The servers are designed in the US by an American company called Super Micro, and do not include the chip in their designs. It is thought the chip must have been added in China, during the manufacturing process for the servers. The chip is an example of a “hardware hack” where hardware is modified to perform functions that wasn’t originally intended in the design. It is suspected the purpose of the chip is to spy on American companies and their users.

The lengthy publication by Bloomberg reports that Apple and Amazon were among those companies affected, but both companies refute the claim. An Apple spokesperson told Bloomberg that they had no history of finding malicious chips or hardware manipulations in any of its servers. Apple no longer used Super Micro servers after ending their contract with them in 2016.

Amazon also disputes the claims about their servers containing malicious chips and says they have not worked with the FBI to investigate malicious hardware within the company. Super Micro join Apple and Amazon in denying the claims about its servers.

In response to the allegations, China’s Ministry of Foreign Affairs released a statement saying “China is a resolute defender of cybersecurity. It advocates for the international community to work together on tackling cybersecurity threats through dialogue on the basis of mutual respect, equality and mutual benefit. Supply chain safety in cyberspace is an issue of common concern, and China is also a victim. China, Russia, and other member states of the Shanghai Cooperation Organization proposed an “International code of conduct for information security” to the United Nations as early as 2011. It included a pledge to ensure the supply chain security of information and communications technology products and services, in order to prevent other states from using their advantages in resources and technologies to undermine the interest of other countries. We hope parties make less gratuitous accusations and suspicions but conduct more constructive talk and collaboration so that we can work together in building a peaceful, safe, open, cooperative and orderly cyberspace.

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post Chinese Spying Chips Found Hidden on US companies’ servers appeared first on Hack Ware News.

Since the malware’s creation it has been involved in large scale and disruptive distributed denial of service attacks (DDoS), the biggest of which being the September attack on security Journalist Brian Kreb’s website, and also the October 2016 Dyn cyberattack.

The Dyn cyberattack made headlines because of the sheer amount of services that were affected, and the high-profile names whose security you’d expect to be tighter. Services affected by the attack included Amazon, Ancestry.com, Comcast, Fox News, GitHub, CNN, Twitter, Visa, Starbucks, Reddit, and many more huge names. In total it’s estimated that the damages exceeded $100m.

Now while taking down those huge websites garnered them negative attention that would have likely put finding the authors under a spotlight, it was attacking Brian Kreb’s website that cost them their privacy. After the attack on his website, Brian made it his personal mission to track down the perpetrators and bring them to justice.

Brian Kreb outed the three men, Paras Jha (22), Dalton Norman (21) and Josian White (20). Jha and his co-conspirators had begun creating the malware in 2016 and at a later date monetized it by renting it out to other criminals.  So Brian had succeeded in outing the hackers, but what about justice?

This is where the case takes a surprising turn. The 3 men plead guilty to the charges, and it was expected that they would receive the maximum sentence of a $250,000 fine and 5 years prison time. However, the FBI asked for an 85% reduction in their sentence. This lead to them receiving 5 years of probation and 2500 hours of community service. They were also ordered to pay $127,000 in damages and volunteer cryptocurrency they made through the endeavour.

By cooperating with a reduced sentence, law enforcement will benefit from insider hacker knowledge of these types of attacks which will make them better equipped when dealing with future attacks.

The post Mirai botnet authors: From criminals to FBI agents appeared first on Hack Ware News.