Chinese spies ‘infiltrated US companies by sneaking chips on servers’

US officials say Chinese military spies infiltrated 30 American companies including Apple and Amazon by secretly embedding rice-sized computer chips onto server motherboards

  • The attack is said to have happened in 2015 and targeted customers of Super Micro Computer Inc, the country’s largest server supplier 
  • Unnamed US government officials told  Bloomberg that Chinese spies from the People’s Liberation Army designed the tiny chips
  • They infiltrated subcontractor factories where the Supermicro servers were being built and slipped the chips onto the motherboards, it is claimed
  • The servers then made their way into Apple data centers worldwide and Amazon’s Web Services data centers in Beijing, the US officials say
  • The chips opened the door for Chinese hackers to rewrite server code and enable them to harvest data 
  • Amazon and Apple both discovered the breach in the first half of 2015, according to company insiders
  • The companies both severed ties with Supermicro afterwards for reasons they say are unrelated reasons 
  • No data was actually stolen but they goal was to steal consumer and government data over a long period of time  
  • Amazon, Apple and Supermicro strongly refuted the story on Thursday 

The chips, which themselves have not been pictured, were made to resemble signal conditioning couplers (shown above) which are standard components of motherboards. They are so small, insiders who saw them said one was the equivalent width of a sharpened pencil head 

US officials have shared details of a widespread hardware hack which saw Chinese spies infiltrate 30 American companies, including Amazon and Apple, in 2015 by planting rice-sized computer chips onto their server motherboards which gave hackers access to sensitive consumer and government data.

The unnamed officials detailed the astonishing breach for the first time publicly in an expose by Bloomberg Businessweek on Thursday.  

Amazon, Apple and Super Micro Computer Inc, the server manufacturer which the officials say was compromised, all deny it officially but unnamed workers from both Apple and Amazon confirmed details of the hack, and how they dumped Supermicro afterwards.

All three companies suffered losses on Thursday when the news broke. Amazon and Apple’s stock prices dipped by up to two percent. 

Supermicro, which was delisted by NASDAQ in August for failing to produce earnings reports on times but is still being traded on other exchanges, halved in value, losing $500million of its total worth in a matter of hours.  

Chinese officials vaguely dismissed the attack and said the report amounted to nothing more than ‘gratuitous accusations’. 

No data is believed to have been stolen and the other 28 companies affected were not named. 

At the time of the attack, there were 7,000 Supermicro servers in use by Apple and many were facilitating its Siri voice assistant function, according to the report. 

As for Amazon, the chips had made their way onto servers being used in China by Amazon Web Services, its enormously popular, global cloud platform. 

Both Amazon and Apple severed ties with Supermicro in 2016 for, they say, unrelated reasons. 

Supermicro is one of Silicon Valley’s most prolific hardware manufacturers and is the country’s largest supplier of motherboards. It is the third largest supplier in the world. 

Above is an example of a Supermicro motherboard. The tiny chips were so small they would be barely visible on a completed motherboard and were only detected when they were dissected by Amazon, it is claimed, during a due diligence probe on a tech start up it wanted to acquire which was using the servers

The servers made their way into AWS data centers in Beijing (an AWS data center is shown above in a promotional image) and Apple data centers around the world, according to the US government officials and employees

Its motherboards are built mostly in its own facilities in Taiwan and China but in 2015, it had been outsourcing to four Chinese subcontractors when demand for its products overwhelmed its own operations.

It was in these subcontractor factories that Chinese military spies posed as members of Supermicro or governmental officials and ordered the manufacturers to include the tiny chip in the motherboards.  

Some were so small they were the size of a sharpened pencil head, the officials say.  


This is how the unnamed officials say the chips operated. All of their claims were refuted by Amazon, Apple and Supermicro.

The chip was designed by spies from China’s People Liberation Army, according to US government officials cited by the Bloomberg report. 

Once complete, the spies approached factory managers at the four subcontractors hired by Supermicro to manufacture servers. 

They bullied them into incorporating the chips onto the motherboards by bribing them and threatening to shut down the factories, it is claimed, all the while posing as Supermicro designers or Chinese government officials. 

Once the chips were loaded onto the motherboards, they were included in the servers and sent to Supermicro’s customers. 

