Bloomberg is resurrecting the story of the Super Micro spy chip that ran for the first time in 2018. The original story was met with widespread and unequivocal denials from everyone from Apple to the NSA, and the media company was severely condemned for failing to provide evidence. support or withdraw claim. Today, it’s doubling.
Today’s update states that spy chips were found on Super Micro servers in the U.S. Department of Defense …
Background
See how we reported the original story in October 2018.
Bloomberg today published a report stating that companies like Amazon and Apple found Chinese surveillance chips in their Super Micro contracted server hardware. Bloomberg claims that Apple found these chips on its server motherboards in 2015. Apple is vehemently refuting this report, sending statements to the press for various publications, not just Bloomberg.
In a statement to CNBC, Apple said, “We are deeply disappointed that, in their dealings with us, Bloomberg reporters did not open up to the possibility that they or their sources were wrong or misinformed.”
History’s denials were swift and overwhelming. Apple said it fully investigated the allegations and later provided unofficial details of that investigation. At the time, I explained the five reasons why I believed in Apple, with four more coming up to make it clear that the Cupertino company was telling the truth.
It wasn’t just Apple denying the claim. The Department of Homeland Security did the same. One of Bloomberg’s sources told them that the story made no sense. The NSA added its denial. In-depth analysis found that the claims were impossible. A Super Micro audit found no spy chips.
History of the Super Micro spy chip, take two
Bloomberg today published a new report that initially appears to be a completely new story.
In 2010, the United States Department of Defense found thousands of its computer servers sending military network data to China – the result of hidden code on chips that controlled the machine’s startup process.
In 2014, Intel Corp. found that a group of elite Chinese hackers breached its network through a single server that downloaded malware from a vendor’s update site.
And in 2015, the Federal Bureau of Investigation warned several companies that Chinese operatives hid an extra chip loaded with backdoor code on a manufacturer’s servers.
Each of these separate attacks had two things in common: China and Super Micro Computer Inc., a manufacturer of computer hardware in San Jose, California.
Super Micro again denied the report.
In response to detailed questions, Supermicro said that “it has never been contacted by the United States government, or by any of our customers, about these alleged investigations”. The company said Bloomberg has assembled “a mixture of disparate and inaccurate claims” that “draws far-reaching conclusions”. Federal agencies, including those described in this article as conducting investigations, still buy products from Supermicro, the company said.
You have to enter the article before you refer to the original report.
Bloomberg Businessweek first reported on China’s meddling with Supermicro products in October 2018, in an article that focused on malicious chip accounts added to server motherboards in 2015. This story said that Apple and Amazon discovered the chips in the equipment they had purchased. Supermicro, Apple and Amazon have publicly asked for a retraction. US government officials have also contested the article.
With additional reports, it is now clear that the Businessweek report captured only part of a larger chain of events in which American officials first suspected, then investigated, monitored and attempted to manage China’s repeated handling of Supermicro products.
As previously, most sources are anonymous, but some are said to have been informed of the allegations, although without any firsthand knowledge.
“In early 2018, two security companies that I advise were informed by the FBI’s counterintelligence division that was investigating this discovery of malicious chips added to Supermicro’s motherboards,” said Mike Janke, former Navy SEAL who co-founded DataTribe , a venture capital firm. “These two companies were later involved in the government investigation, where they used advanced hardware forensic analysis on the adulterated supermicro cards to validate the existence of the malicious chips added” […]
“That was spying on the council itself,” said Mukul Kumar, who said he received one of these warnings during a non-confidential briefing in 2015, when he was the head of security for Altera Corp., a chip designer in San Jose. “There was a chip on the board that shouldn’t be there and that called home – not for Supermicro, but for China” […[
Mike Quinn, a cybersecurity executive who served in senior roles at Cisco Systems Inc. and Microsoft Corp., said he was briefed about added chips on Supermicro motherboards by officials from the U.S. Air Force. Quinn was working for a company that was a potential bidder for Air Force contracts, and the officials wanted to ensure that any work would not include Supermicro equipment, he said.
Bloomberg acknowledges the US government denials of its original coverage, and says that the NSA remains befuddled by the claims.
After Bloomberg reported on the added-chip threat in October 2018, officials for the U.S. Department of Homeland Security, the FBI, the Office of the Director of National Intelligence and the NSA made public statements either discounting the report’s validity or saying they had no knowledge of the attack as described. The NSA said at the time it was “befuddled” by Bloomberg’s report and was unable to corroborate it; the agency said last month that it stands by those comments.
You might want to ensure a decent supply of popcorn for the next few days.
Photo by Laura Ockel on Unsplash
FTC: We use income earning auto affiliate links. More.
Check out 9to5Mac on YouTube for more Apple news: