With the United States and China engaging in a full-blown trade war, one of the accusations leveled at Beijing is its predatory trade practices and outright theft of technology. A recent report by Bloomberg shows the lengths China has gone to reach its stated goal of being dominant in global high-tech manufacturing by the year 2025, or what Beijing calls “Made in China 2025.”

Bloomberg has uncovered an attack by China against nearly 30 U.S. companies, including Amazon and Apple, the first two companies to reach a value of more than $1 trillion dollars. The attack consists of a tiny microchip installed on hardware by Chinese spies, compromising America’s technology supply chain.

China tech theft

Per Bloomberg:

One country in particular has an advantage executing this kind of attack: China, which by some estimates makes 75 percent of the world’s mobile phones and 90 percent of its PCs. Still, to actually accomplish a seeding attack would mean developing a deep understanding of a product’s design, manipulating components at the factory, and ensuring that the doctored devices made it through the global logistics chain to the desired location — a feat akin to throwing a stick in the Yangtze River upstream from Shanghai and ensuring that it washes ashore in Seattle. “Having a well-done, nation-state-level hardware implant surface would be like witnessing a unicorn jumping over a rainbow,” says Joe Grand, a hardware hacker and the founder of Grand Idea Studio Inc. “Hardware is just so far off the radar, it’s almost treated like black magic.”

According to Bloomberg, U.S. investigators found:

The chips had been inserted during the manufacturing process, two officials say, by operatives from a unit of the People’s Liberation Army. In Supermicro, China’s spies appear to have found a perfect conduit for what U.S. officials now describe as the most significant supply chain attack known to have been carried out against American companies.

Officials found a major bank and government contractors had been compromised by the chip, as well as Amazon and Apple. Apple severed ties with the company, Supermicro, that was producing the motherboards.

For their parts, Apple and Amazon denied the reporting, as did China, claiming it also is a victim.

“It’s untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental,” Amazon wrote. “On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server,” Apple wrote. “We remain unaware of any such investigation,” wrote a spokesman for Supermicro, Perry Hayes. The Chinese government didn’t directly address questions about manipulation of Supermicro servers, issuing a statement that read, in part, “Supply chain safety in cyberspace is an issue of common concern, and China is also a victim.” The FBI and the Office of the Director of National Intelligence, representing the CIA and NSA, declined to comment.

Though, the denials have been countered by six current and former national security officials, who say China’s goal was long-term access to high-value corporate secrets and sensitive government networks.

One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon; the official and one of the insiders also described Amazon’s cooperation with the government investigation. In addition to the three Apple insiders, four of the six U.S. officials confirmed that Apple was a victim. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks. The sources were granted anonymity because of the sensitive, and in some cases classified, nature of the information.

The Trump administration has made computer and networking hardware a focus of its latest round of trade sanctions against China.

How the Hack Worked

  1. A Chinese military unit designed and manufactured microchips as small as a sharpened pencil tip. Some of the chips were built to look like signal conditioning couplers, and they incorporated memory, networking capability, and sufficient processing power for an attack.
  2. The microchips were inserted at Chinese factories that supplied Supermicro, one of the world’s biggest sellers of server motherboards.
  3. The compromised motherboards were built into servers assembled by Supermicro.
  4. The sabotaged servers made their way inside data centers operated by dozens of companies.
  5. When a server was installed and switched on, the microchip altered the operating system’s core so it could accept modifications. The chip could also contact computers controlled by the attackers in search of further instructions and code.

The investigators found the intricate scheme was the work of a People’s Liberation Army unit that specializes in hardware attacks.

“We’ve been tracking these guys for longer than we’d like to admit.” The unit is believed to focus on high-priority targets, including advanced commercial technology and the computers of rival militaries. In past attacks, it targeted the designs for high-performance computer chips and computing systems of large U.S. internet providers.