When the server was switched on, the chips were activated. 

They were inconspicuous and signal conditioning couplers which are common on motherboards so would not be detected. 

Once they were activated, they could essentially allow the hackers to do whatever they liked, the report said.  

Amazon has never used their products in the US but it did use them in Beijing in its AWS data center, the report claims. 

Apple, on the other hand, was using them ‘sporadically’ but ramped up its reliance on them when it acquired a startup designed to speed-up Siri, the voice assistant function. 

No consumer data was stolen, the officials say, but the threat the chips posed was extraordinary.  

Once a server was turned on, the chips operated almost like a Trojan Horse by disarming the server’s security capabilities and granting access to hackers overseas.

The chips could communicate with the hackers’ computers and slip new code onto the servers without detection.

US intelligence officials became aware of the plan in 2014 while it was still being conceived but they were unable to act because they did not know who among Supermicro’s customers was being targeted.

They did not know about the subcontractor factories or their role in it and they did not want to warn the company and its customers because it would have crippled them financially with little proof of a real hack.  

In 2015, however, both Amazon and Apple discovered the breach for themselves and reported it, the insiders say. 

Amazon handed over the compromised hardware to be examined, the officials say, and the investigation is still continuing to this day. Apple only alerted the government to it but did not give over the equipment, it was claimed.

The US officials cited by Bloomberg emphasized the scale of the attack by likening Supermicro to Microsoft to illustrate how widespread its reach is.

They said it was like ‘an attack on the whole world’. 

The Chinese spies’ apparent goal was broad. 

They wanted to, over time, harvest sensitive consumer data and government information from Supermicro’s customers. 

The chips would not only harvest data but could slip new code into the products and compromise it by altering the server so that it accepted modifications without detection. 

The chip could also communicate with computers being operated by the attackers in China once the server was installed and turned on.  

At the time,  Supermicro, which was founded by Taiwanese engineer Charles Liang in California in 1993, had more than 900 customers in 100 different countries.

While it is headquartered in San Jose, almost all of its staff are Taiwanese or Chinese, former employees told Bloomberg. 

Many of its products are built in production facilities in the US and the Netherlands but its motherboards are almost all exclusively built in China.

  • Amazon workers could end up earning LESS after pay rise as…

    Apple and Amazon hit back at claims that their systems…

Share this article

With such strong ties to China, officials say it was easy for their spies to infiltrate the company. It is possible, they said, spies took jobs in Supermicro to obtain information about where the motherboards were being manufactured.

Once the spies knew which contractors were being used, they approached factory managers by either posing as a Supermicro boss or government official. 

They then forced the chips in in various ways, it was claimed.

First, they would try to convince the managers that there had been a change in design. 

If that did not work, they bribed the factory manager into incorporating the chips and told them where to put them. 

The attack was designed by spies from within China’s People’s Liberation Army (shown in a file image above). The government officials said the army has a designated branch which works on hardware attacks which US intelligence officials have been monitoring for ‘longer than they’d like to admit’ 

If they were still unsuccessful, they would threaten the manager with an inspection which would shut down their company. 

Amazon began looking into the motherboards in ‘late spring’ 2015 during a due diligence investigation into one of Supermicro’s customers, Elemental Technologies.

Amazon’s cloud platform Amazon Web Services was looking into acquiring Elemental, the tech startup which condensed large videos so that they were able ot be seamlessly viewed on smaller, tech devices.  

AWS sent Elemental’s servers to a third party security firm in Canada and it was that firm’s workers who detected the chips, company insiders claimed.

The security firm, which was not named, provided Amazon with a detailed report of the breach and Amazon duly alerted the FBI, the insiders said, and agreed to handover Elemental’s servers that they’d taken for analysis.  

They then acquired Elemental but moved all of its components over to the AWS cloud which operates its own servers in the US and abroad. 

Only of the few zones where they had not built their own servers was in China and, upon investigation, AWS learned Supermicro servers were being operated in its Beijing data centers, the insiders said.   

In 2016, Amazon sold its AWS cloud hardware in Beijing to a local company. At the time, they explained it was down to tightening Chinese cyber security laws. 

Apple made its own discovery in May 2015 after detecting strange network activity, the sources say. They alerted US officials but they were not willing to hand over the servers like Amazon had been, they said. 

