Bloomberg Doubles Down on Accusing China
Bloomberg reported last week of the Chinese spying on US companies through a miniscule chip installed on Supermicro server motherboards.
Shortly after, Supermicro, along with Amazon and Apple have issued independent statements vehemently refuting the claim. The latter two being some of the companies supposedly using the compromised hardware, effectively calling Bloomberg’s report baseless.
The Chinese government has also denied the accusations, claiming that they are in fact advocates and a “resolute defender of cybersecurity”.
Now Bloomberg has released another article claiming that more evidence of hardware tampering has surfaced. This time installed on network ports, supposedly to sniff out incoming and outgoing data.
What Led to the Discovery of the Breach?
The new issue was apparently discovered by a major US telecom company, who Bloomberg is not naming. Although this time, they are naming and have talked to one of the security experts working for the telecom company.
According to Bloomberg it was this security expert, Yossi Appleboum, who provided them documents, analysis and other evidence of the discovery following their previous article publication.
Mr. Appleboum is the co-chief executive officer of Sepio Systems in Gaithersburg, Maryland. He had also previously worked in the technology unit of the Israeli Army Intelligence Corps. Serpio Systems specializes in hardware security, and scanned several large data centers owned by the unnamed telecom.
According to Appleboum, the server modification took place at the factory. It is also a Supermicro motherboard, although he states that this is by subcontractors. From his sources in the Western intelligence community, Appleboum claims that this board is specifically from a subcontractor factory in Guangzhou, a port city in Southeastern China.
“Supermicro is a victim — so is everyone else,” he claims, stating that this is an industry wide issue.
In a follow-up by ServeTheHome, Appleboum claims that the Bloomberg article makes it seem that this was just an isolated issue. Even though he in fact claims that he observed the breach in various devices as well, including network switches and more. So the problem could be a much bigger issue than previously thought.
