Sources: Chinese spies inserted tiny chips onto products from US-based motherboard giant Supermicro to infiltrate ~30 US companies including Amazon and Apple
There's recent news about some really interesting hardware implants. Nicholas Weaver / Lawfare : The China SuperMicro Hack: About That Bloomberg Report Andrew Marino / The Verge : Vergecast: Chinese spy chips, Microsoft announcements, and Pixel 3 previews Fortune : Data Sheet—Separating Legit Cryptocurrency Ideas From the Ponzi Schemes ServeTheHome : Bloomberg Reports China Infiltrated the Supermicro Supply Chain We Investigate Kate Fazzini / CNBC : Chinese spy chips are found in hardware used by Apple, Amazon, Bloomberg says; Apple, AWS say no way John Gruber / Daring Fireball : Bloomberg's ‘The Big Hack’ Paul Kunert / The Register : Chinese tech titans' share prices slump after THAT Super Micro story Richard Beales / New York Times : Cybersecurity Risks Should Weigh on Investors' Minds More Often Alex Cranz / Gizmodo : Apple and Amazon Call Bullshit on Chinese Spy Microchip Report Eduard Kovacs / SecurityWeek : Industry Reactions to Chinese Spy Chips: Feedback Friday Eustance Huang / CNBC : Apple suppliers' shares fall on the back of report alleging hidden Chinese spy chips Benjamin Mayo / 9to5Mac : Apple strongly refutes report that it found Chinese ‘spy’ chips in iCloud servers Michael Kalodrich / Super Micro Computer, Inc. : Supermicro Refutes Claims in Bloomberg Article South China Morning Post : Chinese hardware makers slammed by ‘chip hack’ report, Lenovo loses HK$11 billion in Hong Kong Jeet Heer / New Republic : Major hacking stories about Russia and China confirm that this is the age of cyber-war. Rachel Kraus / Mashable : Facebook, Apple confirm they were targets of Supermicro malware attack Theo Markettos / Light Blue Touchpaper : Making sense of the Supermicro motherboard attack CNN : Pentagon report accuses China of trying to undermine US defense industry Motherboard : The Worst Hack in Science Fiction Has Allegedly Already Happened in Real Life Tom Fogden / TechCo : Did Chinese Spies Use Microchips to Hack Servers Around the World? Rani Molla / Recode : Supermicro stock fell 50 percent after a bombshell Bloomberg report that China tried using its servers to spy on Apple Cameron Camp / WeLiveSecurity : Virus Bulletin 2018: Supply chain hacking grows up WRAL TechWire : Lenovo stock takes big hit after chip hack report Leander Kahney / Cult of Mac : ‘Highly plausible’ Apple servers could be infected with spy chips, says former Apple hardware engineer Julian Clover / Broadband TV News : Did the Chinese insert microchips to spy on Amazon and Apple? Firstpost : Cyber attack using microchips is the latest tactic for state-sponsored Chinese hackers Financial Times : Lenovo, ZTE stocks tumble in wake of China ‘stealth’ chip claims Hannah Boland / Telegraph : Chinese stocks slip after report claims spy chips infiltrated US networks Talha Amjad / SegmentNext : Amazon, Apple Servers Compromised, Chinese Caught Red Handed Ellen Tannam / Silicon Republic : Apple and Amazon deny Chinese spy chip claims Alan R. Elliott / Investor's Business Daily : Stocks Mixed On Jobs Report, Trade Data: China's Lenovo Takes A Dive Dylan McGrath / EE Times : Apple, Amazon Refute China Chip Hacking Story the grugq : Supply Chain Security Speculation Jack Purcher / Patently Apple : Apple Fires out an Official Press Release to Debunk “The Big Hack” Story Posted today by Bloomberg-Businessweek Oliver Haslam / Redmond Pie : Apple Strongly Denies “The Big Hack” Report That Claims Chinese Spy Chip Were Found In Its Servers Stephen E. Arnold / Beyond Search : Sensational Development from Real Publishers Sean Keane / CNET : Apple, Amazon deny report that Chinese spy chips infiltrated their hardware Kate Fazzini / CNBC : Shares of the small server company at the center of a China tech spying scandal are down more than 50% Brendan Ferriter / Check Point Software Blog : “China's Big Hack"- Check Point Responds Maria Deutscher / SiliconANGLE : Bloomberg claims China planted spy chips in servers used by Apple and Amazon, but both refute story Doug Black / EnterpriseTech : Supermicro Motherboards Bugged by Operatives in China John Voorhees / MacStories : Apple Strongly Refutes Bloomberg Report That Its Servers Were Compromised by Malicious Chips Bob Bryan / Business