A Bloomberg report found that Chinese spies secretly added microchips on motherboards that went to Apple, Amazon, and the CIA.
Microchips secretly inserted by Chinese spies were found on servers at Apple, Amazon, the US Department of Defense, the CIA, the Navy, and more, according to an in-depth report from Bloomberg on Thursday.
A third-party security testing firm hired by Amazon found the chips on servers from a company called Elemental Technologies, which Amazon acquired to bolster its streaming video business, according to the report. However, the motherboards in those servers were made by Supermicro, the report said, which is one of the world's largest suppliers of motherboards.
Amazon reported the findings to US authorities, the report stated, but the investigation is still open some three years later. The nature of the attack allowed the spies to create secret backdoors in these products, providing nearly unlimited access to some of the data generated by the products these motherboards were powering.
SEE: Information security incident reporting policy (Tech Pro Research)
Hardware attacks are difficult to pull off successfully. As noted in the report, attackers typically either modify the hardware in transit, or make the nefarious changes during the manufacturing process. The Chinese chip attack, perpetrated by members of the People's Liberation Army, was done using the latter method.
According to officials cited in the report, some 30 companies were affected. Apple, Amazon, and Supermicro deny any knowledge of such an attack. However, the report is supported by six anonymous current and former senior national security officials.
The bigger issue is that attacks like this are difficult to detect and prevent against, the report said. And, there could be lasting effects on the tech industry, starting with these three fallouts:
1. Trade war intensification
The Trump administration has already leveraged trade sanctions against China, focusing on hardware and motherboards, the report said. Armed with this information, the administration could crack down further, possibly requiring that no motherboards made in China be used in US infrastructure tools or products.
2. Hardware price increase
The scale of hardware manufacturing in Southeast Asia is unmatched. If the US and other countries begin blacklisting chips from China, prices will likely surge, as other countries don't have the scale or processes in place to match the manufacturing efficiency.
3. Hardware job market growth outside of China
If countries like the US and others refuse to allow the use of Chinese chips, the demand for engineering and manufacturing employees will surge in other countries worldwide—especially as those countries begin ramping up scale to match what is produced in China.
The big takeaways for tech leaders:
- Microchips were secretly inserted by Chinese spies in Supermicro motherboards found in the US government and some of the biggest tech companies.
- The details of the Chinese spy chips could worsen the US/China trade war, cause a surge in hardware prices, and open up new job markets in other countries.
- Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)
- Chinese police arrest hacker who sold data of millions of hotel guests on the dark web (ZDNet)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- China aims to narrow cyberwarfare gap with US (ZDNet)
- Understanding what motivates Chinese hackers (TechRepublic)