On Thursday morning an explosive report from Bloomberg was posted titled "The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies." Apple went into high gear with an official press release hours later debunking the story. The story even rattled the Chinese government enough for them to deny that they're spying on companies.
America's Homeland Security put out a very weak statement on the issue on Saturday wherein they noted that "The Department of Homeland Security is aware of the media reports of a technology supply chain compromise. Like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story."
Does that mean that at "another time" they may have reason to doubt the statements? I found no confidence in their issued statement.
Then on Sunday, Apple Inc's top security officer told Congress that it had found no sign of suspicious transmissions or other evidence that it had been penetrated in a sophisticated attack on its supply chain.
Apple Vice President for Information Security George Stathakopoulos wrote in a letter to the Senate and House commerce committees that the company had repeatedly investigated and found no evidence for the main points in a Bloomberg Businessweek article published on Thursday, including that chips inside servers sold to Apple by Super Micro Computer Inc allowed for backdoor transmissions to China."
To some, where there's smoke there's fire. The ripple effect of the Bloomberg report, a report that the publication is confidently backing, is most definitely rocking countries that are competing with China's economic aggression such as Taiwan and South Korea where the story is getting a lot of press.
Reaction outside the U.S.
While the Bloomberg report ripped through US news sites and blogs last week, we're now seeing that it's having a major ripple effect in Asia as reports begin to surface.
Digitimes reports today that "Taiwan-based server motherboard makers are likely to be required by their clients to accelerate their plans to move production back to Taiwan or other sites outside China, following a recent Bloomberg report that claimed China implanted spy chips on Supermicro's server boards made in the country.
Business Korea posted a report this morning titled "Supermicro Servers in Wide Use in S. Korean Corporations, Government Agencies."
Servers from Supermicro, which are regarded as the Chinese government's spy servers, are in wide use in South Korean financial institutions, large corporations and state-run research institutes, including the Electronics and Telecommunications Research Institute and the Korea Aerospace Research Institute (KARI). As such, concerns are growing over tech leaks.
The possibility of confidential data leakage from South Korea to China cannot be ruled out, either. "Not only network equipment but also servers, which are the core of IT infrastructure, have backdoors for remote repair and maintenance," said professor Yim Jong-in at the Graduate School of Information Security of Korea University, adding, "It is irresponsible for large corporations, which have social responsibilities, to adopt Chinese equipment simply for lower prices."
The Korea Times posted a report today titled "Korea on alert over China's 'spy microchip'."
The report notes that "Concerns are growing here over the possible leaking of the country's industrial technologies and other critical intellectual properties to China amid a controversy over a Chinese military unit's alleged installation of tiny microchips into computer servers of almost 30 U.S. companies, including Amazon and Apple.
A number of Korean companies and institutions have been using Chinese IT products as they are believed to be cost effective.
Analysts said if high-level information on patents and other industrial technologies were extracted, the damage would be significant.
The news comes at a time when security concerns surrounding fifth-generation (5G) network equipment made by Chinese firm Huawei have become a hot potato here as Korean telecom companies are working to select 5G partners ahead of the launch of the world's first commercial service in March next year."
As a side note it should be noted that back in February the NSA, FBI and CIA put out warnings not to use Huawei phones, let alone server or 5G network equipment.
The Nikkei Asian Review posted a report on Saturday titled "China 'spy chips' rattle global data center supply chain."
The accusation that the Chinese military had infiltrated Supermicro's supply chain to spy on companies and government agencies comes as tensions escalate between Washington and Beijing over trade and technology. The report raises the possibility that compromised servers have been supplied to sensitive areas of the U.S. government like the Department of Defense and the Central Intelligence Agency.
U.S. Vice President Mike Pence on Thursday accused China of meddling in American elections and claimed the Chinese Communist Party was using a variety of tactics to spread its influence inside the U.S. and around the world.
Chinese electronics industry stocks also sold off, with Hong Kong-listed PC and server maker Lenovo Group tumbling 15% and smartphone company ZTE falling 11%.
One executive from Taiwan's Quanta Computer, a data center server builder for Google, Facebook, Amazon, warned that the complexity of the manufacturing process for motherboards posed a potential risk.
"The motherboards for servers are so complicated and have so many layers," he told the Nikkei Asian Review. "They need thousands of components to be mounted. It could go wrong if the management is not well-supervised."
It is also possible that a malicious chip could be hidden in the inner layer of printed circuit boards during their manufacture as some advanced boards already come with embedded capacitors, resistors and even antenna before other components are mounted, another supply chain management engineer said."
So while Apple and Amazon have vehemently denied Bloomberg's report, other countries have been rattled over the charges of spy chips in servers. Over the years there has been story after story after story about Chinese hackers stealing sensitive US. technology. The latest Bloomberg report is simply another piece in the puzzle over China's elaborate spy agency tactics.
In the end is the issue of spy chips really over because a few tech companies have denied ever being hacked? Wasn't Apple's denial enough for this story to just go away? Apparently not, as we've seen the ripple effect of this story hitting Asian tech companies and governments hard. Paranoia is growing.
The LA Times reported back in April that China's 'Made in China 2025' policy is a blueprint for transforming the country from a labor-intensive economy that makes toys and clothes into one that engineers advanced products like robots and electric cars. The Trump administration views it as an attempt to steal U.S. technology and control cutting-edge industries."
The U.S. Government and it's various security agencies understand the spying and hacking prowess of China and it's why they've been twisting the arms AT&T and other technology companies to not work with certain Chinese industry players like Huawei.
While only time will tell, it's very clear as we've pointed out in this report that many players and countries outside of the U.S. are very concerned over this issue because of the complexity of detecting such chips in a very complex manufacturing process of motherboards. How do they convince customers that they have the means to actually detect one super micro-spy chip amongst thousands of components on a server motherboard?
On a last note, and as odd as it sounds, the war between the countries of the Five Eyes security agency alliance and Apple and other Silicon Valley players over encrypted data giving spies and criminals protection that they shouldn't have is only going to escalate with stories like the one Bloomberg published last week.
The issue over security in its various forms is only going to escalate over the coming months and years ahead, so stay tuned as this issue is far from over.