China used tiny chips on U.S. computers to steal secrets
Oct 05 2018
That one-time event was determined to be accidental and not a targeted attack against Apple. None of those servers has ever been found to hold malicious chips. We know that security is an endless race and that's why we constantly fortify our systems against increasingly sophisticated hackers and cybercriminals who want to steal our data. We also want them to know that what Bloomberg is reporting about Apple is inaccurate.
The story reported that malicious chips were planted by a unit of the Chinese People's Liberation Army, which infiltrated the supply chain of computer hardware maker Super Micro Computer Inc. The spies' objective was to be able to gain access to "high-value corporate secrets and sensitive government networks", the report said.
The article detailed a sweeping, yearslong effort to install the surveillance chips in servers whose motherboards - the brains of the powerful computers - were assembled in China. The report has attracted strenuous denials from Amazon, Apple, and Super Micro.
Bloomberg, citing multiple sources, said the infiltration was first discovered in 2015 and confirmed by independent investigators before a full investigation was launched my multiple US government agencies. USA investigators, including the Federal Bureau of Investigation, declined to comment.
"We are not aware of any customer dropping Super Micro as a supplier for this type of issue".
A representative for Supermicro at its European headquarters in the Netherlands said the company was unable to provide an immediate comment.
The Bloomberg report was based on reports from 17 unnamed people, including three "Apple insiders", six current and former USA national security officials, two people inside Amazon Web Services, and six unidentified sources.
As you might expect, Apple has denied the incident.
A three-year investigation by US government officials found that servers assembled for startup Elemental Technologies by San Jose-based company Supermicro reportedly contained tiny microchips "inserted at factories run by manufacturing subcontractors in China", Bloomberg reported.
But Apple pointed Business Insider to the statement it sent Bloomberg, which said it has "never found malicious chips, "hardware manipulations" or vulnerabilities purposely planted in any server". It's also untrue that AWS knew about servers containing malicious chips or modifications in data centers based in China, or that AWS worked with the FBI to investigate or provide data about malicious hardware.
Apple denied the account, saying it had investigated the claims.
There have been heightened concerns about foreign intelligence agencies infiltrating American and other companies through so-called "supply chain attacks", particularly from China where several high-tech firms outsource their manufacturing, according to Reuters.