New Evidence Of Chinese Spy Hardware Found By Ex-Mossad Investigators;
Super Micro Shares Plunge
Tue, 10/09/2018 - 12:15
A major US telecommunications company found "manipulated" hardware from
Super Micro Computer Inc. in its network in August - bolstering claims
in a Bloomberg report last week alleging that China installed bugging
devices on hardware bought by Apple, Amazon and a host of other companies.
According to a new report by Bloomberg, the unnamed telecom company
hired former Israeli Intelligence Corps security expert Yossi Appleboum,
now of Maryland-based Sepio Systems, who provided "documents, analysis
and other evidence of the discovery" following last week's report
detailing how China's intelligence agencies had ordered subcontractors
to install malicious chips in Super Micro motherboards between 2013 and
Sepio Systems' board includes former Mossad director, Tamir Pardo, and
its advisory board includes former CIA chief information security
officer Robert Bigman.
Israeli Army Intelligence Corps and is now co-chief executive
officer of Sepio Systems in Gaithersburg, Maryland. His firm
specializes in hardware security and was hired to scan several large
data centers belonging to the telecommunications company.
Bloomberg is not identifying the company due to Appleboum's
nondisclosure agreement with the client. Unusual communications from a Supermicro server and a subsequent physical inspection revealed an
implant built into the server's Ethernet connector, a component that's
used to attach network cables to the computer, Appleboum said. -Bloomberg
Appleboum says that Super micro "is a victim -- so is everyone else,"
and that he has seen "similar manipulations of different vendors'
computer hardware made by contractors in China," according to Bloomberg.
He adds that his concern is that there are numerous points in the supply
chain in China where hardware can be manipulated - which are virtually impossible to track down. "That's the problem with the Chinese supply
chain," said Appleboum.
Based on his inspection of the device, Appleboum determined that
the telecom company's server was modified at the factory where it was manufactured. He said that he was told by Western intelligence contacts
that the device was made at a Supermicro subcontractor factory in
Guangzhou ... The tampered hardware was found in a facility that had
large numbers of Supermicro servers, and the telecommunication company's technicians couldn't answer what kind of data was pulsing through the
infected one, said Appleboum, who accompanied them for a visual
inspection of the machine.
The manipulation of the Ethernet connector appeared to be similar
to a method also used by the U.S. National Security Agency, details of
which were leaked in 2013. In e-mails, Appleboum and his team refer to
the implant as their “old friend,” because he said they had previously
seen several variations in investigations of hardware made by other
companies manufacturing in China. -Bloomberg
In response to the new evidence, Supermicro said in a statement: "The
security of our customers and the integrity of our products
are core to our business and our company values. We take care to secure
the integrity of our products throughout the manufacturing process, and
supply chain security is an important topic of discussion for our
industry. We still have no knowledge of any unauthorized components and
have not been informed by any customer that such components have been
found. We are dismayed that Bloomberg would give us only limited
information, no documentation, and half a day to respond to these new allegations."
Shares of Super Micro dropped as much as 27% in Tuesday trading, and are
down approximately 45% since October 3, before the initial Bloomberg
story hit the next day.
Super Micro strongly refuted the initial Bloomberg report, while both US
and UK intelligence officials put out statements over the last several
days in support of Amazon, Apple and Super Micro - who say it never
As Bloomberg notes - the new manipulation is different from the one
described last week, however it shares key characteristics: "They're
both designed to give attackers invisible access to data on a computer
network in which the server is installed; and the alterations were found
to have been made at the factory as the motherboard was being produced
by a Supermicro subcontractor in China."
Appleboum said that he's consulted with intelligence agencies
outside the U.S. that have told him they've been tracking the
manipulation of Supermicro hardware, and the hardware of other
companies, for some time. In response to the Bloomberg Businessweek
story, the Norwegian National Security Authority said last week that it
had been "aware of an issue" connected to Supermicro products since
June. It couldn't confirm the details of Bloomberg's reporting, a
statement from the authority said, but it has recently been in dialogue
with partners over the issue. -Bloomberg
Manipulated hardware is extremely difficult to detect, which as led intelligence agencies around the world to invest billions of dollars in
such sabotage. The United States is known to have implemented extensive programs to "seed technology headed to foreign countries with spy
implants," according to revelations by former CIA employee Edward
Snowden - however China now appears to be sneaking their own versions
onto hardware made within their borders.
Three security experts who have analyzed foreign hardware implants
for the U.S. Department of Defense confirmed that the way Sepio's
software detected the implant is sound. One of the few ways to identify suspicious hardware is by looking at the lowest levels of network
traffic. Those include not only normal network transmissions, but also
analog signals -- such as power consumption -- that can indicate the
presence of a covert piece of hardware. -Bloomberg
The goal of the spy implants is to establish a "covert staging area"
within sensitive networks, which is what Appleboum says was happening in
the new case. Once the implant was identified and the server removed,
Sepio's tream was unable to perform further analysis on the chip.
One problem, according to national security experts, is that in a cybersecurity industry approaching $100 billion in revenue, very little
effort has been made to inspect and detect hardware tampering. This has allowed intelligence agencies around the world to manipulate hardware virtually unfettered.