October 04, 2018
Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.This attack was something graver than the software-based incidents the world has grown accustomed to seeing. Hardware hacks are more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get.
Officials familiar with the investigation say the primary role of implants such as these is to open doors that other attackers can go through. "Hardware attacks are about access,†as one former senior official puts it. In simplified terms, the implants on Supermicro hardware manipulated the core operating instructions that tell the server what to do as data move across a motherboard, two people familiar with the chips’ operation say. This happened at a crucial moment, as small bits of the operating system were being stored in the board’s temporary memory en route to the server’s central processor, the CPU. The implant was placed on the board in a way that allowed it to effectively edit this information queue, injecting its own code or altering the order of the instructions the CPU was meant to follow. Deviously small changes could create disastrous effects.Since the implants were small, the amount of code they contained was small as well. But they were capable of doing two very important things: telling the device to communicate with one of several anonymous computers elsewhere on the internet that were loaded with more complex code; and preparing the device’s operating system to accept this new code. The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off.This system could let the attackers alter how the device functioned, line by line, however they wanted, leaving no one the wiser.
For me, Bloomberg’s article could go either way. The logic of backdooring the BMC makes a lot of sense. Whether it happened in this case — given all the categorical denials — I have no idea.
Posted by: The Brickmuppet at
07:37 PM
| Comments (11)
| Add Comment
Post contains 1238 words, total size 10 kb.
1. If the network is secure, this doesn't matter. If the server can't make unauthorised connections to the internet, that's it.
2. There's a limited amount of functionality you can put on a chip that size. A keylogger, sure. Which is great if you want to hack laptops, but servers don't have keyboards. Snooping on a 100GbE connection? No chance.
3. The companies named - including the victims - have very explicitly denied it.
4. The sources are anonymous.
5. The chief selling point for the story is Bloomberg's credibility.
Posted by: Pixy Misa at Thu Oct 4 20:17:55 2018 (PiXy!)
Each time, we have conducted rigorous internal investigations based on their inquiries and each time we have found absolutely no evidence to support any of them. We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg’s story relating to Apple.To translate: Bloomberg is full of shit.
Posted by: Pixy Misa at Thu Oct 4 20:21:57 2018 (PiXy!)
Thanks for the quick response Pixy.
Well...I can't let all those keystrokes go to waste, so I'll resort to special pleading.
Everyone denying it has considerable incentive to do so. If this were true this could be their end.
Special Pleading Ends:
The sheer capacity issues of the chip were something I hadn't the expertise to consider, though the logistics of sifting through the Yotabits of data are daunting on their own.
I am concerned, perhaps unwarrantedly so, about back doors and such in our millitary IT, C4i, and fire control hardware.
On the Gripping hand...
Gell Mann Amnesia Effect.
Posted by: The Brickmuppet at Thu Oct 4 21:26:59 2018 (3bBAK)
Posted by: Pixy Misa at Thu Oct 4 22:34:10 2018 (PiXy!)
Posted by: Pixy Misa at Thu Oct 4 22:35:13 2018 (PiXy!)
Amazon
As we shared with Bloomberg BusinessWeek multiple times over the last couple months, this is untrue. At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems. Nor have we engaged in an investigation with the government.
Apple
On this we can be very clear: Apple has never found malicious chips, "hardware manipulations†or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.
Posted by: Pixy Misa at Fri Oct 5 03:35:48 2018 (PiXy!)
Posted by: Pixy Misa at Fri Oct 5 08:21:08 2018 (PiXy!)
Posted by: The Brickmuppet at Fri Oct 5 09:41:27 2018 (3bBAK)
Posted by: Pixy Misa at Fri Oct 5 21:23:53 2018 (PiXy!)
As for the chip being small, puleeeeeeeeeeeze. The important part is what trace on the mobo it taps, and the power consumption in doing so. I think it probably goes into an I2C EEPROM that boots one of stupid Intel controllers.
So, my bet is it's almost certainly true.
Posted by: Pete Zaitcev at Sat Oct 6 18:33:40 2018 (LZ7Bg)
Devil's Advocate here, but comparing Bloomberg's coverage of the nano-spychip vis-a-vis the National Enquirer's coverage of John Edwards' affair not of state is not quite an apples to apples comparison.
The love affairs of a politician with someone who is not his or her significant other is something that most newspapers and periodicals would be suited to cover. That is the kind of story the gossip pages are for - except that the subject in question would make it to the front page.
Bloomberg's coverage of cyber-warfare, on the other hand, causes one to wonder if they know what they are talking about. Have they demonstrated they are well-equipped to report a cyber-warfare story?
Or are they pulling a Stephen Glass on us?
Posted by: cxt217 at Sun Oct 7 21:46:22 2018 (2ZW6Y)
71 queries taking 0.4337 seconds, 374 records returned.
Powered by Minx 1.1.6c-pink.