In 2015, Amazon.com Inc. began quietly evaluating a startup called Elemental Technologies, a potential acquisition to help with a major expansion of its streaming video service, known today as Amazon Prime Video. Based in Portland, Ore., Elemental made software for compressing massive video files and formatting them for different devices. Its technology had helped stream the Olympic Games online, communicate with the International Space Station, and funnel drone footage to the Central Intelligence Agency. Elemental’s national security contracts weren’t the main reason for the proposed acquisition, but they fit nicely with Amazon’s government businesses, such as the highly secure cloud that Amazon Web Services (AWS) was building for the CIA.
To help with due diligence, AWS, which was overseeing the prospective acquisition, hired a third-party company to scrutinize Elemental’s security, according to one person familiar with the process. The first pass uncovered troubling issues, prompting AWS to take a closer look at Elemental’s main product: the expensive servers that customers installed in their networks to handle the video compression. These servers were assembled for Elemental by Super Micro Computer Inc., a San Jose-based company (commonly known as Supermicro) that’s also one of the world’s biggest suppliers of server motherboards, the fiberglass-mounted clusters of chips and capacitors that act as the neurons of data centers large and small. In late spring of 2015, Elemental’s staff boxed up several servers and sent them to Ontario, Canada, for the third-party security company to test, the person says, Bloomberg reports.
NEW COVER: The Big Hack
— Businessweek (@BW) October 4, 2018
According to the Thursday report, the chips were hidden on server motherboards being sold by the San Jose-based company Supermicro, during the manufacturing process in China. They were disguised as another type of component known as a signal conditioning coupler.
The hardware implants were apparently first discovered by security testers doing due diligence on the systems of a video-compression firm called Elemental, ahead of its takeover by Amazon. That reportedly sparked a three-year probe that is still ongoing.
The servers apparently made their way into everything from Defense Department data centers and CIA drone operations to companies such Apple, insiders from which told the publication that malicious chips were found on Supermicro motherboards in 2015—the same year when Amazon’s retained security experts found them.
Amazon also found altered motherboards on Supermicro-build servers in its Chinese Amazon Web Services operations.
China and Amazon deny the allegations, however, Bloomberg claimed its reportage was based on interviews with 17 people, including six current and former senior national security officials, two people inside Amazon Web Services, and three Apple insiders.
According to the report, intelligence specifically warned the White House in 2014 that China’s military was planning to install the chips on Supermicro motherboards —the FBI held back from issuing a public warning.
Chris “Badger” Thomas is a Veteran who served our country as an Army Combat Medic.