How China Used a Tiny Chip to Infiltrate U.S. Companies
The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.
Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.
During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.
Chinese hackers planted a malicious chip into computer equipment used by a slew of US companies, including Apple and Amazon, according to a report from Bloomberg Businessweek
…but the China-America supply chain has apparently been compromised and weaponized, according to a new blockbuster report by Bloomberg Businessweek . According to the report, a group within China’s People’s Liberation Army (PLA) has embedded a microchip into motherboards used by a company called Supermicro, which sells servers to many major American companies, including Apple and Amazon. According to the report, the microchip is capable of compromising the server, allowing China to spy on the internal networks of some of the world’s most powerful companies.
If Businessweek’s story checks out (Motherboard does not have independent reporting on the specifics of the allegations), it would be one of the most important and devastating security breaches in history, one that highlights a core weakness baked into American capitalism. It could have major ramifications not only in the security industry but in international relations. It’s worth noting that the companies involved have vehemently denied any knowledge of the attack, and both Apple and Amazon have flatly—and forcefully—denied that they have ever found any servers that have been attacked in the way described in the article.