Bloomberg Businessweek appeared to have a major scoop on Oct. 4, when it reported on an investigation of an alleged spy hack by the Chinese government that infiltrated as far as CIA network servers.
The hack, the report said, originated with motherboards manufactured in China for San Jose, Calif.-based server tech vendor Super Micro Computer Inc. (aka “SuperMicro”). The tech company is alleged to have sold corrupted motherboards to unwitting clients including Apple and Amazon. These motherboards are said to have had tiny, grain-of-rice-sized chips embedded into them that would allow backdoor access to otherwise secure networks by Chinese operatives.
On Tuesday, Bloomberg published a follow-up, reporting that an unnamed U.S. telecom company found and removed “manipulated” SuperMicro hardware in August. This discovery, the news agency said, was provided by an Israeli security expert, after he read Bloomberg’s initial report last week.
Bloomberg said that its two veteran reporters behind the story talked to 17 sources working for Apple, Amazon and in the national intelligence community.
But the latest report represents a kind of doubling down for Bloomberg, which received extraordinarily vehement denials on its original story from Apple, Amazon and SuperMicro last week.
“On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server," the computer giant said in a statement. “Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.”
Apple didn’t stop there. It’s VP of information security, George Stathakopoulos, sent a letter to key Congressional committee heads over the weekend, assuring them the story is simply “not true.”
“We are struck by the fact that the gravity and magnitude of the claims seemed to be undermined by their uncertainty around key details,” Stathakopoulos wrote.
Bloomberg said the investigation into the spy chips began in 2015, when Amazon purchased cloud video company Elemental Technologies and asked to audit some of their motherboards.
"As we shared with Bloomberg BusinessWeek multiple times over the last couple months, at no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems," Amazon said in an emailed statement. "Additionally, we have not engaged in an investigation with the government.”
Amazon later added, “[W]hen Amazon was considering acquiring Elemental, we did a lot of due diligence with our own security team, and also commissioned a single external security company to do a security assessment for us as well. That report did not identify any issues with modified chips or hardware.”
Still, it’s a world-shaking story … if it holds up,” noted New York Magazine.
But with two notoriously press-shy companies being so aggressive in their denials, New York wondered, if Bloomberg Businessweek, “a very cautious publication with extremely stringent editing standards, and two veteran reporters with decades of experience between them, got badly played by over a dozen sources spread across Apple, Amazon, and the national intelligence community.”