What’s being called “The Big Hack” by Bloomberg could have compromised servers of Apple and Amazon amongst a total of 30 large US companies, as well as some American federal agencies. The publication reports that a tiny chip, the size of a rice grain, was found implanted on server motherboards sold by San Jose-based Super Micro Computer Inc, one of the largest suppliers of chip clusters, motherboards and capacitors in the world. The microchip was reportedly embedded into Super Micro’s server motherboards during the manufacturing process which happens out of China. The hack was reportedly discovered by Amazon back in 2015 during security testing conducted to determine if the company should start using servers sold by US-based company Elemental, which in turn had been manufactured by Super Micro Computer’s plants in China.
Not only did these compromised servers reach Amazon, but also Apple, US Department of Defense data centres, US warships, as well as servers used by CIA’s drone operations, leading to the theory that the Chinese hack affects all these organisations and many other large companies in the country.
“Think of Supermicro as the Microsoft of the hardware world,” says a former U.S. intelligence official who’s studied Supermicro and its business model told Bloomberg. “Attacking Supermicro motherboards is like attacking Windows. It’s like attacking the whole world.”
Apple, Amazon and Super Micro have categorically denied any knowledge of such an attack. The report pointed out that a super secret probe was initiated three years ago by US authorities which were alerted by Amazon on the discovery of the alien spy chip. However, Amazon in a statement to the publication noted - “It’s untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental. It’s also untrue that AWS knew about servers containing malicious chips or modifications in data centers based in China, or that AWS worked with the FBI to investigate or provide data about malicious hardware.”
Apple responded by saying - “On this we can be very clear: Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.” The complete statements sent by the companies to Bloomberg can be found here.
While conclusions cannot be formed about the existence of the spy chip and the fact that it was created by China, Bloomberg notes that the country is well placed to carry out such hardware-level attacks as 90 percent of the world’s PCs are manufactured in China. However, even China’s Ministry of Foreign Affairs called these claims “gratuitous accusations” and said “supply chain safety in cyberspace is an issue of common concern, and China is also a victim.”