Evidence of Chinese spy chips found on United States telecoms giant's server

  • Evidence of Chinese spy chips found on United States telecoms giant's server

Evidence of Chinese spy chips found on United States telecoms giant's server

Now Bloomberg has responded with a new report, stating that a major USA telecom company has similarly been infected by compromised hardware from Supermicro.

Reports of manufacturing shenanigans have continued this week with Sepio Systems' co-CEO, Yossi Appleboum, providing further proof of hacked motherboards used in servers, this time at an unnamed United States telecommunications company.

Supermicro, naturally, continues to deny the outlet's claims, reiterating that it has 'no knowledge of any unauthorised components and have not been informed by any customer that any such components have been found, ' accusing Bloomberg of providing only limited information, no documentation, and only half a day to investigate and respond to its report prior to publication - an accusation Bloomberg refutes, claiming it provided a full 24 hours.

Supermicro, which denied the earlier report, said it's seen no evidence of unauthorized components in its products.

The Supermicro backdoor reported Tuesday was also the result of malicious hardware secretly implanted during its manufacture. "If these servers are widespread within the telecom provider, it could be a risk assessment on their part", wherein the affected company would have to remove the implant or take down the server entirely. What's more, "the alterations were found to have been made at the factory as the motherboard was being produced by a Supermicro subcontractor in China".

From inspecting the device Appleboum figured out that it got onto the server's Ethernet port from being modified at the factory where it was manufactured. Guangzhou is 90 miles upstream from Shenzhen, dubbed the "Silicon Valley of Hardware", and home to giants such as Tencent Holdings Ltd. and Huawei Technologies Co. Ltd.

The tampered hardware was found in a facility that had large numbers of Supermicro servers, and the telecommunication company's technicians couldn't answer what kind of data was pulsing through the infected one, said Appleboum, who accompanied them for a visual inspection of the machine. "Joe FitzPatrick was not one of these 17 individual primary sources that included company insiders and government officials, and his direct quote in the story describes a hypothetical example of how a hardware attack might play out, as the story makes clear". An FBI spokeswoman declined to comment on whether it was aware of the finding. Bloomberg could be accurately reporting an intelligence misinformation campaign. Apple and Amazon-both of which typically provide short and vague statements to reporters-offered extremely detailed and vociferous denials.

Bloomberg used the report to push back against a statement from the US Department of Homeland Security (DHS) in which it said it had "no reason to doubt" denials of its spy-chip original story.

Besides the denials, critics have also complained that last week's article was based exclusively on anonymous sources who couldn't be adequately scrutinized.

While supply-chain threats emanating from China are certainly a concern, Joyce said, "what I can't find are any ties to the claims that are in the article". While it names a single source, some security experts quickly challenged the credibility of the report. "Calling BS on this one as well".

That expert opinion is however contradicted by other security experts who have noted that such an attack is theoretically possible, albeit very hard to pull off. "That's the problem with the Chinese supply chain", he said.

That latest piece comes after one of the experts in the original story gave an interview in which he expressed his concern about the finished piece and questioned whether Bloomberg had done sufficient fact checking before publishing.