Bombshell report: China put spy chips in the most expensive, powerful U.S. "servers", including at Apple and Amazon

The story below--from Bloomberg news--was completely, utterly predictable, at least in its essential elements.  The folks who track international espionage, technology and the strategic goals of our adversaries (China, Russia, Iran, Islam) warned that when huge companies like Apple, and suppliers of hardware to the U.S. military, started buying Chinese-made "chips"--and then later began outsourcing production of entire circuit boards to China--the result explained below was absolutely inevitable.

In fact, something like this was known 8 years ago, but carefully concealed by the Obama regime--no doubt for some carefully-concealed reason (his re-election).

But thank God Obama is no longer ruling us, and his equally corrupt, socialist successor isn't either.  Now all we have to worry about is why some mole in the Pentagon has written an RFP containing provisions that means it could only be won by an Amazon division called "Amazon Web Services" (AWS) that will put all U.S. military data on Amazon servers, accessible from everywhere.  With the proper passwords, of course.

Oh, of course.

Anyway, read on.  It's one hell of a story:

In 2015, Amazon.com Inc. began quietly evaluating the possible acquisition of a startup company called Elemental Technologies.  Elemental made software that compressed massive video files.  Among other things, the company's technology was used to send footage from drone aircraft to the CIA.

Amazon knew Elemental’s national-security contracts would help Amazon win other government contracts, such as the highly secure cloud that Amazon Web Services (AWS) was building for the CIA.

In fact AWS was overseeing the prospective acquisition.  To analyze Elemental's security, AWS hired a third-party company.  The first pass uncovered troubling issues, prompting AWS to take a closer look at Elemental’s main product: the expensive servers that customers installed in their networks to handle video compression.

These servers were assembled for Elemental by a California company, Super Micro Computer Inc. (commonly known as Supermicro) that’s also one of the world’s biggest suppliers of server motherboards--essentially very fast computer boards.  In 2015 AWS asked Elemental to send some of its servers to the third-party security company for testing.

On the server motherboards, the security company found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design.

Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers were already in use in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.

Investigators found that the grain-of-rice-sized chips allowed whoever built them to gain access to any network that used one of the altered servers.  The chips did this by being connected directly to the operating system of the device, which enabled them to bypass any security measures.  Meaning they didn't need any passwords.

The spy chip, actual size.  Incredibly hard to find.

China makes about 75 percent of the world’s mobile phones and 90 percent of its PCs, and a vast array of integrated circuits, so they have the expertise to pull off this scheme.  But even with the tech expertise, they would have had to know every detail of the function and design of the server in which this  motherboard would be used, to ensure that the altered devices would work without interfering with the device's normal function.

U.S. investigators found that the tiny chips had been inserted by operatives from a unit of the People’s Liberation Army during manufacturing. 

Investigators found that the spy chip eventually affected almost 30 companies, including a major bank, government contractors, and the company with the world’s highest book value--Apple Inc. Insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards. Apple severed ties with Supermicro the following year, for what it described as unrelated reasons.

In emailed statements, Amazon, Apple, and Supermicro disputed the Bloomberg report--but in very carefully-worded ways.  That is, the statements had huge loopholes in them.  Here's Amazon's statement:

It’s untrue that AWS knew about [either] a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental.

Amazon announced its acquisition of Elemental in September 2015, so the phrase "...when acquiring Elemental" obviously leaves open the possibility that Amazon learned about the spy chip after they'd already bought Elemental. 

Apple issued a similar carefully-worded denial:

On this we can be very clear:  Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server.

If you're sharp you can see that this alleged denial is very carefully worded: "Apple has never found..."  Sure.  Cuz the spy chips weren't found by Apple, but by a third party. 

Of course it's possible that both Apple and Amazon intended their denials to be unequivocal, and were just careless in wording their respective statements.  Pardon me for being skeptical.

Tellingly, the Chinese government didn’t bother to deny the story, instead issuing a "boilerplate" platitude that ignored the charges altogether:

Supply chain safety in cyberspace is an issue of common concern, and China is also a victim. 

It's also telling that the FBI and the Office of the Director of National Intelligence (who theoretically runs both the CIA and NSA), declined to comment, rather than denying the claims made in the story.

Bloomberg claims the putative denials by Apple and Amazon are countered by six current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government’s investigation.  One of those government officials, and two people inside Amazon Web Services, gave extensive information on how both Elemental and Amazon responded to the discovery of the spy chips.  The official and one of the insiders also described Amazon’s cooperation with the government investigation--which, if true, would obviously show the company knew about the spy chips--which obviously blows up their carefully-worded "denial."

In addition to the three Apple insiders, four of the six U.S. officials confirmed that Apple was a victim. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks.  Bloomberg allowed the sources to stay anonymous because of the sensitive nature of the information.

How China did it, according to U.S. Officials:

Elemental Technologies combined superfast graphics chips with brilliant code to dramatically reduce the time needed to compress large video files.  The company built highly-specialized servers that sold for as much as $100,000 each, at profit margins of as high as 70 percent, according to a former adviser to the company.

