Chinese Military at Center of Massive US Server Hack

Yin Gang/Xinhua via ZUMA

Fight disinformation: Sign up for the free Mother Jones Daily newsletter and follow the news that matters.

Bloomberg reports today that the world’s largest maker of motherboards for computer servers was hacked several years ago by the Chinese military. But this was no ordinary software hack. This was a hack straight at the source: chips installed on the board that opened up the boot process to malicious penetration:

The chips on Elemental servers were designed to be as inconspicuous as possible….Gray or off-white in color, they looked more like signal conditioning couplers, another common motherboard component, than microchips, and so they were unlikely to be detectable without specialized equipment. Depending on the board model, the chips varied slightly in size, suggesting that the attackers had supplied different factories with different batches.

Officials familiar with the investigation say the primary role of implants such as these is to open doors that other attackers can go through. “Hardware attacks are about access,” as one former senior official puts it. In simplified terms, the implants on Supermicro hardware manipulated the core operating instructions that tell the server what to do as data move across a motherboard, two people familiar with the chips’ operation say. This happened at a crucial moment, as small bits of the operating system were being stored in the board’s temporary memory en route to the server’s central processor, the CPU. The implant was placed on the board in a way that allowed it to effectively edit this information queue, injecting its own code or altering the order of the instructions the CPU was meant to follow. Deviously small changes could create disastrous effects.

So how did the Chinese manage to get away with this?

As the agents monitored interactions among Chinese officials, motherboard manufacturers, and middlemen, they glimpsed how the seeding process worked. In some cases, plant managers were approached by people who claimed to represent Supermicro or who held positions suggesting a connection to the government. The middlemen would request changes to the motherboards’ original designs, initially offering bribes in conjunction with their unusual requests. If that didn’t work, they threatened factory managers with inspections that could shut down their plants. Once arrangements were in place, the middlemen would organize delivery of the chips to the factories.

The investigators concluded that this intricate scheme was the work of a People’s Liberation Army unit specializing in hardware attacks, according to two people briefed on its activities. The existence of this group has never been revealed before, but one official says, “We’ve been tracking these guys for longer than we’d like to admit.” The unit is believed to focus on high-priority targets, including advanced commercial technology and the computers of rival militaries. In past attacks, it targeted the designs for high-performance computer chips and computing systems of large U.S. internet providers.

Interestingly, US intelligence agencies apparently got little cooperation from the victims of these operations. Companies like Apple and Amazon don’t want even a hint of being hacked to become public, so they clam up and then quietly ditch all the suspect equipment when it’s convenient.

This is your latest installment of Spy vs. Spy. But not the last, I’m sure.

FOLLOW THE MONEY

Corporations and billionaires don’t fund journalism like ours that exists to shake things up. Instead, support from readers allows Mother Jones to call it like it is without fear, favor, or false equivalence.

And right now, a longtime friend of Mother Jones has pledged an incredibly generous gift to inspire—and double—giving from online readers. That's huge! Because you can see that our fall fundraising drive is well behind the $325,000 we need to raise. So if you agree that in-depth, fiercely independent journalism matters right now, please support our work and help us raise the money it takes to keep Mother Jones charging hard. Your gift, and all online donations up to $94,000 total, will be matched and go twice as far—but only until the November 9 deadline.

$400,000 to go: Please help us pick up the pace!

payment methods

FOLLOW THE MONEY

Corporations and billionaires don’t fund journalism like ours that exists to shake things up. Instead, support from readers allows Mother Jones to call it like it is without fear, favor, or false equivalence.

And right now, a longtime friend of Mother Jones has pledged an incredibly generous gift to inspire—and double—giving from online readers. That's huge! Because you can see that our fall fundraising drive is well behind the $325,000 we need to raise. So if you agree that in-depth, fiercely independent journalism matters right now, please support our work and help us raise the money it takes to keep Mother Jones charging hard. Your gift, and all online donations up $94,000 total, will be matched and go twice as far—but only until the November 9 deadline.

$400,000 to go: Please help us pick up the pace!

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate