Neither US Or UK  Investigated Chinese Spy Chips

Uploaded on 2018-10-12 in NEWS-News Analysis, INTELLIGENCE--USA, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The US Department of Homeland Security (DHS) and the UK National Cyber Security Centre (NCSC) have denied investigating the presence of Chinese spy chips in Supermicro servers, as claimed by a bombshell report published recently by Bloomberg.

According to Bloomberg, the Chinese government planted tiny chips in Supermicro motherboards in an effort to spy on more than 30 organisations in the United States, including government agencies and tech giants such as Apple and Amazon.

The report, on which Bloomberg reporters have been working for the past year using information from 17 sources, claims that Chinese agents masquerading as government or Super Micro employees pressured or bribed managers at the Chinese factories where the motherboards are built.

Once the chips were planted, they would allow attackers to remotely access the compromised devices. Apple and Amazon allegedly discovered the malicious hardware implants and contacted the FBI.

While many experts agree that it is technically possible to create and plant spy chips such as the one described, Apple, Amazon and Super Micro have strongly denied the reports, and their statements have now been backed by the DHS and the NCSC.

“We are aware of the media reports but at this stage have no reason to doubt the detailed assessments made by AWS and Apple,” stated the NCSC. “The NCSC engages confidentially with security researchers and urges anybody with credible intelligence about these reports to contact us.”

The DHS also published a statement on Saturday saying it's aware of the media reports.

“Like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story,” the agency stated. “Information and communications technology supply chain security is core to DHS’s cybersecurity mission and we are committed to the security and integrity of the technology on which Americans and others around the world increasingly rely.”

No one has been able to independently confirm that the FBI has launched an investigation as a result of the discovery of spy chips, and a former Apple executive said the agency's representatives told him that they had never heard of this type of investigation.

Apple, Amazon and Super Micro have been contacted by Bloomberg several times while the article was being written, but they are not happy with the final result. While it's not uncommon for major companies to deny news reports, the statements issued by the tech giants named in the Bloomberg story stand out due to the fact that they are very detailed and attempt to show that the article is factually inaccurate.

“At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in Super Micro motherboards in any Elemental or Amazon systems. Nor have we engaged in an investigation with the government,” Amazon said.

“There are so many inaccuracies in ‎this article as it relates to Amazon that they’re hard to count.” Apple claims it's disappointed that Bloomberg reporters have not been open to the possibility that their sources might be misinformed or wrong.

“Despite numerous discussions across multiple teams and organizations, no one at Apple has ever heard of this investigation. Businessweek has refused to provide us with any information to track down the supposed proceedings or findings. Nor have they demonstrated any understanding of the standard procedures which were supposedly circumvented,” Apple said.

For its part, Super Micro also denied knowing anything about a government investigation.

“The manufacture of motherboards in China is not unique to Supermicro and is a standard industry practice. Nearly all systems providers use the same contract manufacturers. Supermicro qualifies and certifies every contract manufacturer and routinely inspects their facilities and processes closely,” it stated.

Security Week:

You Might Also Read: 

Get Serious About Hardware Cybersecurity:

 

« #PresidentialAlert: A US National Alert Test
Chinese Spy Extradited To Go On Trial »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IBackup

IBackup

IBackup is a Web Based Online Backup service provider.

Ahope

Ahope

Ahope is a mobile security solution provider in Korea with a long history of security solution development.

Cybonet

Cybonet

Cybonet is committed to empowering organizations of all sizes with the tools and capabilities to detect and engage cyber security threats.

CopSonic

CopSonic

Copsonic provide a technology solution based on ultrasonic waves to send secure and encrypted data between two devices in order to achieve authentication.

Cyberhaven

Cyberhaven

Cyberhaven provides rapid enablement for GDPR and CCPA compliance, streamlined data security and modern risk management.

Guardian Data Destruction

Guardian Data Destruction

Guardian Data Destruction provides a comprehensive suite of onsite e-data destruction services.

Randstad

Randstad

Randstad provide outsourcing, staffing, consulting and workforce solutions in the USA across a wide range of job sectors including IT and cybersecurity.

GroupSense

GroupSense

GroupSense helps governments and enterprises take control of digital risk with cyber reconnaissance, counterintelligence and monitoring for breached credentials.

PizzlySoft

PizzlySoft

PizzlySoft is a global company that is seeking convergence of network and security / software and hardware. We put our value on creating the best security.

Athreon

Athreon

Athreon utilizes a fusion of AI technology, human interpretation, and the latest in cybersecurity to deliver sound business solutions that help our clients make better data-driven decisions.

ActZero

ActZero

ActZero’s security platform leverages proprietary AI-based systems and full-stack visibility to detect, analyze, contain, and disrupt threats.

Swissbit

Swissbit

Swissbit AG is the leading European manufacturer of storage, security and embedded IoT solutions for demanding applications.

Myota

Myota

Myota intelligently equips each file to be resilient and achieve Zero Trust-grade protection. Withstand ransomware and data breach attacks. Reduce data restoration time and effort.

mxHERO

mxHERO

mxHERO reduces the risks inherent with ransom and cyber-security threats specific to email.

Nicoll Curtin

Nicoll Curtin

Nicoll Curtin is a global company with over 20 years of experience in connecting outstanding talent with industry leading companies within Technology, Change and Cyber Security.

Rampart AI

Rampart AI

Tackling DevSecOps Issues In Application Security. Rampart has revolutionized the shift left security approach, applying zero-trust to application development.