An investigative report by Bloomberg on Friday (Feb. 12) said Beijing has used the technology supply chain to conduct a long-running spying campaign against the United States.
The report said San Jose, California-based computer hardware maker SuperMicro Computer Corp. had malicious code and chips planted in China in server motherboard equipment made in China that had been used by U.S. companies and some government departments.
As an example, the report said the U.S. Department of Defense discovered in 2010 that thousands of computer servers were transmitting military network data to China, and an investigation later found that this was due to malicious code hidden on the chips running the machines’ startup programs. 2014, Intel Corp. discovered that a Chinese hacking group had compromised their network through a server that downloaded malicious software from the supplier’s SuperMicro update website. In 2015, the FBI warned several companies that Chinese spies had planted a chip embedded with backdoor code on Metso Micro’s servers.
The Bloomberg report said the U.S. intelligence community did not make public the specifics of the situation, but instead launched an investigation and counterintelligence effort to try to get to the bottom of China’s case.
Bloomberg said it was unclear whether the investigation was continuing and the full findings, but the FBI had hired a private agency in 2018 to analyze the U.S. Super Micro devices that were implanted with the chip.
Jay Tabb, a former senior FBI official, told Bloomberg that the Metsumicro incident demonstrates the broad risks in the global supply chain and “perfectly illustrates the vulnerability to potentially malicious tampering of any product that a U.S. company chooses to manufacture in China.”
He added, “The Chinese government has been doing this for a long Time, and companies need to realize that China is still doing it.”
Bloomberg quoted former U.S. officials as saying that neither US Supermicro nor any of its employees have been charged with illegal conduct and that the company is not the target of a counterintelligence investigation.
Bloomberg reported in 2018 that server motherboards made by US Supermicro in China were implanted with microchips by Chinese spies, affecting about 30 companies and some U.S. government departments, including Apple and Amazon, two U.S. tech giants.
That report drew widespread attention and controversy. Maxmicro, Apple and Amazon all refuted the report, saying that after an investigation, they found no evidence of the problems mentioned in the report. The U.S. national security authorities also said there was no reason to doubt the denials of the companies involved in the reports in question.
In response to Bloomberg’s latest report, Super Micro issued a statement Friday saying the company had never been contacted by the U.S. government, or any other partner or customer, about the alleged investigation, calling the report “a hodgepodge of disparate and inaccurate allegations from many years ago, with conclusions that are far-fetched and do not stand up to scrutiny.”
In a written statement to Bloomberg, China’s foreign ministry said the allegations in the report denigrate China and Chinese companies and accused U.S. officials of fabricating facts and fanning the China threat theory. “China has never and will never ask companies or individuals to collect data, information and intelligence from other countries for the Chinese government by planting ‘backdoors,'” the statement said.
Bloomberg said the latest report was based on interviews with 50 people from law enforcement, the military, Congress, intelligence agencies and the private sector. The report quotes Frank Figliuzzi, a former assistant director of counterintelligence at the FBI, as saying that the U.S. Super Micro incident is a wake-up call to the industry.
If you think this is just about one company, you’re missing the point,” he said. For everyone in the tech supply chain, this is a ‘don’t let this happen to you’ moment.”
James Lewis, director of the strategic technology program at the Center for Strategic and International Studies (CSIS), a Washington think tank, told Voice of America, “China is the most aggressive spying adversary the United States faces, and China has been spying on U.S. companies for years. China’s government Hackers are getting more sophisticated every year. It’s like a Chinese version of Sunwind – a massive supply chain hacking operation that exposes thousands of targets.”
The Sunwind he’s referring to is the one in which Russia is accused of hacking Sunwind’s surveillance software, Orion, to hijack the network, violating up to 18,000 Sunwind customers, including sensitive federal agencies.
Recent Comments