Since the CIA and U.S. military were starting to use video feeds from drone aircraft on a larger scale, Elemental started working with American spy agencies. In 2009 the company announced a deal for its servers to be used in national security missions.  Public documents, including the company’s own promotional materials, show that the servers have been used by the Department of Defense to process drone surveillance-camera footage, and footage of aircraft ground-attack missions.

The servers have also been used by government agencies for what was thought to be secure videoconferencing. NASA, both houses of Congress, and the Department of Homeland Security have also been customers. This portfolio made Elemental a target for foreign adversaries.

Elemental subcontracted the actual construction of its servers to Supermicro, which in turn farmed out much of the board-work to overseas companies--nearly all in China.

Supermicro actually sells more server motherboards than almost anyone else. It also dominates the $1 billion market for boards used in special-purpose computers--including weapons systems.

The majority of the company's workforce in San Jose is Taiwanese or Chinese, and Mandarin is the preferred language, according to six former employees.  The widespread use of Mandarin would have made it easier for China to understand Supermicro’s operations and designs.  (A U.S. official says the government’s probe is still examining whether spies were planted inside Supermicro or other American companies to aid the attack.)

With more than 900 customers in 100 countries by 2015, putting spy chips on Supermicro servers made it possible to spy on a huge collection of sensitive targets.  A former U.S. intelligence official said “Attacking Supermicro motherboards is like attacking Windows. It’s like attacking the whole world.”

The security of the global technology supply chain had been compromised.  But most companies didn’t know it.

Well before evidence of the attack was discovered, American intelligence sources had learned that China was planning to introduce spy chips into the supply chain.  The sources didn't know which motherboard manufacturers would be attacked until early 2014.  Then intelligence officials told the Obama administration that China was preparing to insert the spy chips into Supermicro motherboards--the ones that would be used in Elemental's servers.

The specificity of the information was remarkable, but the Obama administration apparently took no action, and may not even have warned Elemental.  There's no evidence that the administration warned any of Elemental's customers--including the CIA and Pentagon.  Sources diplomatically said that without confirmation that any spy chips had actually been found, the FBI was limited in how it could respond.

Its carefully-worded "denial" notwithstanding, Bloomberg claims Apple discovered suspicious chips inside Supermicro servers around May 2015, after detecting odd network activity. Two of the senior Apple insiders say the company reported the incident to the FBI but kept details about what it had detected tightly held, even internally.  Then Amazon made its discovery and gave the government access to sabotaged hardware, according to one U.S. official.  This enabled intelligence agencies to see what the chips looked like and how they worked, for the first time.

The chips on Supermicro boards manipulated the core operating instructions that tell the server what to do, according to people familiar with the chips’ operation.  The chips were wired into the board in a way that allowed them to inject their own instructions.

The spy chips did two critical things: first they told the device to communicate with one of several anonymous computers elsewhere on the internet that were loaded with more complex code.  Second, the spy chip prepared the server’s operating system to accept this new code.

In essence, the spy chips ordered the servers not to require a password, bypassing the security barriers of supposedly secure machines.  The chips could also steal encryption keys for secure communications, block security updates that would neutralize the attack, and open up new pathways to the internet.  It was the ultimate back door.

The biggest question left for U.S. investigators was how many doors the spy operation had opened into American targets.

Unlike software-based hacks, hardware manipulation creates a real-world trail.  Boards have serial numbers that trace to specific factories.  As recently as 2016, according to DigiTimes, a news site specializing in supply chain research, Supermicro had three primary manufacturers constructing its motherboards, two headquartered in Taiwan and one in Shanghai.  U.S. intel agencies sifted through communications intercepts and eventually traced the malicious chips to four subcontracting factories.

In some cases plant managers were approached by people who claimed to represent Supermicro or who held positions suggesting a connection to the government. The middlemen would request changes to the motherboards’ original designs, initially offering bribes in conjunction with their unusual requests. If that didn’t work, they threatened factory managers with inspections that could shut down their plants. Once arrangements were in place, the middlemen would organize delivery of the chips to the factories.

The investigators concluded that this intricate scheme was the work of a People’s Liberation Army unit specializing in hardware attacks, according to two people briefed on its activities.  In past attacks the unit targeted the designs for high-performance computer chips and computing systems of large U.S. internet providers.

Provided details of Businessweek’s reporting, China’s Ministry of Foreign Affairs sent a statement saying “We hope parties make less gratuitous accusations and suspicions but conduct more constructive talk and collaboration so that we can work together in building a peaceful, safe, open, cooperative and orderly cyberspace.”  Typical communist boilerplate.

The Supermicro attack reached the world's most highly-valued company: Apple.  In 2014 Apple planned to order more than 6,000 Supermicro servers. Those orders were supposed to double, to 20,000 by 2015.

