The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

Often, as a computer scientist, I forget that what a very small minority know that becomes almost intuitive, is far from obvious to others approaching magic, a deluded conspiracy, or amateur science fiction.

Any sufficiently advanced technology is indistinguishable from magic. – Arthur C. Clarke
This article from Bloomberg News is a case in point. When I tell many election officials that voting machines not connected to WiFi remain unsafe, I am greeted with dismissive looks of unbelief. The conversation ends quickly as they walk away, eager to put space between themselves and this crazy person. The truth is we do not know what is running inside Connecticut’s AccuVote-OS scanners. Is there some rogue code or portion of a chip there from the beginning? During maintenance did an LHS employee replace one chip with a rogue chip indistinguishable from the original?  Was a chip replaced by a lowly or high-level town employee, undetected – perhaps not even a technical novice, but one who has been threatened into the deed?
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies – The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources. <read>

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers…

This attack was something graver than the software-based incidents the world has grown accustomed to seeing. Hardware hacks are more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get…

One official says investigators found that it eventually affected almost 30 companies, including a major bank, government contractors, and the world’s most valuable company, Apple Inc.

We do not know if any of these motherboards are used for any election equipment – voting equipment, election web sites,voter registration systems, or election reporting systems.  Yet, the point is this or a similar stealth attack could be lie in wait today or be installed soon in existing or new equipment.


Leave a Reply

You must be logged in to post a comment.