Apple, Amazon deny Bloomberg report claiming cyber attack by Chinese spies
Oct 4 2018
Apple Inc and Amazon.com Inc have denied a Bloomberg report claiming their systems had been infiltrated by malicious computer chips inserted by Chinese spies, according to statements from the companies released by Bloomberg.
Key points:
- Amazon and Apple denied claims Chinese spies placed computer chips inside US equipment
- China's Ministry of Foreign Affairs did not respond to a written request for comment
- Bloomberg cited 17 unidentified intelligence and company sources, said report was accurate
Bloomberg Businessweek cited 17 unidentified intelligence and company sources as saying that Chinese spies had placed computer chips inside equipment used by about 30 companies and multiple United States government agencies, which would give Beijing secret access to internal networks.
Representatives of Apple, the FBI and Department of Homeland Security could not be reached for comment.
A National Security Agency spokeswoman said she had no immediate comment.
China's Ministry of Foreign Affairs did not respond to a written request for comment.
Beijing has previously denied allegations of orchestrating cyber attacks against Western companies.
Apple said it had refuted "virtually every aspect" of the story in on-record responses to Bloomberg.
"Apple has never found malicious chips, 'hardware manipulations' or vulnerabilities purposely planted in any server," the company said.
Amazon Web Services (AWS) said it found no issues.
However, Amazon and Apple stocks have both dropped in the wake of the report, with shares dropping 2.2 and 1.8 per cent respectively.
We stand by our story: Bloomberg
Bloomberg said its report was accurate.
"We stand by our story and are confident in our reporting and sources."
The story reported that malicious chips were planted by a unit of the Chinese People's Liberation Army, which infiltrated the supply chain of computer hardware maker Super Micro Computer Inc.
The operation is thought to have been targeting valuable commercial secrets and government networks, the news agency said.
In a blog post on the Bloomberg report, Amazon Web Services said: "At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in Super Micro motherboards in any Elemental or Amazon systems. Additionally, we have not engaged in an investigation with the government."
San Jose, California-based Super Micro said it strongly denies reports that servers it sold to customers contained malicious microchips in the motherboards of those systems.
It said it has never found any malicious chips, has not been informed by any customer that such chips have been found, and has never been contacted by any government agencies on the matter.
Bloomberg reported that AWS uncovered the malicious chips in 2015 when examining servers manufactured by a company known as Elemental Technologies, which AWS eventually acquired.
Chips created 'a stealth doorway', report claims
The investigation found that Elemental servers, which were assembled by Super Micro, were tainted with tiny microchips that were not part of their design, Bloomberg said.
Amazon reported the matter to US authorities, who determined that the chips allowed attackers to create "a stealth doorway" into networks using those servers, the story said.
AWS told Bloomberg it had re-reviewed its records related to the Elemental acquisition and "found no evidence to support claims of malicious chips or hardware modifications".
Bloomberg also reported that Apple, in 2015, found malicious chips in servers it purchased from the hardware maker, then stopped doing business with Super Micro in 2016 for reasons that were not related, citing three unidentified company insiders.
Apple denied the account, saying it had investigated the claims.
Report coincides with 'supply chain attacks'
The report coincides with the increasing concerns of authorities in the United States about foreign intelligence agencies infiltrating US government agencies and private companies via so-called "supply chain attacks", particularly from China where many global tech firms outsource their manufacturing.
The US government warned on Wednesday that a hacking group widely known as Cloudhopper, which Western cybersecurity firms have linked to the Chinese government, has launched attacks on technology service providers in a campaign to steal data from their clients.
Two prominent US cybersecurity companies warned this week that Chinese hacking activity has surged amid a trade war between Washington and Beijing.
No comments:
Post a Comment
Comments always welcome!