Apple, Amazon deny Bloomberg report on Chinese hardware attack


But Bloomberg Businessweek cited 17 unnamed intelligence and company sources as saying that Chinese spies had placed computer chips inside equipment used by around 30 companies, as well as multiple USA government agencies, which would give Beijing secret access to internal networks. Is it Bloomberg and its 17 sources or is it Amazon, Apple, Supermicro, and Beijing?

What did Amazon and Apple say?

"Over the course of the past year, Bloomberg has contacted us multiple times with claims.of an alleged security incident at Apple", the company said in an emailed statement to Bloomberg.

According to the report, Apple and Amazon found surveillance chips from China in their server hardware, which was provided by Super Micro located in the country. One US official who said Thursday morning that the thrust of the article was true later expressed uncertainty about that conclusion.

According to officials cited in the report, some 30 companies were affected. Amazon reported the discovery to USA authorities, sending a shudder through the intelligence community. Super Micro reportedly denied that it introduced the chips during the manufacturing. San Jose, California-based Super Micro said it strongly denies reports that servers it sold to customers contained malicious microchips in the motherboards of those systems. "Apple never had any contact with the Federal Bureau of Investigation or any other agency about such an incident", the company said in a statement provided to Bloomberg.

As for the servers in question, Bloomberg reported that an investigation began more than three years ago after Amazon discovered a microchip on the motherboard of AWS Elemental's servers that were reportedly assembled by Supermicro Computer Inc., which has subcontractors in China. After spotting tiny chips on the servers' motherboards which were not part of the original design, Amazon reported its findings to U.S. authorities, "sending a shudder through the intelligence community". Amazon reported the matter to USA authorities, who determined that the chips allowed attackers to create "a stealth doorway" into networks using those servers, the story said.

More news: Putin calls ex-spy Skripal a 'scumbag' and 'traitor'
More news: Government to send test alert messages Wednesday to cell phones
More news: Tottenham’s Harry Kane sets sights on Messi as Barcelona come to town

A statement by Amazon to AFP said that "at no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in Supermicro motherboards in any Elemental or Amazon systems".

Amazon subsidiary Amazon Web Services, which provides on-demand cloud computing platforms, was described in the Bloomberg story as having known about the malicious chips and working with the FBI to investigate the matter.

As you might expect, Apple has denied the incident. Representatives of Apple, the Federal Bureau of Investigation and Department of Homeland Security could not be reached for comment by Reuters.

Check out the full story and see the statements from the named companies here.

"Extended, complex, global supply chains create a risk for malicious cyber activity that companies must take into account", said Michael Daniel, chief executive of the non-profit Cyber Threat Alliance.