Bloomberg broke a story today about how Chinese spies reportedly inserted microchips into servers used by Apple, Amazon, and others. According to the article, Chinese spies have infiltrated the supply chain for servers used by nearly 30 US companies. The chips were “not much bigger than a grain of rice,” reports Bloomberg, but able to subvert the hardware they’re installed on, siphoning off data and letting in new code like a Trojan Horse. According to Bloomberg, Amazon and Apple discovered the hack through internal investigations and reported it to US authorities. The publication says there’s no direct evidence that the companies’ data — or that of users — was stolen or tampered with, but both firms worked quietly to remove the compromised servers from their infrastructure. IT security experts commented below.
Ross Rustici, Senior Director, Intelligence Services at Cybereason:
Fundamentally, supply chain security is a cost problem. It is almost always conducted by a complicit insider, whether it is at the factory, a transportation agent, or customs official. This makes creating a tamper proof product extremely costly, the number of safeguards and other mechanisms required would drive up the cost of the product beyond market viability.
This incident should force government to re-examine how they inspect and certify critical hardware, however in the history of the spy wars, this will likely be forgotten as just another example of how countries are leveraging the global, vulnerable, supply chain for their own national security purposes.”
Edgard Capdevielle, CEO at Nozomi Networks:
This means making sure you can dynamically identify all devices in your environments and ensuring continuous monitoring of corporate networks and industrial networks, especially those that operate critical infrastructure.
By detecting anomalies in the data traffic and in operations, organizations have their own tools to fight against these types of attacks.”
Pravin Kothari, CEO at CipherCloud:
Andy Wright, Check Point’s Regional Director at Northern Europe:
“These types of attacks can be prevented using a comprehensive real-time perimeter security solution with anti-bot and reputation services, and good cooperation between government agencies and the cyber-security industry. These solutions can reduce the time it takes to respond to such attacks from years, as seen in this case, to hours, and provide effective prevention against even these stealthy exploits.”
Tom Kellermann, Chief Cybersecurity Officer at Security Company Carbon Black and The Former Commissioner at President Barack Obama’s Cybersecurity Council:
Carbon Black’s quarterly Incident Response Threat Report shows that IT leaders are unambiguously pointing the finger at China and Russia for originating the vast majority of cyberattacks. And cybercriminals are seeking more than just financial gain or IP theft – 35% of the IT heads that we surveyed say the attackers’ end goal is espionage – as evident in China’s spying campaign.”
Kurt Baumgartner, Principal Security Researcher at Kaspersky Lab:
“However, sooner or later, the chip would have to phone home, and it is when communicating with the attacker’s command and control system that undiscovered threats are often most vulnerable. A defender looking at network traffic suddenly spots the anomaly. This is a big problem for threat actors, but it helps the security industry. We and other security companies have warned about a rise in supply chain attacks for a while now, and it is an area organizations need to be very alert to. Even things such as USB sticks still need checking for irregular traffic as they continue to be actively used to spread infection.”
Matan Or-El, CEO at Panorays:
.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.