new evidence of hacked super micro hardware said to be found in us telecom
Security expert Yossi Appleboum provided documents, and analysis and other evidence showed the finding after Bloomberg Businessweek released its investigation report, the report details how the Chinese intelligence service ordered subcontractors to implant malicious chips into the SuperServer motherboard in two ways
Annual period as at 2015.
Appleboum, who previously worked in the technical arm of the Israeli army intelligence unit, is now United
CEO of Sepio Systems, Gaithersburg, Maryland.
His company focuses on hardware security and is hired to scan several large data centers of telecom companies.
Due to the confidential agreement between Appleboum and the customer, Bloomberg did not determine the company.
Appleboum said that the unusual communication from the ultra-Micro Server and subsequent physical checks showed that an implant was built into the Ethernet connector of the server, which was used to connect the network cable to the computer.
The executive said he saw similar operations by Chinese contractors on computer hardware from different vendors, not just products from Supermicro.
\"Supermicro is the victim.
The same is true of everyone else, \"he said.
Appleboum said that he is concerned that there are countless points in the supply chain in China that can be introduced into operations, and in many cases it is impossible to infer these points.
\"This is the problem with China\'s supply chain,\" he said . \"
Supermicro, based in San Jose, Calif. , issued this statement: \"The safety of our customers and the integrity of our products are at the heart of our business and corporate values.
Throughout the manufacturing process, we pay attention to ensuring the integrity of our products, and supply chain security is an important topic in our industry discussion.
We are still unaware of any unauthorized components and have not been notified by any customer that we have found them.
We are frustrated that Bloomberg will only give us limited information, no documents, and half a day to respond to these new allegations.
\"Bloomberg News first contacted Supermicro on Monday at 9: 23 am eastern time to comment on the matter and gave the company a 24-hour response.
After previous reports, Supermicro said it \"strongly refutes\" reports that servers sold to customers contain malicious microchips.
The Chinese embassy in Washington did not respond to requests for comment on Monday.
In response to an earlier Bloomberg Business Week survey, the Chinese Foreign Ministry did not directly answer questions about super server manipulation, but said supply chain security was \"a common concern and China was a victim.
\"Following Bloomberg Businessweek\'s disclosure of hacked servers, Supermicro\'s share price plunged 41% last Thursday, the biggest drop since it became a public company in 2007. They fell 11.
After the latest news, $ 2% fell to $13 on Tuesday. 11.
The recent manipulation is different from the one described in Bloomberg Businessweek\'s report last week, but it has key features: they are all designed to allow an attacker to make invisible access to data on the computer network where the server is installed;
It was found that the changes were made at the factory, as the motherboard was produced by an ultra-micro subcontractor in China.
According to his inspection of the equipment, Appleboum determined that the telecom company\'s servers had been modified at the factory where the equipment was manufactured.
He said Western intelligence officials told him that the device was manufactured at an ultra-micro subcontractor factory in the port city of Guangzhou in southeast China.
Located 90 miles upstream of Shenzhen, Guangzhou is known as \"hardware Silicon Valley\", and giants such as Tencent and Huawei have also settled here.
Appleboum said that the tampered hardware was found in a facility with a large number of ultra-micro servers, and telecom company technicians could not answer what kind of data was passed through the infected server, the person who accompanied them in visual inspection of the machine
It is not clear whether the telecom company contacted the FBI about the discovery.
A fbi spokesman declined to comment on whether the findings were known.
The representative of AT&T and Verizon Communications did not immediately comment on whether malicious components were found in one of their servers. T-
Mobile users and Sprint
Requests for comment were not immediately responded.
Sepio systems\'s board members include the former director of Israel\'s Ministry of Defense, Tamir Pardo, the former director of Israel\'s Mosad, and its advisory committee members include Robert Bigman, former chief information security officer of the CIA.
S. Communications Network is an important goal for foreign intelligence agencies because data from millions of mobile phones, computers and other devices are transmitted through their systems.
Hardware implantation is a key tool for creating secret openings for these networks, conducting reconnaissance, and finding corporate intellectual property rights or government secrets.
The operation of the Ethernet connector appears to be similar to a method also used by the National Security Agency, whose details were leaked in 2013.
