Last week, the Washington Post published an article about a Bloomberg Businessweek report claiming China has inserted spying chips into US motherboards. Nearly every day since, the story has updated with more information and the players strongly speaking out against the claims.
The heart of the story is Bloomberg’s claim that while computer hardware was in assembled in China, workers secretly inserted microchips into the servers for the purpose of spying. These servers were to be used by large technology companies in the US, including Apple and Amazon and even US military clients.
The spy chips are tiny and so harmless looking they are unnoticeable, and would be very hard to spot even by someone intentionally looking for them. A US company called SuperMicro in San Jose is the manufacturer of the servers. They have their motherboards assembled in China.
The article describes in detail that the sabotage efforts went on for years and affected hundreds of server motherboards as they were assembled in China. No one knows the full extent, but it's stated that a top-secret investigation involving the FBI has been going on since 2015 and still continues. Bloomberg cited 17 anonymous sources for the story, including industry insiders and current and former US officials. Some of those officials have waffled between expressing certainty and uncertainty about the stated facts and they aren’t speaking on the record.
Companies who are speaking on the record, vehemently, are Apple and Amazon. Both strongly deny these claims. Apple said they’ve conducted their own investigations and provided facts to Bloomberg that they say refute their claims. Amazon also says Bloomberg has made many misstatements. SuperMicro also has denied that their motherboards have been tampered with. On the other side, some have vouched for Bloomberg’s diligence in gathering information on this reporting.
The Bloomberg report says Apple and Amazon discovered the surveillance chips in 2015 and replaced the servers. The report also said dozens of companies could have been using the servers before the sabotage was discovered.
But Apple claims they never found spy chips or other vulnerabilities on their servers. They also claim they’ve been unaware of any investigation by the FBI or law enforcement. Amazon’s denials are equally strong, including that they’ve never found any issues with malicious chips on SuperMicro motherboards or on Amazon systems. SuperMicro has also issued statements denying any knowledge of an investigation or that they have found or been alerted to the finding of any surveillance chips in their equipment.
New information continues to emerge. Another report from Bloomberg relayed new evidence this week that China’s sabotage continues, saying that a major US telecom company found compromised hardware from SuperMicro in its network and removed it in August. The details of this situation differ from last week’s report but there are similarities. Both sabotaging efforts aim to spy on data in computer networks where the servers are installed, and both stories say the motherboards were compromised by a SuperMicro subcontractor in China.
Details will continue to come forward in the coming days and weeks. Hopefully the FBI and other US agencies will be forthcoming with what they know to shed light on the situation. Apple and Amazon’s strong denials have to be taken into account, but we also can't ignore the information uncovered by the Bloomberg report.
Of course, we would hope Apple and Amazon are correct that their equipment has not been compromised. The ramifications otherwise are horrific. Tensions are already high and growing between the US and China and this adds to the mix. Despite the two countries being intertwined economically, this is not the first time China has been suspected of spying or cyberhacking the US. This kind of sneaky activity has been suspected before and is entirely within the realm of possibility. At the very least, we can hope this report keeps the US and American manufacturers on their toes and their guard up at every step.
Sources:
