A major US telecommunications company found “manipulated” hardware from Super Micro Computer Inc. in its network in August – bolstering claims in a Bloomberg report last week alleging that China installed bugging devices on hardware bought by Apple, Amazon and a host of other companies.
According to a new report by Bloomberg, the unnamed telecom company hired former Israeli Intelligence Corps security expert Yossi Appleboum, now of Maryland-based Sepio Systems, who provided “documents, analysis and other evidence of the discovery” following last week’s report detailing how China’s intelligence agencies had ordered subcontractors to install malicious chips in Super Micro motherboards between 2013 and 2015.
Sepio Systems’ board includes former Mossad director, Tamir Pardo, and its advisory board includes former CIA chief information security officer Robert Bigman.
Israeli Army Intelligence Corps and is now co-chief executive officer of Sepio Systems in Gaithersburg, Maryland. His firm specializes in hardware security and was hired to scan several large data centers belonging to the telecommunications company.
Bloomberg is not identifying the company due to Appleboum’s nondisclosure agreement with the client. Unusual communications from a Supermicro server and a subsequent physical inspection revealed an implant built into the server’s Ethernet connector, a component that’s used to attach network cables to the computer, Appleboum said. –Bloomberg
Appleboum says that Super micro “is a victim — so is everyone else,” and that he has seen “similar manipulations of different vendors’ computer hardware made by contractors in China,” according to Bloomberg. He adds that his concern is that there are numerous points in the supply chain in China where hardware can be manipulated – which are virtually impossible to track down. “That’s the problem with the Chinese supply chain,” said Appleboum.
Based on his inspection of the device, Appleboum determined that the telecom company’s server was modified at the factory where it was manufactured. He said that he was told by Western intelligence contacts that the device was made at a Supermicro subcontractor factory in Guangzhou … The tampered hardware was found in a facility that had large numbers of Supermicro servers, and the telecommunication company’s technicians couldn’t answer what kind of data was pulsing through the infected one, said Appleboum, who accompanied them for a visual inspection of the machine.
The manipulation of the Ethernet connector appeared to be similar to a method also used by the U.S. National Security Agency, details of which were leaked in 2013. In e-mails, Appleboum and his team refer to the implant as their “old friend,” because he said they had previously seen several variations in investigations of hardware made by other companies manufacturing in China. –Bloomberg
Shares of Super Micro dropped as much as 27% in Tuesday trading, and are down approximately 45% since October 3, before the initial Bloomberg story hit the next day.
Manipulated hardware is extremely difficult to detect, which as led intelligence agencies around the world to invest billions of dollars in such sabotage. The United States is known to have implemented extensive programs to “seed technology headed to foreign countries with spy implants,” according to revelations by former CIA employee Edward Snowden – however China now appears to be sneaking their own versions onto hardware made within their borders.
The goal of the spy implants is to establish a “covert staging area” within sensitive networks, which is what Appleboum says was happening in the new case. Once the implant was identified and the server removed, Sepio’s tream was unable to perform further analysis on the chip.
One problem, according to national security experts, is that in a cybersecurity industry approaching $100 billion in revenue, very little effort has been made to inspect and detect hardware tampering. This has allowed intelligence agencies around the world to manipulate hardware virtually unfettered.
Full article: New Evidence Of Chinese Spy Hardware Found By Ex-Mossad Investigators; Super Micro Shares Plunge (ZeroHedge)