Cyber attack using microchips is the latest tactic for state-sponsored Chinese hackers

The report states that the People's Liberation Army of China has been developing an ingenious way of hacking into US establishments using hardware trojans


We keep coming across reports of State-sanctioned hacking attacks quite regularly. It follows a pattern. The hack is discovered, the affected parties try to contain it, tell the people affected (in most cases after the damage has already been done) and then it's an accusation game as to who was involved (if the hackers themselves don't come forward).

But on 4 October, a Bloomberg Businessweek investigative story detailed a unique of a kind hack attack that may have affected not only US tech companies but also some US government and security establishments.

According to the Bloomberg report, hackers associated with the People's Liberation Army of China have been developing an ingenious way of hacking into US establishments using hardware trojans. A tiny piece of hardware, a microchip, not bigger than a grain of rice or the tip of a sharpened pencil, was embedded in motherboards, which would be used in critical servers inside popular US establishment data centres. Some of the names of companies that have come out include Amazon and Apple, both of whom have denied any sort of data compromise at its server locations.

Cyber attack using microchips is the latest tactic for state-sponsored Chinese hackers

Servers inside a Google data centre. Image: Google

Bloomberg Businessweek cited 17 unnamed intelligence and company sources as saying that Chinese spies had placed computer chips inside equipment used by around 30 companies, as well as multiple US government agencies, which would give Beijing secret access to internal networks. These sources also included six current and former national security officials, sources from Amazon AWS business department as well as Apple insiders.

Amazon, in a statement published by Bloomberg, said, “We’ve found no evidence to support claims of malicious chips or hardware modifications.”

Apple said it had refuted “virtually every aspect” of the story in on-record responses to Bloomberg. “Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server,” the company said.

The attack is said to have begun in 2014 and extended to 2015 by when it was discovered by affected companies.

The hardware chip would be able to connect to outside computers via the servers and then trigger certain commands which would allow for more malware to be introduced on the hardware. The malware-laden microchip installed on the server would infect the machine every time the server booted up. According to one of the reporters who was part of the investigation, the target wasn't just US consumer data, but "long-term access to corporate intellectual property and sensitive government networks."

You can read the detailed investigative report here.

But this isn't really the first time that hackers associated with China have come in the limelight and been accused of cyber attacks.

Let us look at some incidents from the recent past, where Chinese hackers have been accused of State-approved hacking.

Cybersecurity

Cybersecurity

August 2018: Recently a report sent to the National Security Council Secretariat (NSCS) and other security agencies under MEITY said that most of the attacks on Indian websites come from China, US and Russia. "The cyber attacks from China made up 35 percent of the total number of cyber attacks on official Indian websites, followed by US (17 percent), Russia (15 percent), Pakistan (9 percent), Canada (7 percent) and Germany (5 percent)," said the report.

June 2018: A sophisticated hacking campaign launched from computers in China burrowed deeply into satellite operators, defence contractors and telecommunications companies in the United States and southeast Asia, security researchers at Symantec Corp said on Tuesday. Symantec said the effort appeared to be driven by national espionage goals, such as the interception of military and civilian communications.

February 2017: Chinese hackers tried to penetrate computers in the offices of the then National Security Adviser MK Narayanan according to reports. Narayanan said his office and other government departments were targeted on 15 Dec 2016, the same date that US defence, finance and technology companies, including Google, reported cyber attacks from China. "This was not the first instance of an attempt to hack into our computers," Narayanan told The Times in an interview, adding the would-be hackers sent an e-mail with a PDF attachment containing a Trojan virus.

May 2013: Australia's security organisation (ASIO) was targetted by Chinese hackers whereby blueprints of the new ASIO headquarters in Canberra were stolen in the cyber attack originating from a Chinese server. Other departments such as those of defence, prime minister's office, foreign affairs and more, were also breached.

February 2011: An attack on Canadian government targetting the Defence Research and Development Canada and trying to extract highly classified information pertaining to its finance and treasury departments was attributed to Chinese hackers.

October 2010: Reports emerged of Chinese hackers mounting attacks on Indian computer networks in the private and government spheres.

June 2010: Google servers in the US were attacked by hackers from China, which was considered to be politically motivated. The idea was to exploit security flaws in email attachments to sneak into networks of corporations from finance, defence and technology sectors.

There have been many more attacks. But you get the picture.

The only differentiating aspect of the hacking attack described in the Bloomberg report is that it is an unprecedented way of cyberwarfare, by actually infecting the hardware at the manufacturing facility level itself.