Bloomberg's China Chips Matters

    cybersecurity | Secure | Security | Cloud Security | Sécurité Cloud | Sécurité | Bloomberg | The big hack - Posted on 10/09/2018 by Nicolas EYRAUD

    Bloomberg BusinessWeek, a major news media, has published on October 4, 2018 an article about a major hack on industrial production platforms:

    https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

    According to Bloomberg, foreign third parties have implanted tiny chips on Super Micro motherboards for Data Centers from nearly 30 American companies, including Apple and Amazon. The chip, according to the report, was designed to allow Chinese secret services to access through a back door any private network of which its parent system was a part.

    The OUTSCALE Security Team and Top Management have been mobilized since the publication of this Bloomberg report to assess the risk for OUTSCALE. You will find regular updates on this page.

    Impact on OUTSCALE: None

    ...that we know for now.

    Due to the very few details provided in the article, we are unable to firmly say that we are not impacted.

    Foremost, in order to be worthy of our Client's trust, we ensure that we don't rely solely on our suppliers, whether it is for software or hardware.
    We have numerous security concerns that we apply through our product's life cycles, as rewarded by our multiple certifications ( https://en.outscale.com/certificate ).

    Moreover, none of our Security Measures have ever detected suspicious traffic along the lines of what has been described in the article.

    Finally, we reached out to our National Agency in order to signal our concern and ask for any information they might have.

    Suppliers

    We have asked our suppliers for information about this matter, and their answer has been negative.

    No, none of our hardware is subject to this micro-chip injection. Both their Quality and Suppliers assessments limit the risks.
    And should we realize that they are, we will do our best, using our inventories as support, to decommission or isolate vulnerable components.

    Detection Measures

    Whether it is from logical or hardware sensors, from local or networks systems, in hot or cold analysis, we have not been able to identify a network stream linked with chips.

    We will keep looking into it with caution and will, as usual, do everything to contain any suspicious networking detected.

    Continuous Security Watch

    We are continuously looking at the latest security news and will keep looking for any changes in the matter.

    As previously said, we are connected to multiple other companies, including National Agencies, and are also paying close attention to their updates.

    Conclusion

    At the moment, OUTSCALE has no proof of being impacted, nor have we identified any vector allowing us to be right now.
    We do our best to keep the best level of trust you deserve, and this includes keeping you updated.

    Author: Nicolas EYRAUD

    Avant tout passionné, d'informatique et de musique, c'est dans cette première que Nicolas EYRAUD a dédié son début de carrière. Partagé entre le développement logiciel et l'administration système, c'est la sécurité informatique qui l'intéresse, l'amenant à finir ses études de master en Cyber-Défense. Ceci fait, Nicolas EYRAUD décide de se professionnaliser et rejoint Outscale en 2016 pour finalement prendre le lead de l'equipe SOC fin 2017.

    Comments