Chinese Military at Center of Massive US Server Hack

Yin Gang/Xinhua via ZUMA

Fight disinformation: Sign up for the free Mother Jones Daily newsletter and follow the news that matters.

Bloomberg reports today that the world’s largest maker of motherboards for computer servers was hacked several years ago by the Chinese military. But this was no ordinary software hack. This was a hack straight at the source: chips installed on the board that opened up the boot process to malicious penetration:

The chips on Elemental servers were designed to be as inconspicuous as possible….Gray or off-white in color, they looked more like signal conditioning couplers, another common motherboard component, than microchips, and so they were unlikely to be detectable without specialized equipment. Depending on the board model, the chips varied slightly in size, suggesting that the attackers had supplied different factories with different batches.

Officials familiar with the investigation say the primary role of implants such as these is to open doors that other attackers can go through. “Hardware attacks are about access,” as one former senior official puts it. In simplified terms, the implants on Supermicro hardware manipulated the core operating instructions that tell the server what to do as data move across a motherboard, two people familiar with the chips’ operation say. This happened at a crucial moment, as small bits of the operating system were being stored in the board’s temporary memory en route to the server’s central processor, the CPU. The implant was placed on the board in a way that allowed it to effectively edit this information queue, injecting its own code or altering the order of the instructions the CPU was meant to follow. Deviously small changes could create disastrous effects.

So how did the Chinese manage to get away with this?

As the agents monitored interactions among Chinese officials, motherboard manufacturers, and middlemen, they glimpsed how the seeding process worked. In some cases, plant managers were approached by people who claimed to represent Supermicro or who held positions suggesting a connection to the government. The middlemen would request changes to the motherboards’ original designs, initially offering bribes in conjunction with their unusual requests. If that didn’t work, they threatened factory managers with inspections that could shut down their plants. Once arrangements were in place, the middlemen would organize delivery of the chips to the factories.

The investigators concluded that this intricate scheme was the work of a People’s Liberation Army unit specializing in hardware attacks, according to two people briefed on its activities. The existence of this group has never been revealed before, but one official says, “We’ve been tracking these guys for longer than we’d like to admit.” The unit is believed to focus on high-priority targets, including advanced commercial technology and the computers of rival militaries. In past attacks, it targeted the designs for high-performance computer chips and computing systems of large U.S. internet providers.

Interestingly, US intelligence agencies apparently got little cooperation from the victims of these operations. Companies like Apple and Amazon don’t want even a hint of being hacked to become public, so they clam up and then quietly ditch all the suspect equipment when it’s convenient.

This is your latest installment of Spy vs. Spy. But not the last, I’m sure.

WE CAME UP SHORT.

We just wrapped up a shorter-than-normal, urgent-as-ever fundraising drive and we came up about $45,000 short of our $300,000 goal.

That means we're going to have upwards of $350,000, maybe more, to raise in online donations between now and June 30, when our fiscal year ends and we have to get to break-even. And even though there's zero cushion to miss the mark, we won't be all that in your face about our fundraising again until June.

So we urgently need this specific ask, what you're reading right now, to start bringing in more donations than it ever has. The reality, for these next few months and next few years, is that we have to start finding ways to grow our online supporter base in a big way—and we're optimistic we can keep making real headway by being real with you about this.

Because the bottom line: Corporations and powerful people with deep pockets will never sustain the type of journalism Mother Jones exists to do. The only investors who won’t let independent, investigative journalism down are the people who actually care about its future—you.

And we hope you might consider pitching in before moving on to whatever it is you're about to do next. We really need to see if we'll be able to raise more with this real estate on a daily basis than we have been, so we're hoping to see a promising start.

payment methods

WE CAME UP SHORT.

We just wrapped up a shorter-than-normal, urgent-as-ever fundraising drive and we came up about $45,000 short of our $300,000 goal.

That means we're going to have upwards of $350,000, maybe more, to raise in online donations between now and June 30, when our fiscal year ends and we have to get to break-even. And even though there's zero cushion to miss the mark, we won't be all that in your face about our fundraising again until June.

So we urgently need this specific ask, what you're reading right now, to start bringing in more donations than it ever has. The reality, for these next few months and next few years, is that we have to start finding ways to grow our online supporter base in a big way—and we're optimistic we can keep making real headway by being real with you about this.

Because the bottom line: Corporations and powerful people with deep pockets will never sustain the type of journalism Mother Jones exists to do. The only investors who won’t let independent, investigative journalism down are the people who actually care about its future—you.

And we hope you might consider pitching in before moving on to whatever it is you're about to do next. We really need to see if we'll be able to raise more with this real estate on a daily basis than we have been, so we're hoping to see a promising start.

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate