Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

China Used Tiny Chips on US Computers to Steal Secrets: Report

Tiny chips inserted in US computer equipment manufactured in China were used as part of a vast effort by Beijing to steal US technology secrets, a published report said Thursday.

Tiny chips inserted in US computer equipment manufactured in China were used as part of a vast effort by Beijing to steal US technology secrets, a published report said Thursday.

The Bloomberg News report said the chips, the size of a grain of rice, were used on equipment made for Amazon, which first alerted US authorities, and Apple, and possibly for other companies and government agencies.

Bloomberg said a three-year secret investigation, which remains open, enabled spies to create a “stealth doorway” into computer equipment, a hardware-based entry that would be more effective and harder to detect than a software hack.

Citing unnamed US officials, Bloomberg said a unit of the People’s Liberation Army were involved the operation that placed the chips on equipment manufactured in China for US-based Super Micro Computer Inc.

Supermicro, according to Bloomberg, also manufactured equipment for Department of Defense data centers, the CIA’s drone operations, and onboard networks of Navy warships.

The report said Amazon discovered the problem when it acquired software firm Elemental and began a security review of equipment made for Elemental by California-based Supermicro.

According to Bloomberg, the spy chips were designed for motherboards — the nerve centers for computer equipment — used in data centers operated by Apple, Amazon Web Services and others.

Apple said in a statement it “has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server.” 

A statement by Amazon to AFP said that “at no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in Supermicro motherboards in any Elemental or Amazon systems.‎”

Supermicro could not immediately be reached for comment, but Bloomberg said the firm denied any knowledge of the espionage or investigation.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.

Cybercrime

Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Funding/M&A

Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.