Bloomberg

How China Used a Tiny Chip to Infiltrate U.S. Companies

The latest scandal concerning hackers that shook the world was made by the newest Chinese hackers attack which reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources, states Bloomberg.

The news agency reported the data had been siphoned off via tiny chips inserted on server circuit boards made by a company called Super Micro Computer. The servers were compromised during manufacturing, and once they were up and running the chips activated.
So far, all the involved sides, namely Apple, Amazon, and Super Micro declined Bloomberg’s claims, deeming them “untrue”. In particular, Apple released a strong statement in response to Bloomberg’s article saying it had found “no evidence” to support the allegations.

Chinese hackers

Bloomberg stated there was an investigation that lasted for over a year, made by reporters Jordan Robertson and Michael Riley, which had uncovered evidence of the wide-ranging attack. Those attacks reportedly gave Beijing access to 30 large companies and many federal agencies. The report said that the first info about the Chinese spying campaign had emerged during Amazon’s security testing before they started using servers from US company Elemental, which had been manufactured by Super Micro Computer at plants in China. This discovery started a top-secret probe by US intelligence, which lasted for a year and found all the compromised servers.  

And this discovery then kicked off a long-running “top-secret probe” by US intelligence agencies, which found compromised servers. China was well placed to carry out this kind of attack, said Bloomberg, because 90% of the world’s PCs are made in that country. Bloomberg article stated that carrying out the attack involved, quote, “developing a deep understanding of a product’s design, manipulating components at the factory, and ensuring that the doctored devices made it through the global logistics chain to the desired location”. Many US companies, including Apple, Amazon and major banks were using Super Micro Computer hardware, which puts them in a group of potentially vulnerable targets.

Bloomberg claims the probe led to some companies removing servers made by Super Micro and ending business relationships with the company. Both Amazon and Apple swiftly denied there was any background to Bloomberg’s claims. Amazon put lengthy statement, saying “We’ve found no evidence to support claims of malicious chips or hardware modifications.”
On the other hand, Apple said that Bloomberg had contacted it “multiple times with claims, sometimes vague and sometimes elaborate, of an alleged security incident”. Each time, they have conducted rigorous internal investigations based on Bloomberg’s inquiries and each time they have found absolutely no evidence to support any of them.

Super Micro Computer said it was “not aware” of any government investigation into the issue and no customer had stopped using its products because of fears about Chinese hackers.

Even China’s Ministry of Foreign Affairs had their view of the situation, calling the story a “gratuitous accusation” and said the safety of supply chains was an “issue of common concern”.

Bloomberg replied to the denials saying they’re countered by testimony from “six current and former national security officials” as well as insiders at both Apple and Amazon who had detailed the investigation and its aftermath. Is this hack just a deliberate hoax or is there more substance about it, it’s still yet to be revealed. What we know is that it will affect mutual relations between the US and China for a long time, and not in a good way.