Insider : Lawmakers say that China's reported use of a microchip to target tech giants like Amazon … Chris Smith / BGR : Bloomberg reports bombshell Chinese hardware attack on US tech companies, met with swift denials Josephine Wolff / Slate : There Is No Good Way to Stop China From Planting Microchips in American Electronics Joel Hruska / ExtremeTech : Amazon, Apple Servers Completely Compromised by Chinese Hardware Backdoors Joe Rossignol / MacRumors : Apple Denies Report Claiming Chinese Spies Planted Microchips in iCloud Servers Gareth Halfacree / bit-tech.net : Apple, Amazon, Supermicro deny Chinese hardware hack report Joan Engebretson / Telecompetitor : Huawei to FCC: Equipment Ban Would Put Some Rural Carriers Out of Business Bryan M. Wolfe / iDownloadBlog.com : Apple responds to Businessweek's Chinese hacking story Chris Ciaccia / Fox News : Apple denies explosive report of Chinese hacking on its servers Federal Computer Week : Report: China infiltrated supply chain of top server supplier Caitlin Fairchild / Nextgov : Report: China Used Tiny Chips to Infiltrate the U.S. Supply Chain Ryne Hager / Android Police : [Update x2: Amazon, Apple, Supermicro, and Chinese govt. issue denials] Chinese government snuck … Mitch Wagner / Light Reading : Chinese Hardware Hack Threatens US Tech Supply Chain Bloomberg Arif Bacchus / Digital Trends : Apple, government contractors were hacked using tiny Chinese chips, report says Tweets: Thomas Rid / @ridt : This is a huge story, apparently well-sourced. *If* the alleged PLA hardware hack played out as described—then we're looking at an intelligence operation of historic proportions https://www.bloomberg.com/... pic.twitter.com/bkUUOrrGny No Comment / @drance : After reading this Bloomberg story I have two questions: 1) Why not name the “third party company” that found this hack? What security firm wouldn't want credit for this? 2) FBI and DNI/CIA/NSA declined comment on this story primarily sourced from “US officials.” What's left? Neil Cybart / @neilcybart : Bloomberg claims Amazon was doing due diligence on Elemental when it supposedly was notified about the chips. One question I have: Why would Amazon go through with the Elemental acquisition after reporting Elemental to U.S. authorities? Zack Whittaker / @zackwhittaker : Facebook: “In 2015, we were made aware of malicious manipulation of software related to Supermicro hardware from industry partners through our threat intelligence industry sharing programs.” http://www.bloomberg.com/... Jon Russell / @jonrussell : The responses are next-level, too. This from Apple: “We are deeply disappointed that in their dealings with us, Bloomberg's reporters have not been open to the possibility that they or their sources might be wrong or misinformed...” https://www.bloomberg.com/... Ryan Mac / @rmac18 : Kinda interesting that Apple CEO Tim Cook gave an interview to Vice where he prioritized privacy the day before a massive story about a foreign actor infiltrating its servers. Probably not a coincidence? @thiojoe : And people wonder why you can't trust companies like Huawei. http://twitter.com/... Bob Davis / @bobdavis187 : Great story on how China uses supply chain to spy on companies. Better evidence than anything the administration has offered. http://www.bloomberg.com/... @ow : It's implied that the chipset that was hijacked is the management interface, which basically lets you do boring shit like reboot the machine or monitor the screen. (This is standard - see HP iLo). Pretty hard to actually mine data across this interface. Costin Raiu / @craiu : “There are so many inaccuracies in this article as it relates to Amazon that they're hard to count.” - Amazon statement on the Supermicro story is pretty strong: http://aws.amazon.com/... Fred Kaplan / @fmkaplan : China's tech/intellectual theft and corruption of supply chains have long been serious problems. There are ways to deal with them. Tariffs are not among them. http://twitter.com/... Austin Evans / @austinnotduncan : If you listen closely, you'll hear the entire hardware industry take a deep breath this morning. http://www.bloomberg.com/... Gabe Rivera / @gaberivera : Sad to hear that building systems with components from untrusted subcontractors, who in turn rely on untrusted subcontractors, in a cascade of neglect winding through the US's