The business intelligence service Bloomberg publishes again a 2018 accusation of hardware espionage against China. Individual Supermicro brand motherboards manufactured in the People’s Republic are said to have been equipped with an additional chip that Supermicro did not order. The FBI, the domestic secret service, noticed this in 2014. And already in 2008, additional chips were discovered on Lenovo laptops of the US military.
Seven unspecified former US officials reportedly said that the additional chip opened a back door into the Supermicro devices. After the discovery, the FBI warned potential espionage targets in the United States. That was stated by eleven former managers of these potential victims, it says Bloomberg Message. The FBI is said to have spoken of thousands of servers affected at the time – but elsewhere in the report only “small batches” are mentioned.
“He wasn’t a guy who stole a motherboard and then soldered a chip in his hotel room,” Bloomberg quotes IT security expert Mike Quinn, who was once employed by Cisco and Microsoft. The additional chip was taken into account in the architecture of the device and integrated into the multilayer board.
The FBI investigation was actually triggered by contaminated BIOS code. And the threat couldn’t have been that great: As Bloomberg itself reports, US government institutions continued to buy supermicro hardware as a result. Only in particularly sensitive areas would she have done without.
And in 2014 the US not only allowed Lenovo to buy Motorola Mobility from Google, it also allowed Lenovo to take over IBM’s x86 server division. However, in 2013 the Canadian government prevented Lenovo’s takeover of Blackberry, with reference to the national security of the monarchy.
It is unclear why Bloomberg is now warming up the allegations made in 2018. The report is full of denials. Of course, the Chinese embassy denies everything, but even Supermicro says it has never heard of excess chips.
Supermicro would be held liable several times for sweeping such a big problem under the rug. For example, Bloomberg discovered in an annual report for the company that it had been hacked several times, albeit without major damage. Supermicro should of course have published an espionage problem in the hardware supply chain.
The NSA “cannot confirm that there was such an incident or any reactions.” The White House, the National Intelligence Director, the Department of Homeland Security and the FBI have all declined to comment. It would be in their political interest to raise awareness about the risks of Asian supply chains that have become known.
According to the 2018 report, Amazon and Apple found additional chips on Supermicro motherboards. But these corporations vehemently deny this. Apple even made this clear in a letter to leading US MPs: “We want to assure you that the Bloomberg Businessweek report, which alleges that our servers have been compromised, is not true,” wrote Apple security chief George Stathakopoulos at the time, “Apple has never found malicious chips, ‘hardware tampering’ or intentionally built security holes in a server. ”