The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

"The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources..."

https://www.bloomberg.com/news/feat...ny-chip-to-infiltrate-america-s-top-companies

BUT -- "Fake News??":

"Chinese spy chips are found in hardware used by Apple, Amazon, Bloomberg says; Apple, AWS say no way

The chip could have enabled China to view the network of several companies, but Apple, AWS and Super Micro deny the claims, according to a report by Bloomberg BusinessWeek.

Apple, AWS and Super Micro dispute the report..."

https://www.cnbc.com/2018/10/04/chi...denies-the-bloomberg-businessweek-report.html

 

I would think they would have to deny the claims else they would have to go public with just what and how much they and their customers were exposed, it could cost them millions. Imagine if they hid one in every iPhone and iPad?

Recalling and replacing that many phones and IPads along with the lawsuits and bad publicity that went along with it would destroy the company.

This does make one wonder just where China's technological advancement would be today without industrial espionage and reverse engineering.

 

The suspect "backdoor" chips are on the motherboard of servers used by large American companies, banks and US Govt agencies, including Apple. The chips are said to allow the attackers to create a stealth doorway into any network that included the altered machines.

 

Of course nobody wants to upset the stock market.
Is this like the chinese version of Intel ME?

 

Yes, but Chinese don't try to persuade us that this is something good and something we all need.

 

Statements From Amazon, Apple, Supermicro, and the Chinese Government

https://www.bloomberg.com/news/arti...k-amazon-apple-supermicro-and-beijing-respond

 

Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth?

https://www.theregister.co.uk/2018/10/04/supermicro_bloomberg/

 

UK cyber security agency backs Apple and Amazon's denials of Chinese hardware hack

http://www.cityam.com/264765/uk-cyber-security-agency-backs-apple-and-amazons-denials

 

"Bloomberg stands by Chinese chip story as Apple, Amazon ratchet up denials...

...Bloomberg reporter Jordan Robertson, one of the article's co-authors, has stood by his story. In a Thursday afternoon appearance on Bloomberg TV, Robertson said that he talked to 17 anonymous sources—both in US intelligence agencies and at affected companies—who confirmed the story..."

https://arstechnica.com/tech-policy...hip-story-as-apple-amazon-ratchet-up-denials/

 

Supermicro also Had Their Update Portal Hacked in 2015

https://news.softpedia.com/news/supermicro-also-had-their-update-portal-hacked-in-2015-523082.shtml

 

I can't believe that the US didn't see this one coming. And it's not just the US, I'm sure the EU has also already been infiltrated.

 

I personally have no clue about the veracity of this story. But I DO know about Stock Market manipulation. Just as a false story of a proposed merger can be planted so that those holding a position on the company that is said to be bought out can benefit when the market goes crazy and runs the stock price of the "company to be acquired" up to the moon, a rumor can also be planted to make a stock tank.

It works like this: plant a negative story, and then let the public FREAK OUT AND SELL (Lenovo stock lost ~23% and ZTE lost another 14% in Hong Kong on Friday). I can just image some Fat Fools laughing their ample behinds off about this (while spending the money they made on the Short).

Sow a Lie in the Morning and you can be assured of a Harvest in the Evening.

 

Considering the damage a rogue chip on a networked device can do, governments should have already legislated to force manufacturers to document every functionality of every chip on its device boards and face huge fines if they are found to be lying.

 

I can't believe any of this.

I can't believe any of this.

~Off topic comments removed~

 

FWIW:

"Statement from DHS Press Secretary on Recent Media Reports of Potential Supply Chain Compromise


Release Date:
October 6, 2018

The Department of Homeland Security is aware of the media reports of a technology supply chain compromise. Like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story. Information and communications technology supply chain security is core to DHS’s cybersecurity mission and we are committed to the security and integrity of the technology on which Americans and others around the world increasingly rely. Just this month – National Cybersecurity Awareness Month – we launched several government-industry initiatives to develop near- and long-term solutions to manage risk posed by the complex challenges of increasingly global supply chains. These initiatives will build on existing partnerships with a wide range of technology companies to strengthen our nation’s collective cybersecurity and risk management efforts...”

https://www.dhs.gov/news/2018/10/06...dia-reports-potential-supply-chain-compromise

 

Security researcher cited in Bloomberg's China spy chip investigation casts doubt on story's veracity

https://appleinsider.com/articles/1...-investigation-casts-doubt-on-storys-veracity

 

"New Evidence of Hacked Supermicro Hardware Found in U.S. Telecom

The discovery shows that China continues to sabotage critical technology components bound for America.

A major U.S. telecommunications company discovered manipulated hardware from Super Micro Computer Inc. in its network and removed it in August, fresh evidence of tampering in China of critical technology components bound for the U.S., according to a security expert working for the telecom company..."

https://www.bloomberg.com/news/arti...cked-supermicro-hardware-found-in-u-s-telecom

 

When asked what, exactly, he found strange about Bloomberg's claims, Fitzpatrick said, "It was surprising to me that in a scenario where I would describe these things and then he would go and confirm these and 100% of what I described was confirmed by sources." ~ op cit

"Spreading hardware fear, uncertainty and doubt is entirely in my financial gain, but it doesn't make sense because there are so many easier ways to do this," Fitzpatrick said, referring to the purported hardware implant. "There are so many easier hardware ways, there are software, there are firmware approaches. There approach you are describing is not scalable. It's not logical. It's not how I would do it. Or how anyone I know would do it." ~ op cit

 

Yes, also this:

 

The F.B.I. apparently does not put much credence into the Bloomberg story.

This morning, the Senate Homeland Security and Governmental Affairs Committee held a hearing on Homeland Security Threats.

In response to a question by Senator Johnson as to when The FBI first learned of the security issues raised in the Bloomberg story, F.B.I. Director Wray, with a smile on his face, stated:

"As to the newspaper, magazine article, I would just say: you have to be careful what you read..."

Video here at 2:10:40

https://www.c-span.org/video/?45254...rector-wray-testify-homeland-security-threats

 

As I thought; a storm in a China teacup.

 

NSA official: Bloomberg story created a frenzied, fruitless search for supporting evidence

https://www.cyberscoop.com/rob-joyce-bloomberg-story-supply-chain/