Now Amazon and Super Micro tell Bloomberg to retract its China spy-chip story
AWS CEO Andy Jassy and Super Micro CEO Charles Liang urge Bloomberg to retract China spy-chip report
Amazon and server maker Super Micro have joined Apple in urging Bloomberg to retract a report at the beginning of the month that had claimed that Chinese intelligence had placed malicious chips on Super Micro servers. These chips, it suggested, had enabled them to compromise as many as 30 different organisations.
The article added that servers featuring the bespoke chip enabled the exfiltration of sensitive information from the companies in which they had been installed.
Bloomberg claimed that the compromised Super Micro servers had been found by engineers at Amazon when AWS purchased video encoding company Elemental Technologies in 2015 as part of the due diligence process. They had also been subsequently found on Super Micro servers used by Apple, the report had claimed.
"When a server was installed and switched on, the microchip altered the operating system's core so it could accept modifications. The chip could also contact computers controlled by the attackers in search of further instructions and code," claimed the Bloomberg report.
It's not clear whether the claimed compromise operation was conducted for the purpose of gathering intelligence, industrial espionage or a combination of the two.
Bloomberg claimed that Chinese intelligence was behind it, but hardware experts expressed scepticism over whether it would even be possible to install such a bugging device on a server motherboard capable of doing what the Bloomberg report claimed - at least, not without subverting core functions and being quickly detected.
Apple and Amazon, meanwhile, outright rejected the claims made in the report, including the suggestion that the companies themselves had found evidence of the compromise on their own servers.
We have seen no malicious hardware components in our products, no government agency has contacted us about malicious hardware components, and no customer has reported finding any malicious hardware components
Yesterday, Apple CEO Tim Cook urged Bloomberg to retract the article, claiming that it was simply wrong. "There is no truth in their story about Apple," Cook told BuzzFeed News. "They need to do that right thing and retract it."
He continued: "I personally talked to the Bloomberg reporters along with Bruce Sewell, who was then our general counsel. We were very clear with them that this did not happen, and answered all their question. Each time they brought this up to us, the story changed, and each time we investigated we found nothing."
The company, he added, had been turned "upside down" in its efforts to find evidence to back-up the Bloomberg report, but found nothing.
We stand by our story and are confident in our reporting and sources
Now, Amazon and Super Micro - the company most affected by the claims - have joined Apple in urging Bloomberg to retract the report.
Super Micro CEO Charles Liang claimed that the Bloomberg report featured "unsupported allegations". He said: "Bloomberg's recent story has created unwarranted confusion and concern for our customers, and has caused our customers, and us, harm.
"Bloomberg should act responsibly and retract its unsupported allegations. The allegations imply there are a large number of affected motherboards.
"Bloomberg has not predicted a single affected motherboard, we have seen no malicious hardware components in our products, no government agency has contacted us about malicious hardware components, and no customer has reported finding any malicious hardware components either."
Amazon Web Services (AWS) CEO Andy Jassy supported Liang and Cook.
He tweeted: "[The] Bloomberg story is wrong. They offered no proof, [the] story kept changing, and [they] showed no interest in our answers unless we could validate their theories. [The] reporters got played or took liberties."
Bloomberg, though, has stood by its report, claiming that its reporters interviewed 17 different people to make it stand up, producing visuals to illustrate how the claimed compromise worked. "We stand by our story and are confident in our reporting and sources," Bloomberg responded.
It also published the full responses of the company's involved.
Last week, the director of US intelligence, Dan Coats, also claimed that there was no evidence to back-up the claims made in the Bloomberg report.
Image above from the Spy Versus Spycomic strip, as originally featured in Mad magazine
There's a new wave of automation hitting big business and the public sector, and organisations that fail to prepare or implement properly will, literally, be left for dead.
Hear from end users and other organisations about how you can effectively automate the enterprise at Computing's Automation: streamlining your essential business processes IT Leaders' Forum.
To reserve your FREE place for the event on Wednesday 7 November, check out the dedicate IT Leaders' Forum website