Supermicro Backup Server Used by Hillary Clinton Highlights Security Risks of China Supply Chain
A little-noticed detail in the FBI’s investigation files related to former U.S. Secretary of State Hillary Clinton’s email servers has highlighted the security risks inherent in today’s tech supply chain. Clinton’s use of private email servers during her 2009–2013 tenure raised the question of whether classified information was improperly stored or transmitted.
President Donald Trump has previously suggested on Twitter that Clinton’s emails were accessed by China. Several media also have cited anonymous sources that have said China had access to her emails. But the brand of the particular server Clinton used to back up her emails became a telling detail after Bloomberg’s explosive report published in October 2018 revealed that a malicious microchip was allegedly planted by Chinese spies into server motherboards manufactured in China.
In 2013, after Clinton left office, the IT service provider Clinton contracted to manage the email server, Platte River Networks (PRN), moved the server to a data center in Secaucus, New Jersey, called Equinix. There, PRN staff set up a backup system using Datto, a U.S. data backup company. Datto’s backup server took multiple snapshots a day of the main email server which were then deleted every 60 days. That Datto server was in turn manufactured by Supermicro, according to FBI files. Supermicro is the tech company at the center of Bloomberg’s story. Twitter user @Joestradamus91 was among the first to notice and publicize this detail.
Citing anonymous U.S. officials and tech company insiders, the Bloomberg report claimed that a Chinese military unit designed malicious microchips with backdoor access, and was able to secretly implant them at Chinese factories that supplied Supermicro with motherboards. Those compromised motherboards were then built into servers assembled at Supermicro. The U.S.-based company, founded by a Taiwanese businessman in 1993, is a popular vendor of choice among tech companies. It designs servers according to clients’ specifications, often offered at much cheaper prices than its competitors, according to Gary Miliefsky, a top cybersecurity expert and CEO of Cyber Defense Media Group. Most of Supermicro’s components are made in China.
Though Supermicro and its two clients mentioned in the Bloomberg article—Apple and Amazon—have all denied the allegations, cyber experts believe such attacks are plausible but difficult to trace and attribute to a culprit.
Yossi Appleboum, founder and CEO of cybersecurity firm Sepio Systems and a former Israeli intelligence officer, said in a previous interview with the Israeli edition of The Epoch Times that he had seen such hardware implants before, including in computer keyboards and printers. “In most cases, hardware manufacturers leave hardware connectors open on the motherboard, which enable access either to the processors or internet connections. This situation is like paradise to the attackers,” Appleboum said.
https://www.theepochtimes.com/supermicro-backup-server-used-by-hillary-clinton-highlights-security-risks-of-china-supply-chain_2847748.html
EXCLUSIVE: FBI Ignored Major Lead on Clinton Emails, Closed-Door Testimonies Suggest
https://www.theepochtimes.com/exclusive-fbi-ignored-major-lead-on-clinton-emails-closed-door-testimonies-suggest_2782019.html
FBI PDF
https://vault.fbi.gov/hillary-r.-clinton/Hillary%20R.%20Clinton%20Part%2010%20of%2030
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies