China Hacked SuperMicro Servers?
Last week, Bloomberg broke a story about how China hacked SuperMicro servers to spy on the USA. According to the story, they implanted tiny microchips on the motherboards to give them control. But is the story true? And what does it mean for us when we buy new equipment?
How and why China hacked SuperMicro servers.
According to Bloomberg’s story, a group associated with the People’s Liberation Army (PLA) in China made it happen. And all of it started in the supply chain. Although SuperMicro is a company based in the United States, Chinese companies build many of the components for their servers.
This is pretty common among many manufacturers. Though some US companies assemble and build components, nearly every manufacturer has some production in China. Because production is so much cheaper there, businesses are able to reduce costs.
This however supposedly played very well into the supposed PLA scheme. Knowing key businesses and perhaps even governments may use the SuperMicro systems, they planted chips on the motherboards in manufacturing. With these in place, they could spy on the activity on the servers.
Couldn’t you detect the chips easily with antivirus?
Actually, typical anti-virus can not check for things like this. They usually only look at the file system, and things like implanted hardware are considered trusted. This causes a similar issue as file-less malware, where the software has no malicious file to look for.
In cases like these, the issues are very hard to detect. File-less malware runs in system memory and isn’t easy to scan, and malware in chips can’t be scanned. This means methods such as these are great for spying and even for taking over systems.
So did this actually happen?
Currently, we don’t know. The companies that the Bloomberg article says have the issue deny it, as does the Department of Homeland Security. But it is theoretically possible, and something to take into thought. With so much production done in China, you need to take care who you order from.
Many other vulnerabilities ship from Chinese products due to carelessness or a desire for features. And since those products end up in so many other manufacturers products, it can be hard to track issues down. There ends up being a lot to monitor.
So what do you recommend?
Whether or not China hacked SuperMicro servers or other devices, there are plenty of best practices to help improve security in your business. Traffic monitoring should be a staple. You need to know what is going on with your network and if hackers are using a system against you.
Data theft prevention services should also be a mainstay of your network. You need to monitor key systems for any data leaving them suspiciously. And performing regular vulnerability assessments will also help improve security.
If you need help or consultation on any of this, you’ve come to the right place. Haider Consulting specializes in cyber security and can help you stay secure. Contact us today to keep your business safe!