This week Bloomberg published a very detailed report about what seems to be one of the biggest, if not the biggest cyber attack identified so far. If you haven’t heard about it yet, you probably will soon.
In this article we will focus on attacks that are categorised as ‘supply chain attacks’.
A supply chain attack is a cyber attack that seeks to damage an organisation by targeting less-secure elements in the supply network. In one of the previous podcasts we discussed a similar attack, where hackers gained access in the Ukraine to a company that provides accounting software. Users of this software were automatically connected to receive updates. Hackers changed the servers so that users would additionally receive malware, which gave them access to many large Ukrainian companies.
The Ukraine case is only one incident, but shows the advantages of performing supply chain attacks. If an attacker is able to get himself inside of the production chain of a product, he will gain access to many different networks without much additional effort.
The story Bloomberg revealed is about two companies located in the USA. The complete story is available in the article with many more details, but we will summarize it for you here.
The story begins with a company called Supermicro. Supermicro is located in Silicon Valley, California where many well known companies are located.
The company was founded by a Taiwanese engineer and his wife after they graduated from college in the USA.
Supermicro’s business offering was unique: clients could outsource the technical design of their electrical circuits to engineers in the USA, and then have the production performed in places where labor is cheap like China and by that, reduce the costs of manufacturing electronics.
Today, Supermicro sells more server motherboards than almost anyone else.
From MRI machines to weapons systems, Supermicro’s motherboards can be found in banks, cloud computing providers, web-hosting services, and many other places.
Supermicro has assembly facilities in California, the Netherlands, and Taiwan, but its motherboards—its core product—are nearly all manufactured by contractors in China.
One of the companies that used SuperMicro services is called Elemental Technologies.
Elemental made software for compressing massive video files and formatting them for different devices. Its technology helped make it possible to stream the Olympic Games online, communicate with the International Space Station, and funnel drone footage to the Central Intelligence Agency.
To summarize the story so far, a company in the US used the services of a large company called SuperMicro to produce servers which would be installed directly into client networks to improve video delivery.
In 2015, when Amazon wanted to acquire Elemental Technologies, they tested their servers and made a surprising discovery: a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design.
Amazon immediately reported the discovery to U.S. authorities. Elemental was only one of SuperMicro’s hundreds of customers. Could other customers also be affected? Investigators determined that the chips allowed attackers to create a stealth doorway into any network that included the altered machines. Additionally, investigators were able to discern that the chips were inserted at factories run by manufacturing subcontractors in China.
Chinese spies appeared to have found a perfect conduit for what U.S. officials now describe as the most significant supply chain attack known to have been carried out against American companies. Almost 30 companies, including a major bank, government contractors, and other sensitive sites were found to be infected.
Government officials claim that China’s goal was long-term access to high-value corporate secrets and sensitive government networks. No consumer data is known to have been stolen. The ramifications of the attack continue to play out. The Trump Administration has made computer and networking hardware—including motherboards—a focus of its latest round of trade sanctions against China, and White House officials have confidently stated that companies will begin shifting their supply chains to other countries as a result.
The full story contains more details and complications than we cant fit into this article. It can be read at Bloomberg’s website, also it is important to note that all the companies mentioned denied the whole story and published press releases addressing the issue and can be found online.
So what is the truth ??
Now, Just to balance things out, during March 2017 there was a leak of confidential cyber tools from the CIA. The leak got the code name Vault7; apparently the CIA found a vulnerability to overwrite programs to send data back from computers running specific software, so hundreds of thousands of people from around the world who used innocent programs such Notepad++ suddenly found themselves vulnerable to cyber attacks from the CIA.
The main conclusion for this article is that it doesn’t matter in which country you live, be it Russia, China, the USA, or anywhere else, everyone is impacted by sophisticated state-sponsored cyber attacks without even knowing.
(And that everyone are lying.)
Stay safe and see you next time. Don’t forget to visit www.cybercure.ai for the latest podcasts and cyber intelligence.