from the world's big
China implanted tiny spy chips in servers used by Amazon, Apple
A new report from Bloomberg describes how Chinese subcontractors secretly inserted microchips into servers that wound up in data centers used by nearly 30 American companies.
- A 2015 security test of a server sold by an American company found that someone in the supply chain had successfully embedded a tiny microchip on a motherboard.
- The company that manufactured the compromised motherboard provides servers to hundreds of international clients, including NASA and the Department of Homeland Security.
- U.S. officials linked the hardware attack to a People's Liberation Army unit, though it's unclear what, if anything, hackers have done or to what they have access.
The Chinese military was able to implant tiny malicious microchips on servers that made their way into data centers used by nearly 30 American companies, including Amazon and Apple, according to a new report from Bloomberg.
It's a wide-reaching and potentially ongoing attack that likely gave Chinese actors unprecedented access to sensitive data belonging to American companies, consumers, government agencies and one major bank.
The Bloomberg report describes how, in 2015, Amazon Web Services had approached a startup called Elemental Technologies to help with the expansion of its streaming video service, Amazon Prime Video. During a security test of the servers Elemental Technology sold as part of its video-compression product line, testers discovered a rice-grain-sized microchip implanted inconspicuously on one of the server's motherboards. The microchip wasn't part of the original hardware design, so its existence could only mean one thing: Someone at some point in the supply chain had surreptitiously embedded the chip.
Americans officials, some of whom had already heard whispers of China's plans to sabotage motherboards headed for the U.S., opened a top-secret and ongoing probe.
Hardware vs. software attacks
The size of the implanted microchip.
It's hard to overstate how ideal it is, from the perspective of a hacker, to successfully conduct a hardware attack, which differs from a software attack in that it alters the physical components of a computer and not just its code. Joe Grand, a hardware hacker and the founder of Grand Idea Studio Inc., put it like this to Bloomberg:
"Having a well-done, nation-state-level hardware implant surface would be like witnessing a unicorn jumping over a rainbow," he said. "Hardware is just so far off the radar, it's almost treated like black magic."
Even though the hidden microchips are tiny and hold small amounts of code, they pose outsized danger because hackers working from other computers can talk to the microchips and use them to gain access to networks and manipulate a server's operating instructions, all without alerting security systems. But one downside to hardware attacks is that they leave behind a paper trail.
Tracing the attack
The servers sold by Elemental Technologies were assembled by Super Micro Inc., or Supermicro, the world's leading supplier of server motherboards whose customers include NASA and the Department of Homeland Security. Supermicro is based in California but most of its motherboards are manufactured by contractors in China.
American officials traced the supply chain of the compromised motherboards and identified four Chinese subcontractors that had been building Supermicro motherboards for two years. After monitoring the subcontractors, the officials found that the microchips had been ordered, by bribe or threats, to be implanted on the motherboards by a specialized People's Liberation Army unit.
"We've been tracking these guys for longer than we'd like to admit," one official told Bloomberg.
American companies deny knowledge of the attack
Amazon, Apple and Supermicro have all denied knowledge of the attack or of the investigation.
"It's untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental," Amazon wrote. Apple said that it's "never found malicious chips, 'hardware manipulations' or vulnerabilities purposely planted in any server." And, perhaps unsurprisingly, the Chinese government didn't acknowledge the attack, stating that "Supply chain safety in cyberspace is an issue of common concern, and China is also a victim."
Despite the denials, 17 U.S. intelligence officials and company insiders, all of whom remain anonymous, confirmed the attacks to Bloomberg. Read the full report here.
Join us at 2 pm ET tomorrow!
Construction of the $500 billion dollar tech city-state of the future is moving ahead.
- The futuristic megacity Neom is being built in Saudi Arabia.
- The city will be fully automated, leading in health, education and quality of life.
- It will feature an artificial moon, cloud seeding, robotic gladiators and flying taxis.
The Red Sea area where Neom will be built:
Saudi Arabia Plans Futuristic City, "Neom" (Full Promotional Video)<span style="display:block;position:relative;padding-top:56.25%;" class="rm-shortcode" data-rm-shortcode-id="c646d528d230c1bf66c75422bc4ccf6f"><iframe type="lazy-iframe" data-runner-src="https://www.youtube.com/embed/N53DzL3_BHA?rel=0" width="100%" height="auto" frameborder="0" scrolling="no" style="position:absolute;top:0;left:0;width:100%;height:100%;"></iframe></span>
Coronavirus layoffs are a glimpse into our automated future. We need to build better education opportunities now so Americans can find work in the economy of tomorrow.
- Outplacement is an underperforming $5 billion dollar industry. A new non-profit coalition by SkillUp intends to disrupt it.
- More and more Americans will be laid off in years to come due to automation. Those people need to reorient their career paths and reskill in a way that protects their long-term livelihood.
- SkillUp brings together technology and service providers, education and training providers, hiring employers, worker outreach, and philanthropies to help people land in-demand jobs in high-growth industries.
