In the original story the Bloomberg authors, Jordan Robertson and Michael Riley, quote
Joe Grand, a hardware hacker and the founder of Grand Idea Studio Inc. as saying: “Having a well-done, nation-state-level hardware implant surface would be like witnessing a unicorn jumping over a rainbow. Hardware is just so far off the radar, it’s almost treated like black magic.” Yet this does not deter the Bloomberg authors from claiming this is what happened.
The authors claim:But that’s just what U.S. investigators found: The chips had been inserted during the manufacturing process, two officials say, by operatives from a unit of the People’s Liberation Army. In Supermicro, China’s spies appear to have found a perfect conduit for what U.S. officials now describe as the most significant supply chain attack known to have been carried out against American companies.
One official says investigators found that it eventually affected almost 30 companies, including a major bank, government contractors, and the world’s most valuable company, Apple Inc. Apple was an important Supermicro customer and had planned to order more than 30,000 of its servers in two years for a new global network of data centers. Three senior insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards. Apple severed ties with Supermicro the following year, for what it described as unrelated reasons
Apple denies the Bloomberg claim
Cook claimed: “This did not happen. There’s no truth to this " After the Bloomberg report was issued
Apple released a statement that picked the story apart and denied each individual claim the statement said: “On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server." Shortly after that the Apple vice president of information security wrote to the US Congress to directly deny the allegations.
Cook told Buzzfeed that he had been involved in the response from the beginning in correspondence with Bloomberg. He claimed that Apple made it clear to them that what they alleged did not happen and had answered all their questions. Cook also claimed that each time they brought the issue up the story changed and each time the company investigated they found nothing.
Other sources are critical of the reports as well
The report has also been criticized by US intelligence chiefs and cybersecurity experts. No malicious chips have been discovered. There has been no new evidence come to light and none of the many sources Bloomberg claims the report is based upon have acknowledged that they are part of the investigation. Indeed, one of the few named sources said in a podcast that the claims did not make sense.
A recent article in the Digital Journal notes that the The UK National Cyber Security Centre claimed it had no knowledge of the investigation. The article contains as well denials by others such as Amazon who were said to have been affected by the Chinese actions.
The original article claimed that 17 unnamed intelligence and company sources reported that Chinese spies had placed the computer chips inside equipment used by about 30 companies and numerous government agencies. Yet none of these agencies have identified themselves and no companies have claimed that they have found the chips.
However, Bloomberg stands by the story even though it has damaged the reputation of the Chinese suppliers as well as those of the giant US companies using the Chinese equipment. Perhaps Bloomberg is being used to spread fake news to further convince US companies not to use Chinese produced products. So far Bloomberg has avoided being sued.
On the appended video an expert claims a chip on a motherboard would be a very amateurish hack.
No comments:
Post a Comment