https://www.bloomberg.com/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecom
By Jordan Robertson and Michael Riley
Bloomberg
October 9, 2018
A major U.S. telecommunications company discovered manipulated hardware
from Super Micro Computer Inc. in its network and removed it in August,
fresh evidence of tampering in China of critical technology components
bound for the U.S., according to a security expert working for the telecom
company.
The security expert, Yossi Appleboum, provided documents, analysis and
other evidence of the discovery following the publication of an
investigative report in Bloomberg Businessweek that detailed how China’s
intelligence services had ordered subcontractors to plant malicious chips
in Supermicro server motherboards over a two-year period ending in 2015.
Appleboum previously worked in the technology unit of the Israeli Army
Intelligence Corps and is now co-chief executive officer of Sepio Systems
in Gaithersburg, Maryland. His firm specializes in hardware security and
was hired to scan several large data centers belonging to the
telecommunications company. Bloomberg is not identifying the company due
to Appleboum’s nondisclosure agreement with the client. Unusual
communications from a Supermicro server and a subsequent physical
inspection revealed an implant built into the server’s Ethernet connector,
a component that's used to attach network cables to the computer,
Appleboum said.
The executive said he has seen similar manipulations of different vendors'
computer hardware made by contractors in China, not just products from
Supermicro. “Supermicro is a victim -- so is everyone else,” he said.
Appleboum said his concern is that there are countless points in the
supply chain in China where manipulations can be introduced, and deducing
them can in many cases be impossible. “That's the problem with the Chinese
supply chain,” he said.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
