Both US and UK intelligence officials have put out statements over the weekend in support of Amazon, Apple, and Supermicro in regards to recent allegations made by Bloomberg in an article published last week.
On Thursday, Bloomberg reporters claimed that Chinese intelligence had secretly implanted spy chips inside motherboards used for Supermicro servers that eventually made their way inside the IT infrastructure of Apple, Amazon, and 30 other companies, but also inside the networks of US and UK governments.
The report shocked the public and cut Supermicro's stock value in half.
All three major companies named in the piece vehemently denied the Bloomberg report's claims.
Amazon cited "so many inaccuracies [...] that they're hard to count."
Apple suggested Bloomberg's sources "might be wrong or misinformed," and they might be "confusing their story with a previously-reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of [the Apple] labs."
Supermicro, too, denied the Bloomberg report, with the company saying they have "never been contacted by any government agencies either domestic or foreign regarding the alleged claims."
In its report, Bloomberg cited 17 unnamed sources from the intelligence and private sector.
But in its statement, Apple said that "no one from Apple ever reached out to the FBI about anything like this, and we have never heard from the FBI about an investigation of this kind -- much less tried to restrict it."
More denials came on Friday, October 5, and this time they were from government officials.
Speaking to Reuters, members of the UK's National Cyber Security Centre (NCSC) at the Government Communications Headquarters (GCHQ), showed their support for Amazon and Apple, indirectly denying the Bloomberg report.
"We are aware of the media reports but at this stage have no reason to doubt the detailed assessments made by AWS and Apple," an NCSC spokesperson said.
A day later, the Department of Homeland Security published a near identical statement on its website.
"The Department of Homeland Security is aware of the media reports of a technology supply chain compromise. Like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story," said the agency.
Over the past few days, several security researchers and infosec pundits have torn the Bloomberg article to pieces, criticizing everything from the incorrect artwork to the lack of technical details or the reporters' ability to convince sources to go on the record with their real names. Despite all this, Bloomberg stood by its reporting.
- Apple, Amazon deny claims Chinese spies implanted backdoor chips in company hardware: report
- DOJ explains recent wave of cyber-espionage-related indictments
- Russia's elite hacking unit has been silent, but busy
- Google forcibly enables G Suite alerts for government-backed attacks
- Ukraine fears a coordinated hacking attack from Russia (CNET)
- You weren't hacked, Google tells Gmail users who received spam from themselves (TechRepublic)