Chip Hacking Confusion: Apple, Amazon & Supermicro deny server attack report
Updated 14:21, 17-Oct-2018
[]
04:25
Doubts are increasing about some bombshell hacking allegations. A report by Bloomberg news alleged that Chinese spies had slipped malicious chips into servers used by US based companies. Apple, Amazon and other American companies deny the report. But Bloomberg is standing by it. CGTN's Jim Spellman examines the allegations - with the writer - and with security experts.
Earlier this month, Bloomberg Businessweek published a bombshell story claiming Chinese manufacturers secretly installed tiny chips onto complex computer circuit boards, allowing the Chinese government to allegedly spy on companies including Apple and Amazon. The reporting is based on mostly unnamed sources.
JORDAN ROBERTSON BLOOMBERG WRITER "We cite 17 different sources in the story, now these are senior level officials across the government, but also senior level officials inside the companies."
But problems with the story soon emerged. Paul Triolo is head of global technology policy at the Eurasia Group, an independent consulting firm.
PAUL TRIOLO EURASIA GROUP "The cyber security community, which is very active, has become very skeptical of this, and you've seen a growing chorus of U.S. government officials unable to corroborate the details and the points made in the original story."
Apple released a statement, saying in part, "Over the course of the past year, Bloomberg has contacted us multiple times with claims, sometimes vague and sometimes elaborate, of an alleged security incident at Apple. Each time, we have conducted rigorous internal investigations based on their inquiries and each time we have found absolutely no evidence to support any of them."
And Amazon's chief information security officer released a statement saying in part, "There are so many inaccuracies in this article as it relates to Amazon that they're hard to count. At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips."
And now one of the few named sources in the article is speaking out.
JOE FITZPATRICK HARDWARE SECURITY RESOURCES "I heard the story, and it just didn't make sense to me."
On the Risky Business podcast, computer hardware security expert Joe Fitzpatrick says many of the technical details in the article seem to be based on discussions with the authors about what may be theoretically possible - not about actual hardware hacks.
JOE FITZPATRICK HARDWARE SECURITY RESOURCES "I didn't speak to any fact checkers. I see a lot of details that I gave out of context. I'm not an expert judge on the quality of journalism, but I definitely have my doubts on this one."
One of the Bloomberg reporters says U.S. authorities may be reluctant to publicly admit hardware hacking.
JORDAN ROBERTSON BLOOMBERG WRITER "What we discovered is the U.S. government is in a very tricky position because if they announced the breach that could potentiality damage a U.S. company and also this was a U.S. company and this was a problem with no solution."
Bloomberg is defending the article, releasing a statement reading in part, "Seventeen individual sources, including government officials and insiders at the companies, confirmed the manipulation of hardware and other elements of the attacks. We stand by our story and are confident in our reporting and sources."
China has denied the allegations.
LU KANG SPOKESMAN, CHINESE FOREIGN MINISTRY "The relevant accusation is totally groundless. Someone in the U.S. keeps trying to slander and frame China by making up story on hearsay evidence."
Some cyber security analysts are wondering if global politics may be at play.
PAUL TRIOLO EURASIA GROUP "It comes at a very sensitive time in U.S.- China relations. So some people have questioned the timing of this too and why this has come out right now."
The U.S. National Security Agency has not been able to corroborate the charges made in the story. An NSA adviser is calling for anyone with direct knowledge of hardware hacks to come forward.
JIM SPELLMAN WASHINGTON "The motherboards in question look similar to this. They are complex and vital to a computer. If hacked motherboards do exist, the NSA would like to study them to find out who is behind the manipulation, and how to stop future attacks. So far, none of the alleged hacked circuit boards has surfaced. Jim Spellman, CGTN, Washington."