Recent Chinese Hardware Hack Emphasizes Network Segmentation’s Importance

With most of the world’s hardware manufactured in China, it was perhaps a matter of time before Chinese hackers exploited hardware to spy on government organizations. According to Bloomberg, this week marked the announcement of a hardware vulnerability implanted by Chinese hackers that infiltrated the hardware of almost 30 U.S. companies, many of them major like Apple and Amazon. Thankfully, Network Access Control (NAC) and a Software Defined Perimeter (SDP) can help automatically isolate and segment end-points and services to prevent lateral spread in attacks like this.

Chinese Hackers’ Microchip Insertion

Super Micro Computer Inc., one of the biggest suppliers of server motherboards in the world, had microchips about the size of a grain of rice inserted in its hardware that enabled Chinese hackers to create a backdoor that allowed the hackers onto the hardware’s networks according to Bloomberg.

An investigation of Elemental Technologies’ security revealed the breach. Elemental Technology’s software compresses and formats large video files. It accomplishes this with Super Micro Computer Inc.’s servers which were subject to the vulnerable microchips.

According to anonymous government officials interviewed by Bloomberg Businessweek, the breach began when a Chinese military unit designed and created the microchips which were inserted at the factories that supplied Super Micro Computer Inc.’s server motherboards. These servers were then inserted and installed inside data centers.

The Aftermath

According to Bloomberg, Apple and Amazon identified the vulnerability back in 2015 and the companies’ servers are no longer affected, but the effects of this vulnerability are still unfolding. The organizations affected include those with contracts with organizations like the CIA and others that deal with highly classified information. No consumer data is known to have been stolen at this time, but Bloomberg Business reports that one official stated China’s goal was to access corporate secrets and sensitive government networks.

The 2015 agreement between the US and China stating that neither countries’ governments will intentionally conduct or support the cyber theft of the commercial sector’s intellectual property may have been influenced by this security breach. Yet, even if both countries hold to this agreement, there may be other sources who would exploit similar methods in the future. This has already helped lead to computer and networking hardware focused trade sanctions against China.

The full effects will become clearer as more information emerges.

What This Means for Organizations like Yours

While no consumer data is known to have been stolen in this instance, this type of attack opens the door for exploitation of similar methods to steal intellectual property, something China has a documented history of taking from US businesses. The 2017 IP Trade Commission Report states that China is the world’s most frequent infringer of intellectual property rights and accounts for 87 percent of counterfeit goods that enter the US from abroad. These counterfeit goods are often a result of intellectual property theft. The report estimates the cost of intellectual property theft on the US economy is between $225 billion and $600 billion. Trade secrets are estimated to make up somewhere between $180 billion and $50 billion of that total.

Something that set this attack apart is its use of hardware inserted during manufacturing. Most cyber attacks are software based, showing the need to investigate cyber security breaches from every angle. With so much money at stake, the need for organizations to remain alert to possible vulnerabilities is clear.

How NAC and SDP Can Help

While there’s still much more to be learned in this particular case, applying the automated capabilities of a NAC or SDP solution can help stop the lateral spread of exploits that, once implanted, spread East-West within a network. NAC solutions can automatically place devices in separate VLANs or put finer grain controls in place to prevent traffic from targeting critical resources. For example, IoT devices (many of which are manufactured in China) can be automatically recognized as IoT devices and placed in their own VLAN. Meanwhile, SDP, and its ability to create a “Segment of One” (just the end-point effectively tunneled directly to the service) can help isolate the back-end services and the traffic flowing to/from them.

Impulse offers both a NAC solution and an SDP solution that can help segment off devices that may be targeted. To request a demo or learn more, visit our product demo page.

Comments are closed.

Impulse acquired by OPSWAT  |  December 12, 2019  | Press Release