Super Micro Shares Drop 41% After Report Alleging Chinese Hacking

Share

Apple has denied that its iCloud server hardware was infiltrated by Chinese spy chips.

The attack was reportedly discovered in 2015 by the USA intelligence services, as well as by Apple and Amazon as the companies purchased servers made by Super Micro Computer.

Apple ended its relationship with Super Micro in 2016, for what it called unrelated reasons.

A CHINESE SUPPLY CHAIN ATTACK infiltrated servers used by almost 30 companies, including Apple, Amazon and U.S. government contractors, according to a blockbuster report from Bloomberg Businessweek. The spies' objective was to be able to gain access to "high-value corporate secrets and sensitive government networks", the report said. The outlet noted that the investigation is still ongoing, three years after the initial discovery. It was interested in an acquisition that would help it expand Prime Video, its video streaming service.

"It's untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental", the company added.

In late spring of 2015, Elemental's staff boxed up several servers and sent them to Ontario, Canada, for the third-party security company to test, the person says. Amazon Web Services (AWS) said it found no issues. After spotting tiny chips on the servers' motherboards which were not part of the original design, Amazon reported its findings to United States authorities, "sending a shudder through the intelligence community".

"We remain unaware of any such investigation", said Super Micro. In addition to Apple and Amazon, the servers "could be found in Department of Defense data centers, the CIA's drone operations, and the onboard networks of Navy warships".

Super Micro noted that it wasn't aware of "any investigation regarding this topic nor have we been contacted by any government agency in this regard". The probe also concluded that Chinese subcontractors implanted the chips, officials tell Businessweek. It was significantly more sophisticated than a software-based attack, and potentially much more devastating.

Out of the two press releases, the most noteworthy comment came from Apple, which says that its objections to the story are not due to confidentiality agreements or gag orders. Amazon disputes Bloomberg's report that the company took its findings to authorities, setting off alarm bells across the intelligence community as Supermicro has hundreds of government customers. "Over the course of the past year, Bloomberg has contacted us multiple times with claims.of an alleged security incident at Apple", the company said in an emailed statement to Bloomberg. China´s Ministry of Foreign Affairs did not respond to a written request for comment. We also want them to know that what Bloomberg is reporting about Apple is inaccurate.

In total, 17 people are said to have confirmed the story - three of which are claimed to be Apple "insiders".

Share