The cyber security world was shaken this week by a Bloomberg expose, ‘The Big Hack, How China Used a Tiny Chip to Infiltrate U.S. Companies.’
“The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.”
According to the article, a routine due diligence security check of Elemental, a company Amazon was considering for acquisition, revealed a tiny chip installed on the servers used to power its video compression. This company’s assembler of the motherboards containing the chip was Supermicro, based in San Jose. Turns out Supermicro had lots of customers and an investigation was launched. “One official says investigators found that it eventually affected almost 30 companies, including a major bank, government contractors, and the world’s most valuable company, Apple Inc. Apple was an important Supermicro customer and had planned to order more than 30,000 of its servers in two years for a new global network of data centers.”
China denied all this.
And that wouldn’t be unusual, except for another article that tried to confirm the Bloomberg story that also came out this week. This follow up story included vigorous denials from the companies cited in the Bloomberg piece that any of that had happened.
“On Monday, Apple also doubled down, with a new strong denial sent to multiple Congressional committees. The company sent a letter refuting the first story, published in Bloomberg’s Businessweek, which said China had planted hardware backdoors onto motherboards made by a company called SuperMicro used by multiple US companies, including Apple and Amazon.
The letter is the strongest signal yet from a growing array of government agencies, companies, and technical experts who are calling the Bloomberg story into doubt. (The new story does not directly address these denials.)”
Hard to tell what really happened. Interesting times.