China planted to spy Apple and Amazon
China planted to spy Apple and Amazon a new report that in China is hacking American companies in an amazing way by introducing small chips into computers manufactured in China. The report, which caused a sensation, claims that thousands of hacked servers have been sold by Supermicro, Data centers have provided many companies, such as Apple and Amazon, and US security agencies have been investigating this violation very confidentially since at least 2014.
A computer attack unit developed by the Chinese People’s Liberation Army (PLA) has developed very small chips that can be placed on computer motherboards similar in form to the rest of the components, even though these chips contain their own memory, communication, and processing capabilities.
The report also claims that the spies arrived at sub-contractors from Supermicro, based in San Jose, California, and added those chips to the servers without being detected, exposing the server’s operating system to danger once that server is running.
China’s goal is to have long-term access to government networks and corporate secrets, and consumer data and consumer computers are not thought to have been affected.
Supermicro is one of the world’s largest suppliers of servers and is dominant in the provision of custom panels for advanced electronic devices, so its dominance in hardware may be comparable to Microsoft’s dominance of operating systems.
The attack on Supermicro’s motherboards is like attacking Windows. It’s like attacking the whole world.
The current range of damage is unclear Supermicro is used in nearly 30 companies as well as several US government agencies, but US security officials have warned some of these companies to abandon the company’s equipment. The ongoing investigation is underway, with the White House becoming aware of the Chinese initiative since 2014.
According to information from 17 sources, including US officials and former corporate employees, the report says that Amazon discovered the chips and informed the government in 2015, and provided access to government agencies to those chips, and the report claims that Apple originally planned to buy 20 thousand A server from Supermicro in 2015, but abruptly terminated its relationship with the supplier in 2016 due to an unconnected and relatively simple security incident.
Amazon, Apple, and Supermicro have issued explicit statements denying the Bloomberg report. Amazon says it has found no evidence to support allegations of malicious chips or hardware modifications. Apple said the same, adding that it had no contact with the FBI or any agency Others on such an incident.
Topsy Labs and Topsy Labs do not share servers, Siri does not rely on servers that the company has acquired from SuperMicro, and Topsy Labs data is limited to nearly 2,000 server-based microcontroller-free microprocessors. The FBI has no information on the investigation of this kind.
For its part, the Chinese government responded with a vague declaration, describing itself as a resolute advocate of cybersecurity and a victim of the safety of the supply chain in cyberspace, and did not explicitly deny the report’s allegations. However, she said she hoped the parties would reduce accusations, We can work together to build a peaceful, secure, open, cooperative and orderly cyberspace.
The report highlights long-standing US concerns that the Chinese government is using Chinese companies, which are supposed to be independent, to develop spy devices within network and consumer electronics devices, as well as contractors and buyers, and that spyware may be small enough to be included in electronic devices, Making it impossible to discover them without specialized tools and original engineering designs for products.
companies are facing new pressure after Chinese spy report
Technology companies competing for the Pentagon’s $ 10 billion cloud computing contract face additional pressure to prove their systems are secure after a report says China is hacking US companies in an amazing way by planting spy chips on servers used by US companies, Including Amazon, which is the main candidate for a Pentagon contract.
The report, based on information from 17 sources, including the US and former corporate officials, said that AWS, a leader in customized cloud computing platforms, has been hacking its servers along with almost 30 other companies, Including Apple, with Apple, Amazon, SuperMicro and the Chinese government denying the report.
Security experts said Amazon’s chances of winning the cloud services contract for the Defense Ministry may not be affected because it could argue that it was a victim that revealed the problem. According to the report, Amazon has discovered the violations at factories operated by contractors in China, alerted authorities and taken measures to reduce the consequences. , However, the detection process increases the pressure on the Pentagon, Amazon and other technology companies.
The pressure on technology companies to step up measures to secure their systems in the global market and its integrated equipment manufactured in China, said Adam Schiff, the representative of California and the largest Democratic member of the House of Representatives Intelligence Committee, the Commission should seek more information Of agencies on whether China is trying to sneak into the supply chain of computer chips.
The deadline for Amazon, Microsoft, Oracle, and IBM to approach the Pentagon project, which involves the transfer of huge amounts of sensitive government data to a corporate cloud system, is nearing completion. With a $ 600 million cloud deal of the CIA.
Microsoft is trying to catch up with the expansion of its work with the US intelligence community, and in July the Ministry of Defense issued its final requirements for the 10-year project known as JEDI. The project submission period is scheduled to continue until October 12, The current one.
Defense Ministry spokeswoman Heather Babb commented on questions about dealing with the risk of penetrating equipment by saying that the project documents detailed the procurement requirements. Under these requirements, the Department of Defense asked technology companies to comply with strict security guidelines, including the ability to obtain security permits High level, provision of government-approved encryption, and provision of local data centers and United States citizens.
Sen Mark Warner of Virginia, the largest Democrat on the Senate Intelligence Committee, said the new report provides further evidence that China’s behavior is a serious threat to national security and supply chain risk management.
Stan Soloway, president of Celeron Strategies and a former Defense Department official under President Bill Clinton, explained that weaknesses in the global supply chain require constant vigilance from technology companies to stay ahead of evolving threats. You could have The most difficult security requirements, but you are ultimately linked to a global supply chain that does not have direct control over its contracts.
Cybersecurity experts are divided on whether it is safe for the Pentagon to give the contract to a single cloud provider, despite objections from Amazon’s competitors. Microsoft, Oracle, and IBM argued that multiple providers isolate risk, ensuring that if a problem occurs, Cloud services for one company will not affect the entire section.
The Defense Department said in a report sent earlier this year to the US Congress that splitting the current decade into multiple parts would have slow repercussions that could prevent the Pentagon from delivering new capabilities quickly and improving the effectiveness of warriors that cloud computing could enable.
The biggest problem seems to be that most American electronics are made in China. If file servers are created in the United States, components from overseas, especially from China, are still likely to exist, and analyst James Bach said the problem should spark debate about security The supply chain goes beyond the JEDI contract, and that debate must include all major technology companies and Congress, as supply chain gaps permeate the US government and are not limited to Amazon or Apple.