main cyber rival, can lead to subpar security. http://twitter.com/... Matthew Green / @matthew_d_green : Also, while Apple is denying the Bloomberg reporting — here is the explanation for why they cut ties abruptly with SuperMicro. Notice it's dodgy as hell. https://www.macrumors.com/... ht @mik235 pic.twitter.com/jngtAx804w Dustin Volz / @dnvolz : “Intelligence operation of historic proportions” Supply chain security isn't so boring now, is it? http://twitter.com/... Steve Inskeep / @nprinskeep : This story is amazing. Don't even need internet hackers to find a backdoor if you can have workers install one. http://www.bloomberg.com/... Shira Ovide / @shiraovide : This might be the scariest paragraph of a terrifying cyber attack story: After 3 years, the savviest tech companies don't have a solution to ferret out this hardware hack. pic.twitter.com/aJbdfHhbbG @ceciliakang : Must-read: China infiltrated hardware, which is much harder to root out than software surveillance: “The chips had been inserted during the manufacturing process, two officials say, by operatives from a unit of the People's Liberation Army.” https://www.bloomberg.com/... via @BW Melissa Chan / @melissakchan : This is a helluva investigation on something many of us had always suspected/assumed concerning China, but here's the smoking gun. http://twitter.com/... Melissa Chan / @melissakchan : “One country in particular has an advantage executing this kind of attack: China, which by some estimates makes 75 percent of the world's mobile phones and 90 percent of its PCs.” http://twitter.com/... Melissa Chan / @melissakchan : Chinese intelligence officers “threatened factory managers with inspections that could shut down their plants” if they didn't cooperate in the seeding of these chips bound for the US. http://twitter.com/... Melissa Chan / @melissakchan : “U.S. officials had caught China experimenting with hardware tampering before, but they'd never seen anything of this scale and ambition. The security of the global technology supply chain had been compromised, even if consumers and most companies didn't know it yet.” http://twitter.com/... @haidilun : The tech behind China's hardware hack is complex, but the tactics are straight out of the old-school China playbook: subcontractors were offered bribes by quasi-official middlemen to alter the motherboards' design, and threatened with inspections/closure if they didn't comply @BW http://twitter.com/... Justin Hendrix / @justinhendrix : Data center equipment run by Amazon Web Services and Apple may have been subject to surveillance from the Chinese government via a tiny microchip inserted during the equipment manufacturing process, according to a @business exclusive: http://www.bloomberg.com/... Chris Moran / @chrismoranuk : 'China's spies appear to have found a perfect conduit for what U.S. officials now describe as the most significant supply chain attack known to have been carried out against American companies.' https://www.bloomberg.com/... Janosch Delcker / @janoschdelcker : “This attack was something graver than the software-based incidents the world has grown accustomed to seeing. Hardware hacks are more difficult to pull off and potentially more devastating.” https://www.bloomberg.com/... via @BW Paul Mozur / @paulmozur : Oof, lurid details of a worst nightmare China supply-chain hack that hit US cos and gov't. This will probably hasten efforts to unwind US-China tech supply chains. Still think best policy is to audit/manufacture only critical systems that need to be secure https://www.bloomberg.com/... Melissa Chan / @melissakchan : This is a photo from the Bloomberg story on the Chinese microchip planted into the supply chain bound for the US. Take a look at the chip compared to a penny! https://bloom.bg/2OCRfgO pic.twitter.com/jZ5HMETNBr Haidi Lun Stroud-Watts / @haidilun : Your must-read today: @BW exclusive on how Chinese spies infiltrated companies incl Apple and Amazon by installing a tiny microchip onto US-bound server motherboards, resulting in the most significant attack on the American technology supply chain to date https://www.bloomberg.com/... Melissa Chan / @melissakchan : Holy f***. “Nested on the servers' motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn't part of the boards' original design.” https://bloom.bg/2OCRfgO Thanks: @edwininla