An attack that used a tiny microchip installed onto Super Micro servers during the manufacturing process by sub-contractors in China reached almost 30 U.S. companies, including Amazon and Apple, compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.
Nested on the servers’ motherboards, testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. (The) servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And (this discovery involved) just one of hundreds of Super Micro customers.
There are two ways for spies to alter the guts of computer equipment. One, known as interdiction, consists of manipulating devices as they’re in transit from manufacturer to customer. This approach is favored by U.S. spy agencies, according to documents leaked by former National Security Agency contractor Edward Snowden. The other method involves seeding changes from the very beginning.
One country in particular has an advantage executing this kind of attack: China, which by some estimates makes 75 percent of the world’s mobile phones and 90 percent of its PCs.
“The security of the global technology supply chain had been compromised, even if consumers and most companies didn’t know it yet.”