What’s on the Inside Can Be as Dangerous as What’s on the Outside

by | Network Security

According to recent reports, the Chinese Army purportedly inserted chips into the supply chain for 30 US businesses. These chips, if the allegations are true, provide hackers a connection into the back-end infrastructure where they can steal information and credentials, exploiting a critical weakness in most data monitoring. With that they could leverage those systems to compromise others, or even to launch attacks.

As was outlined in a Bloomberg Business article, by Jordan Robertson and Michael Riley:

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community.

Investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.

While this supply-chain vulnerability is scary, we were warned for years about the danger inherent in outsourcing all our manufacturing. Analysts are still missing a major issue: we have blind spots in our monitoring.

Why was this only discovered as part of a due-diligence exercise for a potential acquisition? These chips must use standard Internet protocols to communicate back to their controllers. Their attempts to connect home or exfiltrate information should have been blocked and set off alarms immediately.

Their attempts to connect home or exfiltrate information should have been blocked and set off alarms immediately.

Traditional network security approaches trust machines on the inside to connect out. Firewalls generally block incoming traffic. Even the few companies that block outbound traffic with firewalls do not alert on that. That is why hackers can stay undetected inside organizations for about 200 days.

HOPZERO has a different approach. We start with the servers and limit how far data can be transmitted. Each server gets a custom limit, or limits, for each protocol. Any attempt to breach those limits is blocked, triggering an alert. This approach would have spotted these attacks immediately and rendered them impotent.

The report says 30 companies were identified as targets, but that is just the tip of the iceberg. Now an attack has been demonstrated, it will get cheaper and easier to deploy. We can expect many more attempts, but they can be stopped with the right tools.

Regardless of whether reports of the China chip hack are true, the question now is whether we are going to step up our security to face these attacks. Or wait for the next exploitation before we are motivated to change our ways.

Keeping Data on a Short Leash to Avoid Breaches

Even the best-trained dogs have leashes while in public. Despite how much one trusts their dog to act obediently, it simply is not possible to know what kind of situations one might encounter while on a walk—maybe an enticing squirrel? A loud noise?...

HOPZERO Selected as “EMA Vendor to Watch”

Enterprise Management Associates (EMA) is a leading voice in the information security industry. With its dedication to in-depth research — and unrivaled analysis — the EMA is an important resource for data management and IT professionals...

Ben Haley is the senior vice president of Engineering and co-founder of HOPZERO. During his over 30 years’ experience in software engineering, Ben has led network and application efforts for high performance, reliability, and security programs at multiple firms. As founding development director for NetQoS/CA Technologies, Ben led all development work and formed a research team to review performance and security anomalies. Most recently, he served as a lead architect for several key projects at MaxPoint (now Valassis), a leading digital marketing technology company.