The allegation that a significant number of the world’s computer servers are compromised with a hardware hack has sent the IT community into meltdown, with claims, counter claims and denials issued daily.
If the article published in Bloomberg Businessweek proves to be true, it will cause the world to re-evaluate the whole subject of cybersecurity. If it proves to be false it will still have undermined the global supply chain of the electronics industry.
There is no doubt that data (in)security is a growing concern. According to the latest figures from security expert Gemalto, data breaches compromised 4.5 billion records in first half of 2018 – up a staggering 133% on the same period last year.
But the hardware hack alleged by Bloomberg is another thing entirely.
The story reports that in late 2015 a security company was investigating computer servers manufactured by Elemental Technologies. And when the investigators came to look closely at the motherboards, they found a device that was not in the original design. On further investigation this additional chip was found to a device that would allow an attacker to create a stealth doorway into any network to which the server was attached.
The servers were assembled for Elemental by Super Micro Computer, a US company that is also one of the world’s biggest suppliers of server motherboards, which are subcontract manufactured in China.
What makes the discovery all the more worrying is that servers like those investigated were in use in some very sensitive applications, and these involved US governmental organisations as well as tech giants Apple and Amazon. In total, the investigators concluded that 30 US companies has been compromised.
Bloomberg claims the top-secret investigation is still ongoing to find the source of the rogue hardware. Since the story has broken, Apple and Amazon have denied everything.
According to the Reuters news agency, the publication of the Bloomberg report coincides with the increasing concerns of about foreign intelligence agencies infiltrating US government agencies and private companies via so-called "supply chain attacks". That it should happen during an escalating trade war between the USA and China is perhaps too much of a coincidence.
However, if hardware hacking is prevalent it would bear out the words of noted US cybersecurity authority William Yaeck in a recent address to the NSW Business Chamber: “Today, you cannot catch all the bad stuff… so have very good response plans in place.”
Industry Update will publish a special feature on computer security in November 2018.