Tech Companies have ardently denied Bloomberg’s declaration that China’s Super Micro gave them hardware loaded with spy chips, but that isn’t stopping all sorts of accusations from pouring in.
Bloomberg claims has obtained documents from security researcher Yossi Appleboum that reportedly show evidence of an unnamed major US telecom finding “modified hardware” from Super Micro in its network.
According to Appleboum, there were “several remarkable exchange of communications” from a server that led the telecom to find an implant hidden in the server’s Ethernet jack. The researcher determined that the server had been modified at a factory in Guangzhou after conducting an inspection.
Other tech companies were also victimized by China modifying hardware for surveillance, the security researcher said. If any company is affected, though, it might not be easy to get an answer.
These tech giants have all denied being affected, with AT&T and Sprint explicitly stating that they don’t use Super Micro hardware. Cable provider CenturyLink has denied being the subject of the story, and Engadget has learned that Comcast also isn’t involved. We’ve asked Charter for comment and will let you know if it responds.
Bloomberg has continued to stand by its reporting and sources. However, the story might not go much further than this. On top of the adamant corporate denials, both the Department of Homeland Security and the UK’s National Security Centre have backed the companies by tentatively supporting their claims.
Simply put, there don’t appear to be any parties who take the assertions seriously enough to launch an investigation. However, the thought of cyber-espionage, identity-theft and a full-blown hacking attack is not something you can just dismiss.
As is typical journalistic practice, we reached out to many people who are subject matter experts to help us understand and describe technical aspects of the possible cyber-attack. The specific ways the implant worked were described, confirmed, and elaborated on by our primary sources who have direct knowledge of the compromised Supermicro hardware.
Meanwhile, Tech giants Apple and Amazon is refuting the Bloomberg report, saying it’s inaccurate.
During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.
This attack was something graver than the software-based incidents the world has grown accustomed to seeing. Hardware hacks are more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get.