new evidence of hacked supermicro hardware found in u.s. telecom

by:DIgao     2020-06-23
A major U. S.
The telecom company has discovered the manipulated hardware from the Super Micro Computer Company.
In its network and deleted it in August, new evidence of China tampering with key technical components shipped to the United StatesS.
According to a security expert working for a telecom company.
Security expert Yossi Appleboum provided documents, and analysis and other evidence showed the finding after Bloomberg Businessweek released its investigation report, the report details how the Chinese intelligence service ordered subcontractors to plant malicious chip Super Micro servers in two ways
Annual period as at 2015.
Abom, who worked in the technical arm of the Israeli army intelligence unit, is now United
Chief executive\'s office in Gaithersburg, Maryland.
His company focuses on hardware security and is hired to scan several large data centers of telecom companies.
Due to the confidential agreement between Appleboum and the customer, Bloomberg did not determine the company.
Appleboum said that the unusual communication from the ultra-Micro Server and subsequent physical checks show that an implant is built into the server\'s sethernet connector, which is used to connect the network cable to the computer.
The executive said he saw similar operations by Chinese contractors on computer hardware from different vendors, not just products from Supermicro.
\"Supermicro is the victim. -
The same is true of everyone else, \"he said.
Appleboum said he is concerned that there are countless points in China\'s supply chain that can be introduced into operations, and in many cases it is impossible to infer these points.
\"This is the problem with China\'s supply chain,\" he said . \"
Supermicro, based in San Jose, Calif. , issued this statement: \"The safety of our customers and the integrity of our products are at the heart of our business and corporate values.
Throughout the manufacturing process, we pay attention to ensuring the integrity of our products, and supply chain security is an important topic in our industry discussion.
We are still unaware of any unauthorized components and have not been notified by any customer that we have found them.
We are frustrated that Bloomberg will only give us limited information, no documents, and half a day to respond to these new allegations.
Bloomberg News first contacted Supermicro at 9: 23 a. m. on Monday to comment on the matter. m.
Eastern time gave the company a 24-hour response.
Supermicrosaid said after previous reports that it \"strongly refutes\" reports that servers sold to customers contain malicious microchips.
The Chinese embassy in Washington did not respond to requests for comment on Monday.
In response to an earlier Bloomberg Business Week survey, China\'s foreign ministry did not directly answer questions about ultra-Micro Server manipulation, but said supply chain security was \"a common concern and China was a victim.
\"Following Bloomberg Businessweek\'s disclosure of hacked servers, Supermicro\'s share price plunged 41% last Thursday, the biggest drop since it became a public company in 2007.
After the latest report, they fell 27% on Tuesday.
The recent manipulation is different from the one described in the Bloomberg Businessweek report last week, but it has key features: they are all designed to allow an attacker to make invisible access to data on the computer network where the server is installed;
It was found that the changes were made at the factory, as the motherboard was produced by an ultra-micro subcontractor in China.
According to his inspection of the equipment, Appleboum determined that the telecom company\'s servers had been modified at the factory where the equipment was manufactured.
He said Western intelligence officials told him that the device was manufactured at an ultra-micro subcontractor factory in the port city of Guangzhou in southeast China.
Guangzhou, 90 miles upstream of Shenzhen, is known as \"hardware Silicon Valley\" and is home to giants such as Tencent Holdings Ltd.
Huawei Technology Co. , Ltd. Ltd.
Appleboum said that the tampered hardware was found in a device with a large number of ultra-micro servers, and telecom company technicians could not answer what kind of data was transmitted through the infected server, the person who accompanied them in visual inspection of the machine
It is not clear whether the telecom company contacted the FBI about the discovery.
A fbi spokesman declined to comment on whether the findings were known. AT&T Inc.
Spokesman Cook said: \"These devices are not part of our network and we are not affected.
Average Level Communications
\'We have not been affected, \'the spokesman said.
\"The operation of the Ethernet connector seems to be similar to the method used in the United States. S.
The details of the National Security Agency were leaked in 2013. In e-
Mail, Appleboum and his team called the implant their \"old friend\" because he said they had seen some changes in their previous survey of hardware by other companies made in China
In a Bloomberg Business Week report, an official said investigators found that China had infiltrated nearly 30 companies, including Amazon. com Inc. and Apple Inc.
Amazon and Apple also disputed the findings. The U. S.
