Thu, Oct 11, 2018 - Page 12 News List

Senators question Supermicro on Chinese hack report


Two US senators sent a letter to Super Micro Computer Inc asking if and when the company found evidence of tampering with hardware components after a Bloomberg Businessweek report described how China’s intelligence services used subcontractors to plant malicious chips in the company’s server motherboards.

US senators Marco Rubio and Richard Blumenthal on Tuesday gave the company until Wednesday next week to respond to a list of questions that also includes whether the company investigated its supply chain and cooperated with US law enforcement.

In Bloomberg Businessweek’s report, one official said investigators found that the Chinese infiltration through Super Micro reached almost 30 companies, including Inc and Apple Inc.

Super Micro, Amazon and Apple disputed the findings.

The US Department of Homeland Security said it has “no reason to doubt” the companies’ denials of Bloomberg Businessweek’s reporting.

“We are alarmed about the dangers posed by backdoors, and take any claimed threat to the nation’s networks and supply chain seriously,” the lawmakers said in the letter. “These new allegations require thorough answers and urgent investigation for customers, law enforcement and Congress.”

Cybersecurity is becoming an increasingly important topic of congressional investigation following concerns about foreign actors compromising election security and technology infrastructure.

Among the targets of the Chinese hack identified by Bloomberg was a contractor that made software to help funnel drone footage to the CIA and communicate with the International Space Station.

The infiltration of the computer systems, which stemmed from servers assembled by Super Micro, was investigated as part of an FBI counter-intelligence probe, the Bloomberg Businessweek report, citing national security officials familiar with the matter.

Investigators found that tiny microchips, not much bigger than a grain of rice, had been inserted during manufacturing in China onto equipment made by subcontractors of Super Micro.

The San Jose, California-based company is one of the world’s biggest suppliers of server motherboards, the fiber-mounted clusters of chips and capacitors that act as neurons of data centers.

Investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines, the report said, citing people familiar with the matter.

In e-mailed statements, Amazon, Apple and Super Micro disputed Bloomberg Businessweek’s reporting.

“We hope parties make less gratuitous accusations and suspicions, but conduct more constructive talk and collaboration,” the Chinese government said in an e-mailed statement.

Bloomberg News on Tuesday reported that a major US telecommunications company discovered manipulated hardware from Super Micro and removed it in August, citing Yossi Appleboum, a security expert for the telecommunications company.

He provided documents, analysis and other evidence of the discovery after the publication of the Bloomberg Businessweek report.

Bloomberg is not identifying the company due to Appleboum’s non-disclosure agreement with the client.

Based on his inspection of the device, Appleboum determined that the telecom company’s server was modified at the factory where it was manufactured.

He said that he was told by Western intelligence contacts that the device was made at a Super Micro subcontractor factory in Guangzhou, China.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top