In the email, Appleboum and his team called the implant their \"old friend\" because he said they had previously seen it in a survey of hardware by other companies made in China
In a Bloomberg Business Week report, an official said investigators found that China had infiltrated nearly 30 companies, including Amazon, through ultra-micro penetration. comand Apple.
Amazon and Apple also disputed the findings.
S. Department of Homeland Security says they \"have no reason to doubt\" reports that the companies have denied Bloomberg Businessweek.
People familiar with the 2014 federal investigation
The 2015 attack said it was led by the FBI\'s network and anti-intelligence team and that the Department of Homeland Security may not have been involved.
The counter-intelligence investigation is one of the FBI\'s closest investigations, and few officials and agencies, in addition to these departments, are aware of the existence of these investigations.
Appleboum said he had consulted intelligence agencies outside the United States who told him that they had been following the operation of ultra-Micro hardware and hardware from other companies for some time.
In response to Bloomberg Businessweek\'s report, the Norwegian National Security Agency said last week that it had \"become aware of a problem related to ultra-Micro Products\" since June \".
A statement from the agency said it was unable to confirm the details reported by Bloomberg, but recently it has been in talks with partners on the issue.
The hardware operation is very difficult to detect, which is why intelligence agencies have invested billions of dollars in this kind of destruction.
It is well known that, according to the disclosure of former CIA employee Edward Snowden, USis has a wide range of programs to sow technology to foreign countries through spy implantation.
But China seems to be actively deploying its products, thanks to China\'s control over global technology manufacturing.
Three safety experts analyzing foreign hardware implants for the US Department of Defense confirmed that the way Sepio\'s software detects implants is reasonable.
One of the few ways to identify suspicious hardware is to look at the lowest level of network traffic.
It includes not only normal network transmission, but also analog signals.
Such as power consumption-
This can indicate the existence of a concealed hardware.
In the case of telecom companies, Sepio\'s technology detected that the tampered ultra-Micro Server actually appeared on the network as two devices in one device.
Legitimate servers communicate in one way, implant in another, but all traffic seems to come from the same trusted server, which enables it to pass through a security filter.
A key sign of the implant, says Appleboum, is that the manipulated Ethernet connector has metal edges, not the usual plastic edges.
Metal is necessary to expand heat from a chip hidden inside, which is like a microcomputer.
\"This module looks very innocent, high quality and \'original\', but it was added as part of a supply chain attack,\" he said . \".
The goal of the hardware implant is to build a secret temporary area in the sensitive network, which is the conclusion that Appleboum and his team have reached in this case.
They thought it was a serious security breach, multiple rogue electronics were also detected on the network and alerted the customer\'s security team on August, before they deleted them for analysis.
Once the implant has been identified and the server has been removed, Sepio\'s team will not be able to perform further analysis of the chip.
Sean Kanak said the threat of hardware implants was \"very real\" until 2016, when he was a senior network officer at the office of the Director of National Intelligence.
He\'s now head of future conflict and networking.
Security at the Washington Institute of International Strategy.
Hardware implants can provide attackers with capabilities that are not available for software attacks.
\"Manufacturers that ignore this concern ignore a potentially serious problem,\" Kanuck said . \".
Capable network Actor
Like China\'s intelligence and security services.
IT supply chains can be accessed at multiple points to create advanced and persistent subversions.
\"One of the keys to any successful hardware attack is to change the components that have sufficient power to them, which is a daunting challenge for you to get deep into the motherboard.
Appleboum says that\'s why peripherals such as keyboards and mice are also a long-term target for intelligence agencies.
After Bloomberg reported the attack on ultra-micro products, security experts said that from large banks, cloud computing providers, to small research labs and start-ups, teams around the world, their servers and other hardware are being analyzed for modifications, which is very different from normal practices.
Their findings are not necessarily public, as hardware operations are often done to access government and company secrets rather than consumer data.
A key issue, national security experts say, is that in a network security industry with an annual income of nearly $100 billion, there is very little cost to check whether hardware has been tampered.
This has enabled intelligence agencies around the world to work relatively unimpeded, and China has a key advantage.
For China, these efforts are
Including, \"said Tony Lawrence, CEO of VOR Technology, Columbia, Maryland --
Contractors for intelligence.
\"We cannot determine the severity or size of these holes ---
We didn\'t know until we found some.
This may be anything from China.
The unknown is what makes you understand that this is where we are now.
We don\'t know how well we exploit our own system.