Cyber-hacks and cyber-attacks as a form of foreign espionage sounds more like the plot of a new movie release than a news report. Technology has brought us a world of advancements in more ways than many of us may realize, but with those advancements come new forms of vulnerability.
In October, Bloomberg released a story, 12 months in the making, which reported that approximately 30 major company names were compromised by a Chinese intelligence microchip implanted in server motherboards as far back as 2014. The motherboards, produced by hardware company Super Micro, experienced a “hardware hack,” which can be more effective than a software hack because it compromises physical devices and can largely go undetected.
Brands many of us interact with daily, including Amazon, Apple, and Super Micro, were reported by government and corporate officials to be among the companies directly impacted, while other associated companies were indirectly impacted like IBM, MediaTek, and many others. Although Amazon, Apple, and Super Micro deny the attacks took place, Bloomberg reported a total of 17 other sources, both within and outside of these companies, that supported the story, claiming that a major government investigation has been ongoing to gather more details on the attacks. Because of the denials of the claims and the confidentiality of the ongoing investigation, the reports are mostly still just allegations, however, after the story of the attacks circulated, stocks for all three companies took a major dive of approximately 50 percent.
According to the report, the Chinese government also allegedly denies involvement with the attacks.
Whether or not these hardware attacks happened, this frenzy highlights that security auditing on hardware is a missing, but necessary step after manufacturing, especially when so much of our technology’s production is done overseas to keep costs down. According to an estimate by Professor Henry Yeung of the National University of Singapore, “China is home to more than half of the world’s manufacturing capacity for electronics.”
There is a lot we don’t know—If these attacks occurred, are they an attempt to grab consumer data, an attempt to steal intellectual property, or both? A hardware hack like this one is key in secretly opening holes within these US telecom networks, giving the foreign intelligence agency responsible for the hack the ability to perform reconnaissance and look for US federal or corporate secrets. While it does seem that the hack has been contained to company servers, it could very well find its way into consumer devices without proper monitoring.
If the companies involved come forward with new information, we’ll have a better understanding and opportunity to validate all these claims. In the meantime, because these hardware attacks are at the corporate and manufacturer level, all we can do is be informed.
by Aura Altamiranda