Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Saturday, 4 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

IAITAM: Supermicro Microchip Hack Could Have Been Prevented If More Companies Followed Rules Like Apple.

by The Gurus
October 11, 2018
in News
IAITAM LOGO
Share on FacebookShare on Twitter

Could the insertion of grain-of-rice-sized microchips in servers headed for Amazon, Apple, other leading companies, the Department of Defence, Congress, and Homeland Security been detected and exposed earlier? Not only could this have happened, but it should have as a result of adhering to good Information Technology Asset Management (ITAM) procedures, according to the International Association of IT Asset Managers (IAITAM).

IAITAM noted that Apple alone appears to have applied at least some proper ITAM practices for equipment acquisition and detected problems with the Super Micro Computer Inc. (Supermicro) servers containing the tiny microchips installed for hacking and spying purposes. The fact that Apple spotted the issue in 2015 and stopped using Supermicro servers shows that ITAM procedures work … even in the case of a nearly microscopic flaw in the IT assets in question.

IAITAM President and CEO Barbara Rembiesa said: “Make no mistake about it: This was a preventable hack and Apple deserves credit for doing some things right here. The global supply chain is complex, but companies do not get a pass because of that when it comes to managing the IT assets that they use or sell to others. Companies need to follow proper Information Technology Asset Management practices to make sure that every piece of equipment is needed, configured and functioning as intended, and is monitored on a continuing basis after use starts. The Supermicro scandal shows that even the biggest companies and government agencies don’t do their homework when it comes to the handling of new IT equipment.”

Bloomberg was the first to report that unauthorised microchips have been inserted into motherboards bound for servers sold by California-based company Supermicro. According to the news account, the secret microchips are capable of altering server code, downloading software to get through passwords and other encryptions. Three years after the microchips were originally discovered in 2015 by Apple, no technology for consumers to detect the microchips has been invented. The microchips, which have been linked to Chinese interests, are meant to steal corporate secrets and breach government networks.

Rembiesa highlighted three notable moments on the Supermicro timeline:

Microchips Installed: Bloomberg reported that thieves visited the factories and threatened and bribed their way into getting the new microchips installed in the motherboards. It is unclear precisely when this hardware hack, commonly known as “seeding,” started. However, it was reported that Amazon was made aware of the problem in 2015 when the company hired a third-party to investigate the servers. The malicious chips were discovered and reported to the FBI.
Apple Reacts: Meanwhile, Apple began disposing of Supermicro servers around that time for an unrevealed reason. The company has disputed the Bloomberg account, but it does appear to have been alone in using ITAM measures to detect, isolate and end the problem in its own operation.
The Pentagon’s Summit: In September of 2015 the Pentagon organised and invited top technologists to a meeting in McLean, Virginia. Attendees were briefed on newly discovered hardware hacks. Supermicro’s name was not mentioned. However, it is assumed that the microchips on their servers were the reason why the summit was held.

Rembiesa noted: “Fortunately, there are breadcrumbs on this trail and they can be followed. Assuming proper documentation procedures have been followed, authorities should be able to use invoices, shipping manifests, and other documents to help with their missions. Proper documentation is a best practice of a well-run ITAM program.”

How could ITAM help prevent a Supermicro-like situation in the future?

ITAM involves a detailed process that focuses on optimal acquisitions of hardware, software, and any other IT asset an organization buys or leases. Stages of this acquisition process include justifying the purchase, managing negotiations with vendors and assembling vital documents, such as the terms and conditions, among others.

A key part of the process is the testing of the hardware or software. This stage determines whether the asset is appropriate and compatible. At some point during their relationship with Supermicro, Apple determined that the servers were inappropriate and incompatible. Apple’s ITAM staff identified Supermicro as a threat during the “testing” section of the process. They stopped buying from Supermicro and also returned the products already purchased.

Beyond the acquisition process, Rembiesa said that IT Asset Managers should be immediately consulted in a situation like this because of their use of discovery data within an organisation’s IT Asset Repository. This process helps IT Asset Managers identify exactly where hardware is located with an organisation, cutting down immensely on the time needed to find flawed or sabotaged pieces of equipment. The quicker the hardware is identified and then “unplugged” from an organisation’s environment, the less damage the sabotaged item or items can do.

ABOUT IAITAM
The International Association of Information Technology Asset Managers, Inc., is the professional association for individuals and organisations involved in any aspect of IT Asset Management, Software Asset Management (SAM), Hardware Asset Management, Mobile Asset Management, IT Asset Disposition and the lifecycle processes supporting IT Asset Management in organisations and industry across the globe. IAITAM certifications are the only IT Asset Management certifications that are recognised worldwide. For more information, visit www.iaitam.org, or the IAITAM mobile app on Google Play or the iTunes App Store.

[tpr-boilerplate company=’null’]

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Mimecast Launches Global Citizenship Program To Build Resilience In Communities.

Next Post

Nyotron Enters Into Strategic Partnership With Ingram Micro To Scale Business Operations Globally.

Recent News

london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information