US benefits the most from this. Its no coincidence this information gets out at the moment it does, there is a flood of anti-China sentiment in all media the past few months. Boy I wonder why.
It would be wise to question everything at this point - from every angle - and take it with a bucketload of salt.