S. Department of Homeland Security says the companies deny that Bloomberg Businessweek reports \"have no reason to doubt \".
People familiar with the 2014 federal investigation
The 2015 attack said it was led by the FBI\'s network and anti-intelligence team and that the Department of Homeland Security may not have been involved.
The counter-intelligence investigation is one of the FBI\'s closest investigations, and few officials and agencies, in addition to these departments, are aware of the existence of these investigations.
He said he had consultations with intelligence agencies outside the United States. S.
This tells him that for some time, they have been tracking the operation of super hardware and hardware of other companies.
In response to Bloomberg Businessweek\'s report, the Norwegian National Security Agency said last week that it had \"become aware of a problem related to ultra-Micro Products\" since June \".
Trond Ovstedal, a spokesman for the agency, later added in a statement that the agency was reminded of their concerns by people heard by Bloomberg News collection.
The authorities were unable to confirm the details reported by Bloomberg in their initial statement, but said they had been in talks with partners on the issue recently.
The hardware operation is very difficult to detect, which is why intelligence agencies have invested billions of dollars in this kind of destruction. The U. S.
It is well known that, according to the disclosure of former CIA employee Edward Snowden, the company has extensive programs to promote seed technology to foreign countries through spy implantation.
But China seems to be actively deploying its products, thanks to China\'s control over global technology manufacturing.
Three security experts analyzed foreign hardware implants for the United States. S.
The Ministry of Defense confirmed that the way Sepio\'s software detects implants is sound.
One of the few ways to identify suspicious hardware is to look at the lowest level of network traffic.
It includes not only normal network transmission, but also analog signals. -
Such as power consumption--
This can indicate the existence of a concealed hardware.
In the case of telecom companies, Sepio\'s technology detected that the tampered ultra-Micro Server actually appeared on the network as two devices in one device.
Legitimate servers communicate in one way, implant in another, but all traffic seems to come from the same trusted server, which enables it to pass through a security filter.
A key sign of the implant, says Appleboum, is that the manipulated Ethernet connector has metal edges, not the usual plastic edges.
Metal is necessary to expand heat from a chip hidden inside, which is like a microcomputer.
\"This module looks very innocent, high quality and \'original\', but it was added as part of a supply chain attack,\" he said . \".
The goal of the hardware implant is to build a secret temporary area in the sensitive network, which is the conclusion that Appleboum and his team have reached in this case.
They thought it was a serious security breach, multiple rogue electronics were also detected on the network and alerted the customer\'s security team on August, before they deleted them for analysis.
Once the implant has been identified and the server has been removed, Sepio\'s team will not be able to perform further analysis of the chip.
Sean Kanak said the threat of hardware implants was \"very real\" until 2016, when he was a senior network officer at the office of the Director of National Intelligence.
He is now director of future conflict and cyber security at the Washington Institute of International Strategy.
Hardware implants can provide attackers with capabilities that are not available for software attacks.
\"Manufacturers that ignore this concern ignore a potentially serious problem,\" Kanuck said . \".
\"Capable network Actor-
Like China\'s intelligence and security services. -
It supply chains can be accessed at multiple points to create advanced and persistent sub-versions.
\"One of the keys to any successful hardware attack is to change the components that provide them with sufficient power, which is a daunting challenge for you to get deep into the motherboard.
Appleboum says that\'s why peripherals such as keyboards and mice are also a long-term target for intelligence agencies.
After Bloomberg reported the attack on ultra-micro products, security experts said that from large banks, cloud computing providers, to small research labs and start-ups, teams around the world, their servers and other hardware are being analyzed for modifications, which is very different from normal practices.
Their findings are not necessarily public, as hardware operations are often done to access government and company secrets rather than consumer data.
A key issue, national security experts say, is that in a network security industry with an annual income of nearly $100 billion, there is very little cost to check whether hardware has been tampered.
This has enabled intelligence agencies around the world to work relatively unimpeded, and China has a key advantage.
\"For China, these efforts are --
Including, \"said Tony Lawrence of CEOof VOR Technology in Columbia, Maryland --
Contractors for intelligence.
\"We cannot determine the severity or size of these holes ---
We didn\'t know until we found some.
Probably everywhere--
This may be anything from China.
The unknown is what makes you understand that this is where we are now.
We don\'t know how well we exploit our own system. ”—
Custom message
Chat Online 编辑模式下无法使用
Chat Online inputting...