Bloomberg is reviving the Super Micro spy chip story that it first published in 2018. claim. Today it doubles.
Today’s update claims that spy chips have been found in US Department of Defense Super Micro servers …
Background
Here’s how we reported the original story in October 2018.
Bloomberg released a report today claiming that companies, including Amazon and Apple, have found Chinese surveillance chips in their server hardware contracted by Super Micro. Bloomberg claims that Apple found these chips on its server motherboards in 2015. Apple vigorously refutes this report and sends press statements to various publications, not just Bloomberg.
In a statement to CNBC, Apple said, “We are deeply disappointed that Bloomberg reporters in their dealings with us are not open to the possibility that they or their sources are wrong or misinformed.”
The story’s denials were swift and overwhelming. Apple said it had fully investigated the claims and later provided off-the-record details of that investigation. At the time, I explained the five reasons why I believed Apple, and four more reasons emerged to make it abundantly clear that the Cupertino company was telling the truth.
It wasn’t just Apple that denied the claim. The Department of Homeland Security did the same. One of Bloomberg’s sources told them that the story made no sense. The NSA added its denial. An in-depth analysis revealed that the claims were impossible. A Super Micro audit found no spy chips.
Super Micro spy chip story, take two
Bloomberg released a new report today that reads at first as if it were a completely new story.
In 2010, the United States Department of Defense discovered that thousands of computer servers were sending military network data to China – the result of code hidden in chips that handled the machine’s boot process.
In 2014, Intel Corp. that a Chinese elite hacker group entered its network through a single server that downloaded malware from a vendor’s update site.
And in 2015, the Federal Bureau of Investigation warned multiple companies that Chinese agents had an additional backdoor code chip hidden in a manufacturer’s servers.
Each of these different attacks had two things in common: China and Super Micro Computer Inc., a computer hardware manufacturer in San Jose, California.
Super Micro has again denied the report.
In response to detailed inquiries, Supermicro said it has “never been contacted by the US government or any of our customers about these alleged studies.” The company said Bloomberg had amassed “a mishmash of disparate and inaccurate allegations” that “draws far-fetched conclusions.” Federal agencies, including those described in this article as conducting studies, are still purchasing Supermicro products, the company said.
You must go into the piece before it refers to the original report.
Bloomberg Businessweek first reported on China’s involvement with Supermicro products in October 2018, in an article focusing on accounts of added malicious chips found on server motherboards in 2015. That story said Apple and Amazon discovered the chips on equipment they bought. Supermicro, Apple and Amazon publicly called for a repeal. US government officials also contested the article.
With additional reporting, it is now clear that the Businessweek report captured only part of a larger chain of events in which US officials first suspected, then investigated, monitored, and attempted to manage the repeated manipulation of Supermicro’s products by China.
As before, most of the sources are anonymous, but a few are cited because they have been told about the claims, but without any first-hand knowledge.
“In early 2018, two security companies I advise were informed by the FBI’s counterintelligence division investigating this discovery of added malicious chips on Supermicro motherboards,” said Mike Janke, a former Navy SEAL who co-founded DataTribe, a venture capital firm. “These two companies were then involved in the government investigation, where they used advanced hardware forensics on the actually cut Supermicro cards to validate the existence of the added malicious chips” […]
“This was espionage on the board itself,” said Mukul Kumar, who said he received such a warning during an unclassified briefing in 2015 when he was the chief security guard for Altera Corp., a chip designer in San Jose. “There was a chip on the board that wasn’t supposed to be there calling home – not to Supermicro but to China” […[
Mike Quinn, a cybersecurity executive who served in senior roles at Cisco Systems Inc. and Microsoft Corp., said he was briefed about added chips on Supermicro motherboards by officials from the U.S. Air Force. Quinn was working for a company that was a potential bidder for Air Force contracts, and the officials wanted to ensure that any work would not include Supermicro equipment, he said.
Bloomberg acknowledges the US government denials of its original coverage, and says that the NSA remains befuddled by the claims.
After Bloomberg reported on the added-chip threat in October 2018, officials for the U.S. Department of Homeland Security, the FBI, the Office of the Director of National Intelligence and the NSA made public statements either discounting the report’s validity or saying they had no knowledge of the attack as described. The NSA said at the time it was “befuddled” by Bloomberg’s report and was unable to corroborate it; the agency said last month that it stands by those comments.
You might want to ensure a decent supply of popcorn for the next few days.
Photo by Laura Ockel on Unsplash
FTC: We use income earning auto affiliate links. More.
Check out 9to5Mac on YouTube for more Apple news: