The DEFCON Warning System™

Ongoing GeoIntel and Analysis in the theater of nuclear war.  DEFCON Level assessment issued for public notification.  Established 1984.

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

In 2015, Amazon.com Inc. began quietly evaluating a startup called Elemental Technologies, a potential acquisition to help with a major expansion of its streaming video service, known today as Amazon Prime Video. Based in Portland, Ore., Elemental made software for compressing massive video files and formatting them for different devices. Its technology had helped stream the Olympic Games online, communicate with the International Space Station, and funnel drone footage to the Central Intelligence Agency. Elemental’s national security contracts weren’t the main reason for the proposed acquisition, but they fit nicely with Amazon’s government businesses, such as the highly secure cloud that Amazon Web Services (AWS) was building for the CIA.

To help with due diligence, AWS, which was overseeing the prospective acquisition, hired a third-party company to scrutinize Elemental’s security, according to one person familiar with the process. The first pass uncovered troubling issues, prompting AWS to take a closer look at Elemental’s main product: the expensive servers that customers installed in their networks to handle the video compression. These servers were assembled for Elemental by Super Micro Computer Inc., a San Jose-based company (commonly known as Supermicro) that’s also one of the world’s biggest suppliers of server motherboards, the fiberglass-mounted clusters of chips and capacitors that act as the neurons of data centers large and small. In late spring of 2015, Elemental’s staff boxed up several servers and sent them to Ontario, Canada, for the third-party security company to test, the person says.

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.

Read more at Bloomberg

Ongoing Geointel and Analysis in the theater of nuclear war.

© 2024 The DEFCON Warning System. Established 1984.

The DEFCON Warning System is a private intelligence organization which has monitored and assessed nuclear threats by national entities since 1984. It is not affiliated with any government agency and does not represent the alert status of any military branch. The public should make their own evaluations and not rely on the DEFCON Warning System for any strategic planning. At all times, citizens are urged to learn what steps to take in the event of a nuclear attack.