Source: McKinsey Global Institute analysis [PDF]<p>Work in understanding the skills at the heart of the new digital economy is leading to novel assessments that allow individuals to prove mastery to faithfully represent their abilities—but also to give weight and stackability to the emerging ecosystem of micro-credentials that make education more seamless across time and education providers. And we are seeing the beginnings of a renewal in the liberal arts, focused on building human skills in affordable ways that are accessible to many more individuals and far more effective.</p><p>Amidst these dark times, there is much opportunity to refresh the nation's education and training solutions to support the success of individuals and society writ large.</p>
Do we really know what we want in a romantic partner? If so, do our desires actually mean we match up with people who suit them?
- Two separate scientific studies suggest that our "ideals" don't really match what we look for in a romantic partner.
- Results of studies like these can change the way we date, especially in the online world.
- "You say you want these three attributes and you like the people who possess these attributes. But the story doesn't end there," says Paul Eastwick, co-author of the study and professor in the UC Davis Department of Psychology.
Do we really know what we want in love or are we just guessing?<span style="display:block;position:relative;padding-top:56.25%;" class="rm-shortcode" data-rm-shortcode-id="204859156383d358652fda6f7eadda0f"><iframe type="lazy-iframe" data-runner-src="https://www.youtube.com/embed/vQgfx2iYlso?rel=0" width="100%" height="auto" frameborder="0" scrolling="no" style="position:absolute;top:0;left:0;width:100%;height:100%;"></iframe></span><p>More than 700 participants selected their top three qualities in a romantic partner (things like funny, attractive, inquisitive, kind, etc). They then reported their romantic desire for a series of people they knew personally. Some were blind date partners, others were romantic partners and some were simply platonic friends.</p><p>While participants did experience more romantic desire to the extent that these personal connections of theirs (people they knew) had the qualities they listed, there was more to the study. </p><p>Paul Eastwick, co-author and professor in the UC Davis Department of Psychology <a href="https://medicalxpress.com/news/2020-07-romantic-partner-random-stranger.html" target="_blank">explains</a>: "You say you want these three attributes and you like the people who possess these attributes. But the story doesn't end there." </p><p>The participants also considered the extent to which their personal acquaintances possessed three attributes nominated by some other random person in the study. For example, if Kris listed "down-to-earth", intelligent and thoughtful as her own top three attributes, Vanessa also experienced more desire for people with those specific traits. </p>
Does what we want really match up with what we find?<img type="lazy-image" data-runner-src="https://assets.rebelmouse.io/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy8yMzQ0NDA4Ni9vcmlnaW4uanBnIiwiZXhwaXJlc19hdCI6MTU5NjM3NzY5OX0.gdUo-UbjYhKUDOL39BDZseRynbwaK2H5dfJtbV0nw8Y/img.jpg?width=980" id="ff376" class="rm-shortcode" data-rm-shortcode-id="7c1e3a1bb9d576872ef5dce39b2e8e80" data-rm-shortcode-name="rebelmouse-image" alt="illustration of a man and woman matching on a dating app" />
What we claim to want and what we look for may be two separate things...
Image by GoodStudio on Shutterstock<p>So the question became: are we really listing what we want in an ideal partner or are we just listing vague qualities that people typically consider as positive?</p><p>"So in the end, we want partners who have positive qualities," Sparks explained, "but the qualities you specifically list do not actually have special predictive power for you." </p><p>In other words, the idea that we find certain things attractive in a person does not mean we actively seek out people who have those qualities, despite saying it's what we want in a love interest. The authors of this study suggest these findings could have implications for the way we approach online dating in the digital age. </p><p>This isn't the first study of its kind to suggest that what we find in love isn't really what we were looking for. The evidence suggests that we really are consistent in the abstract of it all: when asked to evaluate what you want on paper, you are more likely to suggest overall attractiveness in accordance with what you've stated are important ideals to you. But real life isn't so similar. </p><p>According to <a href="https://www.psychologytoday.com/us/blog/meet-catch-and-keep/201506/when-it-comes-love-do-you-really-know-what-you-want" target="_blank">Psychology Today,</a> who covered a 2015 study with similar results, initial face-to-face encounters have very little effect on our romantic desire. "When we initially meet someone, our level of romantic interest in the person is independent of our standards."</p><p>While you might have no immediate interest in John, he may fit your criteria of being kind, loyal, and intelligent. Similarly, someone may be attracted to Elaine even though she doesn't have any of the qualities they originally said were important to them. </p><p><strong>What does this all mean? </strong></p><p>The authors of both the 2015 and 2020 studies say the same thing: give someone a chance before writing them off as a poor match. If your initial attraction is independent of the standards you've set out, the qualities which you've listed as important to you, the first time you meet someone may not give you enough information to make an informed decision.</p><p>"It's really easy to spend time hunting around online for someone who seems to match your ideals," said Sparks, "But our research suggests an alternative approach: Don't be too picky ahead of time about whether a partner matches your ideals on paper. Or, even better, let your friends pick your dates for you." </p>