Instead, they carried out their own investigation and determined that there were 7,000 Supermicro servers in its network, with more on the way due to its acquisition of Topsy Labs. 

Topsy Labs created technology which sped up web research and index and would be instrumental in improving Apple’s Siri function. 

In 2014, Apple ordered 6,000 Supermicro servers to be used in 17 locations, including Amsterdam, Chicago, Hong Kong, Los Angeles, New York, San Jose, Singapore, and Tokyo. 

In the summer of 2015, after it uncovered the chips, Apple started removing Supermicro servers from its network. They severed ties with the company after removing them all in 2016 but insisted it was for an unrelated security reason. 

Both companies strongly refuted Bloomberg’s report on Thursday.    

Both Amazon and Apple vehemently refuted the report and said they neither knew about any hack nor have they worked with US officials to investigate one, as was claimed. CEOs Jeff Bezos (left) and Tim Cook (right) are pictured 

Amazon said: ‘It’s untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental. 

‘It’s also untrue that AWS knew about servers containing malicious chips or modifications in data centers based in China, or that AWS worked with the FBI to investigate or provide data about malicious hardware.’ 

AWS subsequently published a blog post labeling the report ‘erroneous’. 

The company said there were ‘so many inaccuracies they were hard to count’. 

Steve Schmidt, Chief Information Security Officer, also played down the company’s sale of its assets to Beijing Sinnet, saying: ‘This notion that we sold off the hardware and datacenter in China to our partner Sinnet because we wanted to rid ourselves of SuperMicro servers is absurd. 

Supermicro’s Taiwanese CEO Charles Liang is pictured. His company also denies the breach 

‘Sinnet had been running these data centers since we ‎launched in China, they owned these data centers from the start, and the hardware we “sold” to them was a transfer-of-assets agreement mandated by new China regulations for non-Chinese cloud providers to continue to operate in China.’ 

Apple issued a similarly angry rebuke.

In its statement, it said: ‘On this we can be very clear: Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident.   

‘We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.’  

They added that Bloomberg had offered only its ‘latest version’ of the story and had been in touch multiple times in the past with similar claims, all of which it refuted. 

‘We are deeply disappointed that in their dealings with us, Bloomberg’s reporters have not been open to the possibility that they or their sources might be wrong or misinformed. 

‘Our best guess is that they are confusing their story with a previously-reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. 

‘That one-time event was determined to be accidental and not a targeted attack against Apple,’ the company said. 

Supermicro, which has been in financial difficulty over the last year and was delisted by Nasdaq in August, suffered immediately on Thursday when the news broke. Shares halved in value, wiping half a billion dollars from the company’s net worth

Amazon’s stock dipped by 2 per cent as the news broke on Thursday despite the company’s strong rebuttal 

Apple shares were down by 1.46 per cent in the morning. The company remains the only in the world to maintain a $1trillion worth 

Supermicro said in its own statement: ‘While we would cooperate with any government investigation, we are not aware of any investigation regarding this topic nor have we been contacted by any government agency in this regard. 

‘We are not aware of any customer dropping Supermicro as a supplier for this type of issue.’ 

China dismissed the allegations as ‘gratuitous’. Its president Xi Jinping is pictured. It remains unclear if the described attack played any role in the decision to impose harsher tariffs on Chinese imported goods which has stoked fear in Silicon Valley 

The Chinese Foreign Minister also denied it and dismissed the reports as ‘gratuitous accusations and suspicions.’  

After the story was published, both Amazon and Apple’s stock took a dip by around 1.3 percent.

Supermicro, which was worth around $1.3billion in 2014, was unlisted by Nasdaq earlier this year after missing deadlines to submit annual and quarterly reports. 

It is still trading, however, and shares halved on Thursday when the story was published, wiping $500million from the company’s quickly declining value.

Neither the Department of Homeland Security nor the FBI commented on the report when contacted by on Thursday. 

It remains unclear if the apparent hack played a role in the White House’s decision to impose harsh trade tariffs on Chinese-imported goods. 

The decision has Silicon Valley up in arms. 

Earlier this month, four tech giants pleaded with the government not to impose the tariffs which they say could slow down if not debilitate tech development in the US.  

Source: Read Full Article