Back in 2015, a tiny microchip was found in the Elemental Technologies servers’ motherboards. This microchip was found when Amazon Web Services (AWS) was evaluating the security of Elemental since it was interested in acquiring the company. Amazon immediately reported it to U.S. authorities. At the time, Elemental servers were being used in CIA drone operations, Department of Defence data centers, and onboard Navy warships. The company who assembled and supplied the servers to Elemental was Supermicro, which is a huge supplier of servers and systems worldwide.
Since then, an investigation has been going on into the origin of the microchips and what they are capable of. So far, it has been discovered that the microchips were inserted at server manufacturing factories by Chinese spies. These spies were part of a unit of the People’s Liberation Army. The microchips allowed them to create a secret doorway into any network it was installed into. Evidence shows that these chips affected about 30 U.S. companies including Apple. However, both Apple and Amazon are denying the claims that the malicious chips were installed on their servers.
“Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server. ” – Apple, Bloomberg
What makes this spying and hacking attempt more dangerous is that it was a hardware hack. Even though this type of hack is more difficult to pull off, the results would be worse than with a software hack. Also, it would allow long-term undetectable stealth spying to occur on the affected servers. This hardware hack was first reported by Bloomberg and is being dubbed, “The Big Hack”.
What Is A Hardware Hack?
Since a hardware hack is behind “The Big Hack”, we figured we would briefly explain what a hardware hack is. Hardware hacking is when part of an existing electronic is modified in a way other than its original intended use. There are four main hardware hacking methods; Patching Into I/O (input/output), Replacing a Component, Using a Logic Analyzer, and Voodoo (JTAG Hex Dump). The easiest of the methods is patching, which involves someone connected their device directly to the technology being targeted.
In the case of the Chinese spies using microchips, this would be considered a “Replacing a Component” hardware hacking. According to U.S. Officials, the Chinese spies would have had to create the microchips and insert them into servers at Chinese manufacturing factories. Then, once the servers were installed and turned on, they could alter the operating system’s core and make modifications.
It’s truly mind-blowing how much time and effort would have had to go into pulling off “The Big Hack”. This goes to show that any company, large or small, is at risk of being spied on and manipulated.
Make sure to check out our other security news stories and articles!