Fraud, whether a petty crime or an international spy caper, rely on need, opportunity, and rationalization in order to succeed. The following case of fraud, potentially huge in scope and intent may at first seem innocuous (and we are being told it is nothing), but the implications are huge. The Tiny Chips That Spy
News broke in early October 2018, that spying microchips were implanted in numerous servers used by huge American companies including Amazon and Apple. The culprits who did this were identified as Chinese hackers. In addition to the two companies named above, up to 30 other companies may be affected.
According to Bloomberg Businessweek who did the investigation said that this case of hacking is “the most significant known supply chain attack ever against U.S. companies.” Though no consumer data was breached (just a very small comfort), the potential attack on the U.S. corporate infrastructure could have been potentially devastating.
How it happened
It is not news that the Chinese, Russians and North Koreans have been involved in numerous cases of hacking and online theft. This particular case raised the bar to a new and troubling level in that microchips were directly implanted, providing hackers with a steady stream of information,
The microchips were tracked to small firms in China that produce a motherboard for an American company, Super Micro. The company is based in San Jose. It was reported by Bloomberg Businessweek, that individuals affiliated with the People’s Liberation Army bribed or somehow tricked executives at the subcontractors to change motherboard designs to enable the “spy chips” to be implanted in the boards which were then placed in the servers. This was one of the first steps in the unethical fraud. Someone saw the opportunity to bribe, and someone had the need to take the money being offered.
The second possibility of unethical behavior is that Apple and Amazon discovered the “spy chips” in their servers as long ago as 2015. However, both organizations (and presumably up to 30 others) have insisted that the chips were simply a “manufacturing mistake.” While we might allow their statement to that effect if somewhere along the line an honest switch occurred, it doesn’t ring true as to how or why the motherboards were altered or why it took bribes to install them. Given that information, it seems strange then, that Apple cut its ties with Super Micro in 2016.
Apple has officially stated:
“As we shared with Bloomberg BusinessWeek multiple times over the last couple months, at no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in Super Micro motherboards in any Elemental or Amazon systems.”
That said…
Bloomberg BusinessWeek doesn’t agree, and neither do any top security agencies:
“During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.”
Ethically, we have to wonder if the strong denials on the part of Apple (and presumably Amazon) aren’t a matter of saying: “We don’t want to admit that the inserted chips could have caused a major breach. Instead, we’ll just call them a mistake in manufacturing.”
A position of that type might call the third element of fraud into place: rationalization.
The rationalization that the chips were a mistake rather than a major breach also contradicts other findings. Again, from the Bloomberg article:
“Well before evidence of the attack surfaced inside the networks of U.S. companies, American intelligence sources were reporting that China’s spies had plans to introduce malicious microchips into the supply chain. The sources weren’t specific…but in the first half of 2014, a different person briefed on high-level discussions says, intelligence officials went to the White House with something more concrete: China’s military was preparing to insert the chips into Supermicro motherboards bound for U.S. companies.”
The discovery of the malicious chips inside thousands of servers may have happened by mistake, but it appears as though the insertion of those chips, through a possible string of bribes was not. The Tiny Chips That Spy
Someone here is a master of rationalization.