Neither US Or UK  Investigated Chinese Spy Chips

The US Department of Homeland Security (DHS) and the UK National Cyber Security Centre (NCSC) have denied investigating the presence of Chinese spy chips in Supermicro servers, as claimed by a bombshell report published recently by Bloomberg.

According to Bloomberg, the Chinese government planted tiny chips in Supermicro motherboards in an effort to spy on more than 30 organisations in the United States, including government agencies and tech giants such as Apple and Amazon.

The report, on which Bloomberg reporters have been working for the past year using information from 17 sources, claims that Chinese agents masquerading as government or Super Micro employees pressured or bribed managers at the Chinese factories where the motherboards are built.

Once the chips were planted, they would allow attackers to remotely access the compromised devices. Apple and Amazon allegedly discovered the malicious hardware implants and contacted the FBI.

While many experts agree that it is technically possible to create and plant spy chips such as the one described, Apple, Amazon and Super Micro have strongly denied the reports, and their statements have now been backed by the DHS and the NCSC.

“We are aware of the media reports but at this stage have no reason to doubt the detailed assessments made by AWS and Apple,” stated the NCSC. “The NCSC engages confidentially with security researchers and urges anybody with credible intelligence about these reports to contact us.”

The DHS also published a statement on Saturday saying it's aware of the media reports.

“Like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story,” the agency stated. “Information and communications technology supply chain security is core to DHS’s cybersecurity mission and we are committed to the security and integrity of the technology on which Americans and others around the world increasingly rely.”

No one has been able to independently confirm that the FBI has launched an investigation as a result of the discovery of spy chips, and a former Apple executive said the agency's representatives told him that they had never heard of this type of investigation.

Apple, Amazon and Super Micro have been contacted by Bloomberg several times while the article was being written, but they are not happy with the final result. While it's not uncommon for major companies to deny news reports, the statements issued by the tech giants named in the Bloomberg story stand out due to the fact that they are very detailed and attempt to show that the article is factually inaccurate.

“At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in Super Micro motherboards in any Elemental or Amazon systems. Nor have we engaged in an investigation with the government,” Amazon said.

“There are so many inaccuracies in ‎this article as it relates to Amazon that they’re hard to count.” Apple claims it's disappointed that Bloomberg reporters have not been open to the possibility that their sources might be misinformed or wrong.

“Despite numerous discussions across multiple teams and organizations, no one at Apple has ever heard of this investigation. Businessweek has refused to provide us with any information to track down the supposed proceedings or findings. Nor have they demonstrated any understanding of the standard procedures which were supposedly circumvented,” Apple said.

For its part, Super Micro also denied knowing anything about a government investigation.

“The manufacture of motherboards in China is not unique to Supermicro and is a standard industry practice. Nearly all systems providers use the same contract manufacturers. Supermicro qualifies and certifies every contract manufacturer and routinely inspects their facilities and processes closely,” it stated.

Security Week:

You Might Also Read: 

Get Serious About Hardware Cybersecurity:

 

« #PresidentialAlert: A US National Alert Test
Chinese Spy Extradited To Go On Trial »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Evidian

Evidian

Evidian, a Bull Group company, is the European leader and one of the major worldwide vendors of identity and access management software.

Joe Security

Joe Security

Joe Security specializes in the development of automated malware analysis systems for malware detection and forensics.

MSAB

MSAB

MSAB is a pioneer in forensic technology for mobile device examination.

Greenbone Networks

Greenbone Networks

Greenbone Networks delivers a vulnerability analysis solution for enterprise IT which includes reporting and security change management.

OneWelcome

OneWelcome

Onegini and iWelcome have merged to become OneWelcome, the largest European Identity Access Management Saas Vendor.

CLDigital

CLDigital

CLDigital's no-code risk and resilience platform, CL360, provides leaders with risk and resilience data to make strategic and tactical continuity decisions.

Center for Long-Term Cybersecurity (CLTC)

Center for Long-Term Cybersecurity (CLTC)

The Center for Long-Term Cybersecurity is developing and shaping cybersecurity research and practice based on a long-term vision of the internet and its future.

DDOS-Guard

DDOS-Guard

DDoS-GUARD is one of the leading service providers on the global DDoS protection and content delivery markets.

Texas A&M Cybersecurity Center

Texas A&M Cybersecurity Center

Texas A&M Cybersecurity Center is dedicated to combating adversaries who desire to harm our citizens, our government, and our industry through cyber-attacks.

FirstWave Cloud Technology

FirstWave Cloud Technology

FirstWave Cloud Technology is a global cyber security company which has been delivering Cybersecurity-as-a-service solutions to the market since 2004.

Mobileum

Mobileum

Mobileum is a leading provider of Telecom analytics for roaming, security and risk management and end-to-end domestic and roaming testing solutions.

Wadilona Cyber Securities

Wadilona Cyber Securities

Wadilona Cyber Securities' sole aim is to bring and secure Information and Communications Technology (ICT) to and work for humans in its simplest terms.

Lab 1

Lab 1

Lab 1 turns criminal data breaches and attacks into insights. Get alerts of data breaches or ransomware attack incidents as they happen.

iNovex

iNovex

iNovex is a community of innovators that work together to solve hard problems. We partner with you to meet problems head-on and push boundaries with technology solutions.

Cyber Capital Partners

Cyber Capital Partners

Cyber Capital Partners build strategic and financial partnerships with small and mid-sized cybersecurity companies in highly regulated markets.

CMIT Solutions

CMIT Solutions

CMIT Solutions is a recognized leader in Managed IT Services for businesses. We empower businesses like yours by providing innovative technology solutions, managed IT services and cybersecurity.