Nowadays, people are used to expect software hacks – there are thousands of forms of different malware and many hacker groups that ceaselessly try to find new ways to compromise the computers of both regular users and also those of big companies and maybe even governments. However, according to a recent article by Bloomberg, a number of servers in the USA have been found to contain tiny espionage chips (the size of a rice grain) put there in order to keep tabs on any activity that goes on inside the targeted machine. For all intents and purposes, this is a hardware hack and according to the article by Bloomberg, the most likely culprit behind it is a Chinese organization which seems to have managed to successfully pull off a supply-chain attack resulting in the insertion of the said espionage chips inside the motherboards of a big number of computers manufactured in China. The original motherboards’ design is made by Super Micro, a company based in the US, and the found chips have not been part of the original design of the motherboards.
The espionage chips
As the linked article reports, the small size of the chips does not allow for a lot of code to be stored inside them which is why their main functions are only two:
To command the targeted device to connect and communicate with a remote anonymous server where more complex code was stored and to accept the said code. After the task of the implants is completed, the actual covert operation inside the affected devices could commence.
According to the report, the group (or groups) responsible for the hardware hack are affiliated with the Chinese government and have conducted the attack in order to gain covert access to the information stored on the targeted devices. Supposedly, about 30 companies in the US have been using computers compromised by the malicious chips throughout the past 3 years, during which period of time, the U.S. government has been conducting a secret investigation in attempts to expose the covert hacking scheme.
Responses from the supposedly affected companies
Aside from computers used by the U.S. military and by US intelligence agencies, other companies such as Apple and Amazon are also said to have been affected by the attack. However, both Amazon and Apple have stated that the report made by Bloomberg are inaccurate and that they have no information about any malicious chips discovered within their products. Apple assures its customers that their private data is safe and well protected and although there’s no reason to believe that their products’ systems have been compromised by the supposed hack, precautions will be taken so as to ensure that the personal information of the users will stay secured. Amazon also states that they have no information suggesting a supply-chain attack and that they are not involved in any investigation with the FBI aimed at revealing the said covert espionage scheme.
Supermicro, the company behind the supposedly affected motherboards and the Chinese Ministry of Foreign Affairs also refute the claims made by Bloomberg’s article, denying that any malicious implants have been found.