We ‘never found malicious chips, “hardware manipulation”, or vulnerabilities purposely planted in any server’.
That’s what Apple, Inc. [NASDAQ:APPL] said in a letter to lawmakers on Monday.
The Thursday before, Bloomberg Businessweek broke the story.
After months of research, they found Chinese plans to spy and steal from the US. Here how it might’ve gone down, according to Bloomberg:
‘A Chinese military unit designed and manufactured microchips as small as a sharpened pencil tip…
‘The microchips were inserted at Chinese factories which supplied Supermicro, one of the world’s biggest sellers of server motherboards…
‘The compromised motherboards were built into servers assembled by Supermicro.
‘…The sabotaged servers [sold by Elemental Technologies] made their way inside data centres operated by dozens of companies…
‘When a server was installed and switched on, the microchip altered the operating system’s core so it could accept modifications.’
Almost immediately, Amazon.com, Inc. [NASDAQ:AMZN]and Apple came out to bash the story.
What’s the real reason both tech giants want this whole thing to go away…?
What has Bloomberg got to lose?
‘There are so many inaccuracies in this article [Bloomberg’s article] as it relates to Amazon that they are hard to count,’ Amazon security officer, Steve Schmidt said.
US Homeland security has sided with Apple and Amazon saying they have ‘no reason to doubt’ their claims.
Even a British spy agency has come to Apple and Amazon’s aid. Reported by The Verge:
‘The UK’s top national cybersecurity agency GCHQ told Reuters on Friday that it didn’t see any reason to question the validity of Apple and Amazon’s denials that their servers were compromised following a meteoric report from Bloomberg on Thursday.’
It seems like all parties involved just want us to forget about the story.
According to Apple and Amazon, there are no Chinese spy chips. No one has unauthorised access to US information. Everything is running as it should. Let’s all just focus on something else.
What’s more they’ve got the backing of government officials and spy agencies.
So why then did Bloomberg report the story in such detail? Bloomberg is hardly a fringe media outlet. In fact, they’re about as mainstream as you can get.
How come they’re not toeing the line? Where did they get the 17 sources confirming that they saw suspicious chips? Why would it take Bloomberg more than a year and hundreds of interviews to fabricate a story? [openx slug=inpost]
And in fact, they continue to report on the story…
‘A major U.S. telecommunications company discovered manipulated hardware from Super Micro Computer Inc. in its network and removed it in August, fresh evidence of tampering in China of critical technology components bound for the U.S., according to a security expert working for the telecom company,’ the media outlet wrote.
If it’s all fake, surely the reporters behind the story will lose their jobs. It just doesn’t add up.
Even more suspicious are those with opinions. Search ‘Chinese spy chips’ on Google and you’ll get back a flurry of results. They range from Apple and Amazon’s statements, to political and tech reporters giving their two cents.
Of the latter, it’s not all that hard to find reports siding with the government. This one, for example, is from CSO:
‘I’m very dubious of the recent Bloomberg report stating that several American companies were compromised by spy chips inserted secretly by the Chinese on U.S.-used computer motherboards. The Bloomberg article should be used as a starting point for a very real, serious, and long overdue discussion of supply chain risks, but I’d rather start with the facts supported by evidence instead of anonymous claims that have been unsupported for over three decades.’
Yet even if Bloomberg’s claims are unfounded, surely the mention of Chinese hardware infiltration warrants further investigation?
Back in 2012, the Senate Armed Services Committee warned of a similar situation. They found over a million counterfeit parts in US military systems, according to The Epoch Times.
A year before that, we found recording devices in all dual-plate Chinese-Hong Kong vehicles. A year before that, we found Chinese Olympus camera memory cards infecting computers. The same virus was in memory cards of Samsung smartphones.
Or what about in 2013, when the world found Chinese spy chips in Russian electric kettle and irons.
Clearly China has the capability. So why is the government, Apple and Amazon so quick to shrug this whole thing off?
I read one comment saying:
‘Either Apple & Amazon are absolutely certain this isn’t a thing, or they are confident enough that evidence of it was destroyed that they are willing to push back this hard. I find the latter unlikely myself, if they were under a gag order or something similar they would have no incentive to push back this hard.’
But I’m not so sure. It’s not as if corporations and governments haven’t lied before.
Is it possible that Apple and Amazon are lying?
Do you remember documents Edward Snowden released in 2013? He showed evidence of an NSA secret program called PRISM. This program allowed agency to access private data on cloud services.
Ars Technica picks up the story:
‘A number of companies, including Apple, issued carefully worded denials. Several of them focused on claims in the initial Washington Post story that the NSA had “direct access” to user data. But while some of these details may have been wrong, the basic thrust of the story was correct: major tech companies really were participating in a secret NSA spying program called PRISM.’
Maybe the same thing is happening now. Maybe Bloomberg has gotten some minor details wrong, but the story overall is correct.
Time will help us uncover more. Don’t be surprised if Apple and Amazon continue poking holes in Bloomberg’s report.
After all, evidence of data breaches is the last thing they want. Such stories could threaten Amazon’s cloud business and future contracts with government agencies.
It might also throw Apple into the same pile as Facebook, Inc. [NASDAQ:FB] and Google — data cowboys.
The story continues.