The Supermicro hack
Is it at all possible to verify electronic equipment procured from untrusted vendors? This is one of the central questions in Prof. Olav Lysne’s recent book “The Huawei and Snowden Questions”. At Paranoia 2019, mr. Lysne will address issues related to the “Supermicro case” revealed by Bloomberg last year.
An investigative report published in Bloomberg Businessweek in October 2018, claimed that Chinese spies had managed to infiltrate close to 30 US companies using a tiny microchip, not much bigger than a grain of rice. The chip was found by security testers on server motherboards assembled by Super Micro Computer Inc. (also known as Supermicro) for a startup company called Elemental technologies.
Elemental made software for compressing large video files and formatting them for various devices and was at the time considered by Amazon as a potential acquisition to help facilitate an expansion of their video streaming service Amazon Prime Video. Elemental had worked on several national security contracts and its technology had helped channel drone footage to the CIA and communicate with the International Space Station. In order to handle compression of large video files, Elemental’s customers had to install a server in their network. It was on the motherboards of these servers the microchip was found.
The alarming discovery was reported by Amazon to the US authorities and soon became a serious concern in the intelligence community. Elemental’s servers were installed in networks of Navy warships, CIA’s drone operations, and the Department of Defense data centers. What was even more troubling, was that Elemental was just one of hundreds of companies using Supermicro products. nvestigators later found that the chip enabled the hackers safe access into any network that included the altered hardware. The chips were allegedly inserted into the equipment at China-based factories run by manufacturing subcontractors.
We look forward to hearing Prof. Lysne’s reflections on the Supermicro case and issues related to cyber-attacks such as this!