A year after Amazon sold off its Chinese servers, a new report places the blame upon a Chinese government spy program.
TechCrunch alleges that last year’s move by Amazon to offload its server presence in China is not due to an exit from the Chinese marketplace as previously speculated. Rather, Bloomberg reports reveal that a vital link in the computer manufacturing supply chain has been compromised by Chinese corporate espionage, leaving Amazon — and many other American companies — vulnerable to cyber-attack.
Bloomburg asserts that the physical motherboards of the servers were compromised during construction, where malicious microchips created by a Chinese military unit were introduced into the motherboards without Amazon’s knowledge. These microchips are about the size of a pencil lead, and once activated, allow the server’s operating system to be altered.
These compromised motherboards were then sold to SuperMicro, an American startup company. SuperMicro then used these parts to construct servers for Elemental, a software company which dealt primarily with video compression.
Elemental was eventually acquired by Amazon, but not before doing direct business with the United States government.
According to Bloomberg, “Its technology had helped stream the Olympic Games online, communicate with the International Space Station, and funnel drone footage to the Central Intelligence Agency.”
If these allegations are true, it implies that Amazon knew of the compromised servers, but decided to quietly deal with the matter internally.
A public acknowledgement of victimization from cyber-attacks could hurt their public image, along with possibly leaving themselves open to public outrage or even class action from customers angry over the exposure of their personal data.
However, the alternative implies turning a blind eye to the possibility that their company may have unknowingly aided in international espionage.
Amazon denies the veracity of Bloomberg’s claims, including both the existence of and the knowledge of malicious spy hardware embedded into their servers. “As we shared with Bloomberg BusinessWeek multiple times over the last couple months, this is untrue,” reads a recent statement from Amazon. “At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems. Nor have we engaged in an investigation with the government.”
The American government backs Amazon to deny the hack, but doing otherwise reveals vulnerabilities our government would not be wise to admit to. Tensions are rising as the current administration pushes the Chinese government to do business on a level playing field. We anticipate more discoveries of this nature in coming months.