Apple had installed around 7,000 Supermicro servers in its network by the time the company’s security team found the added chips.  But Apple didn’t give government investigators access to its facilities or the tampered hardware, so the extent of the attack there remained unknown outside that company.

American investigators eventually figured out who else had been hit.  A person familiar with the U.S. probe says they ultimately concluded that about 30 companies had installed the hacked servers.

That left the question of whom to notify and how. U.S. officials had been warning for years that hardware made by two Chinese telecommunications giants, Huawei Corp. and ZTE Corp., was subject to Chinese government manipulation. (Both Huawei and ZTE have said no such tampering has occurred.) But a similar public alert regarding a U.S. company was out of the question. Instead, officials reached out to a small number of important Supermicro customers. One executive of a large web-hosting company says the message he took away from the exchange was clear: Supermicro’s hardware couldn’t be trusted. “That’s been the nudge to everyone—get that crap out,” the person says.

Amazon, for its part, began acquisition talks with an Elemental competitor, but according to one person familiar with Amazon’s deliberations, it reversed course in the summer of 2015 after learning that Elemental’s board was nearing a deal with another buyer. Amazon announced its acquisition of Elemental in September 2015, in a transaction whose value one person familiar with the deal places at $350 million. Multiple sources say that Amazon intended to move Elemental’s software to AWS’s cloud, whose chips, motherboards, and servers are typically designed in-house and built by factories that Amazon contracts from directly.

A notable exception was AWS’s data centers inside China, which were filled with Supermicro-built servers, according to two people with knowledge of AWS’s operations there. Mindful of the Elemental findings, Amazon’s security team conducted its own investigation into AWS’s Beijing facilities and found altered motherboards there as well, including more sophisticated designs than they’d previously encountered.

In one case, the malicious chips were thin enough that they’d been embedded between the layers of fiberglass onto which the other components were attached, according to one person who saw pictures of the chips. That generation of chips was smaller than a sharpened pencil tip, the person says. (Amazon denies that AWS knew of servers found in China containing malicious chips.)

In the months after the discovery of the hacked servers, AWS detected short communications bursts between the attackers and the sabotaged servers but didn’t see any data being removed.  That could have been because the attackers were keeping the chips quiet for a later operation-- or that they hackers had already infiltrated the networks before the monitoring began.

As for Apple, one of the three senior insiders says that in the summer of 2015, a few weeks after it identified the malicious chips, the company started removing all Supermicro servers from its data centers,  According to the insider all 7,000 Supermicro servers were replaced in a matter of weeks.

Apple denies that any servers were removed.

In 2016, Apple informed Supermicro that it was severing their relationship entirely—a decision a spokesman for Apple ascribed to an unrelated and relatively minor security incident.

That August, Supermicro’s CEO revealed that the company had lost two major customers. Although he didn’t name them, one was later identified in news reports as Apple.


In late September 2015, President Barack Obama and Chinese President Xi Jinping appeared together at the White House for an hourlong press conference headlined by a landmark deal on cybersecurity. After months of negotiations, the U.S. had extracted from China a grand promise: It would no longer support the theft by hackers of U.S. intellectual property to benefit Chinese companies. Left out of those pronouncements, according to a person familiar with discussions among senior officials across the U.S. government, was the White House’s deep concern that China was willing to offer this concession because it was already developing far more advanced forms of hacking--based on its astonishing coup in hacking the most powerful servers in the CIA and Defense Department.

In the weeks after the agreement was announced, the U.S. government quietly raised the alarm with several dozen tech executives at an invitation-only meeting in McLean, Va., organized by the Pentagon. According to someone who was present, Defense Department officials briefed attendees on a recent attack and asked them to think about creating commercial products that could detect hardware implants. Attendees weren’t told the name of the hardware maker involved, but it was clear to at least some in the room that it was Supermicro, the person says.

The problem under discussion wasn’t just technological. It spoke to decisions made decades ago to send advanced production work to Southeast Asia. In the intervening years, many of America's best-known companies had outsourced most of their electronics manufacturing to low-cost Chinese companies.  For example, in 1992 Apple closed a state-of-the-art plant for motherboard and computer assembly in Fremont, Calif., and sent much of that work overseas.

Over the decades, and despite repeated warnings by Western officials, executives at the outsourcing companies never questioned the security of their Chinese suppliers, claiming China wouldn't risk the huge national income as supplier to huge American companies by hacking the products it made.

Companies were left with the choice of either making products at slightly higher costs--cutting profits--or staying with Chinese sources and taking the risk of hardware hacks.  As one U.S. official put it, every U.S. company has chosen the second option.

In the three years since the briefing in McLean, no commercially viable way to detect attacks like the one on Supermicro’s motherboards has emerged—or has looked likely to emerge. Few companies have the resources of Apple and Amazon, and it took some luck even for them to spot the problem.

Update:  A day after the Bloomberg report was published, the Department of Homeland Security issued its own curiously worded "denial:"  "We have no reason to doubt the denials issued by the companies referred to in the report."