In 2015, Amazon Inc., and specifically Amazon Web Services (AWS) became interested in a company called Elemental Technologies. The company, which offers a software to compress large video files, was seen as a nice potential acquisition by Amazon (Robertson & Riley, 2018).
As any self-respecting tech giant would do, Amazon hired a third-party to assess the security of the processes at Elemental, who found something very concerning. The motherboards of the servers that Elemental’s customers had to install to process the video compressing had a tiny inconspicuous microchip on them that was not part of the original design. Amongst Elemental’s customers were big companies such as Apple, but also U.S. governmental agencies, such as the department of defense, and the CIA. These chips allowed whoever was behind it to create a stealth doorway into the network to which the servers were connected (Robertson & Riley, 2018).
As the motherboards could be backtracked to factories in China, Investigations determined that that the microchips were “seeded” onto the motherboards during manufacturing before being shipped off to the server producer. The scheme was supposedly set up by a unit within the Chinese army, who went as far as threatening plant managers to get them to cooperate (Robertson & Riley, 2018).
This tale presents an example of a dilemma that plagues tech manufacturers and is the result of decisions made long ago already. At some point, tech companies decided to move hardware production to East Asia, predominantly because production was cheaper, and production capacity was greater. Although companies were warned about the potential security impact this can have on the supply chain, the belief remained that China would not want to risk production leaving the country again and could be trusted. Now, the dilemma has become whether to have less, but more secure supply, or have more, but less secure supply. With still increasing demand for tech hardware, companies have accepted the second half of the dilemma as the world they’ll live in (Robertson & Riley, 2018).
Curiously, or maybe not, every party supposedly involved in the story described above denies any involvement. This includes Amazon, who deny having any knowledge of the servers with malicious chips, and Apple, who even came out with a statement saying they never found any malicious chips on their servers (Apple, 2018). Are they just trying to keep the elaborate hardware hack from the public, or did Bloomberg somehow make up a very intricate story, that if untrue, would be very damaging to the parties involved and would undermine their trustworthiness as a news source (Whittaker, 2018). Bloomberg still stands by its story, but others remain sceptic of its truthfulness (Gallagher, 2019; Purcher, 2021)
Sources:
Apple (2018, October 4). What Businessweek got wrong about Apple. Retrieved from: https://www.apple.com/newsroom/2018/10/what-businessweek-got-wrong-about-apple/
Gallagher, W. (2019, October 4). Editorial: A year later, Bloomberg silently stands by its ‘Big Hack’ iCloud spy chip story. Retrieved from: https://appleinsider.com/articles/19/10/04/editorial-a-year-later-bloomberg-silently-stands-by-its-big-hack-icloud-spy-chip-story
Purcher, J. (2021, February 12). Bloomberg Revisits their 2018 Story titled ‘The Big Hack’ in an updated report titles ‘The Long Hack: How China Exploited a U.S. Tech Supplier’. Retrieved from: https://www.patentlyapple.com/patently-apple/2021/02/bloomberg-revisits-their-2018-story-titled-the-big-hack-in-an-updated-report-titled-the-long-hack-how-china-exploited-a-u.html
Robertson, J. & Riley, M. (2018, October 4). The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies. Retrieved from: https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
Whittaker, Z. (2018, October 4). Bloomberg’s spy chip story reveals the murky world of national security reporting. Retrieved from: https://techcrunch.com/2018/10/04/bloomberg-spy-chip-murky-world-national-security-reporting/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAADDmCD4mjfBd8beDAW5s9ae8Q95z_zvydKDXni16xD1g9YBp1MhBiOLFdcCQcRlqmBhP7o8KSA5AkUjlx6cCsoweDDi0-DoLbczB1gdL5l_3BoLoJeIe8UypaQrsabf2jiHL_Pln42J09pJHZe3VtwRaqFyP0g0ICzBrG0CfEMm0
