BREAKING NEWS: OZ Distributors Selling Chinese SuperMicro Servers Used In Alleged Spy Attack
Sydney based distributors Tech Data and Digicor have not said whether they will continue supplying servers from SuperMicro Computer after it was claimed that the Chinese made systems had been used for spying on Companies Government Departments & the military.
Bloomberg claims that a US Government investigation has revealed that the servers madfe by SuperMicro had been compromised during manufacturing and the tiny chips built into the boards activated once they were up and running at a given Company or Government Institution.
Among those Companies that Bloomberg is claiming have been affected are Apple and Amazon who use these servers in their Amazon Web Services operation. Many Australian Companies Government departments and major banks are also using Super Micro Computer hardware, they also use Amazon Web Services.
At this stage it appears that data had been siphoned off via tiny chips inserted on server circuit boards made by Super Micro Computer.
Bloomberg has come back claiming that a year-long investigation by reporters Jordan Robertson and Michael Riley had uncovered evidence of the wide-ranging attack, which gave Beijing access to 30 large companies and many federal agencies in the USA alone.
It’s not known whether Australian security agencies are aware of the claims or whether they will investigate the claims in Australia.
Investigators claim that the first information about the spying campaign had emerged during security testing carried out by Amazon in 2015 before it had started using servers from US company Elemental, which had been manufactured by Super Micro Computer at plants in China.
They said that the discovery then kicked off a long-running “top-secret probe” by US intelligence agencies, which found compromised servers in Department of Défense data centres and onboard warships which ChannelNews understands was recently in Australian waters during joint military exercises.
The boards are also believed to have been found in CIA drones.
China was well placed to carry out this kind of attack, said Bloomberg, because 90% of the world’s PCs are made in the country.
Carrying out the attack involved “developing a deep understanding of a product’s design, manipulating components at the factory, and ensuring that the doctored devices made it through the global logistics chain to the desired location”, it said.
Bloomberg claims the probe led to some companies removing servers made by Super Micro and ending business relationships with the company.
Bloomberg Businessweek cited 17 unnamed intelligence and company sources as saying Chinese spies inserted the microchips into equipment used by the companies and American agencies in order to gather intellectual property, along with trade and governmental secrets.
In 2015, Amazon began evaluating a video software start up called Elemental Technologies as part of its plan to expand its streaming service now called Amazon Prime Video, according to Bloomberg.
Amazon Web Services, which was building a super-secure cloud for the CIA, hired a third-party company to study Elemental’s security, a source familiar with the process told Bloomberg.
Supermicro, one of the world’s largest suppliers of motherboards, assembled servers for Elemental, which sent some of the equipment to Ontario, Canada, for the security company to test, the news outlet reported.
“Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design,” according to the Bloomberg report.
“Amazon reported the discovery to US authorities, sending a shudder through the intelligence community”
Several people familiar with the matter told Bloomberg that investigators discovered that the minuscule chips had been inserted by a unit of the People’s Liberation Army in factories run by manufacturing subcontractors.
Amazon and Apple denied the Bloomberg report.