Chinese spies reportedly inserted chips into servers belonging to Apple, Amazon

Today, executives from both Amazon and the server manufacturer, Super Micro, are calling for the retraction of a Bloomberg report published earlier this month. The report alleged that these chips were able to compromise the computer networks of as many as 30 companies, including networks belonging to Amazon.

Last week, Apple CEO Tim Cook called for Bloomberg to retract a report claiming that Chinese spies smuggled malicious microchips into a company server. In an unprecedented move, Cook sat down for an interview with BuzzFeed News last week in order to address the allegations proposed in the Bloomberg report. Cook said, “This did not happen. There’s no truth to this,” eventually calling for the publication to retract the story which he said Apple had been denying in conversations with reporters for months.

In an interview with BuzzFeed News, Apple CEO Tim Cook called on Bloomberg to retract its story alleging that Chinese spies compromised a company server through the use of malicious microchips. It’s the first time Cook has gone on the record to contest the allegations.

“This did not happen. There’s no truth to this,” Cook said in the interview.

On Thursday, US director of national intelligence Dan Coats told Cyberscoop that he has yet see any evidence to corroborate the claims that Chinese spies compromised critical US tech infrastructure following a report by Bloomberg earlier this month.

“We’ve seen no evidence of [Chinese hardware manipulation],” Coats said, “but we’re not taking anything for granted.”

Apple has come out swinging at last week’s Bloomberg spy chip report today with a new letter to some of the biggest tech watchdogs in Congress, flatly denying that any of the company’s servers were compromised through the use of microchips implanted by Chinese spies.

The letter, which was previously reported but recently made publicly available, assumes the same tough stance on the Bloomberg report that the company took on when it came out with its first press release last week. “Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server,” wrote Apple’s vice president of information security George Stathakopoulos to the Senate Commerce and House Energy and Commerce Committees. “We never alerted the FBI to any security concerns like those described in the article, nor has the FBI ever contacted us about such an investigation.”

Apple, Amazon, and Supermicro each released a forceful denial that their systems were tampered with following the publication of a Bloomberg Businessweek report last week, which alleged that Chinese agents introduced microchips into servers manufactured in the country. In a letter to Congressional officials, Apple reiterated its denial, saying that it has found no sign of tampering.

Reuters obtained a letter written by George Stathakopoulos, Apple’s Vice President for Information Security, which he sent to the commerce committees for both the US Senate and US House. In it, he says that “Apple’s proprietary security tools are continuously scanning for precisely this kind of outbound traffic, as it indicates the existence of malware or other malicious activity. Nothing was ever found.” He also reiterated that Apple hadn’t contacted the FBI over such an issue, as alleged in the report, and indicated that he would be available to brief Congressional staff in the coming days.

Following last week’s bombshell report from Bloomberg Businessweek that claimed that Chinese spies infiltrated commercial servers in the US with hidden microchips, the Department of Homeland Security says that it has “no reason to doubt the statements from the companies named in the story.”

The statement concurs with what UK cybersecurity officials said on Friday: that they were aware of the reports, but didn’t have any reason to doubt Amazon and Apple’s forceful denials that their systems were compromised. DHS notes that it is aware of the report, and said that it recently launched several “government-industry initiatives to develop near- and long-term solutions to manage risk posed by the complex challenges of increasingly global supply chains.”

The UK’s top national cybersecurity agency GCHQ told Reuters on Friday that it didn’t see any reason to question the validity of Apple and Amazon’s denials that their servers were compromised following a meteoric report from Bloomberg on Thursday. The report claimed that Chinese spies were able to place microchips in the companies’ servers, allegedly giving the Chinese government backdoor access to some of the largest cloud platforms in the world.

The GCHQ, which is the UK’s equivalent to the US National Security Agency (NSA), didn’t call for an investigation into the claims, but it requested that anyone with information about the alleged attack reach out. In its response to Reuters, the GCHQ said, “We are aware of the media reports but at this stage have no reason to doubt the detailed assessments made by AWS and Apple,” said the National Cyber Security Centre, a unit of GCHQ.

This week on The Vergecast, Nilay, Dieter, and Paul bring in experts to report on the top stories on the site this week. Reporter and host of Why’d You Push That Button Ashley Carman stops by the studio to explain the Bloomberg report detailing “Chinese spy chips” that may have been planted on servers from companies like Apple and Amazon.

After that bizarre piece of news, senior editor Dan Seifert comes on the show to talk about the Microsoft hardware event he attended this week and the new products that were announced.

Chinese operatives allegedly poisoned the technical supply chain of major US companies, including Apple and Amazon by planting a microchip on their servers manufactured abroad, according to a Bloomberg report today. The story claims that one chip, which was reportedly planted on servers’ motherboards assembled for a company called Elemental by a separate company called Super Micro Computer, would allow attackers to covertly modify these servers, bypass software security checks, and, essentially, give the Chinese government a complete backdoor into these companies’ networks.

Affected companies are vigorously disputing the report, claiming they never discovered any malicious hardware or reported similar issues to the FBI. Even taking the Bloomberg report at its word, there are significant unanswered questions about how widely the chip was distributed and how the backdoor access was used.

Both Apple and Amazon are vehemently denying claims that their servers were compromised by Chinese spies following an explosive report from Bloomberg on Thursday. The report claims that spies were able to infiltrate some of the country’s biggest tech companies by inserting microchips the size of “a grain of rice” into Chinese-manufactured servers, part of the tech giants’ infrastructure. The report alleges that the companies discovered the chips on their own and notified US authorities, but both Apple and Amazon are refuting that any of the claims cited in the story are actually founded in reality.

The responses are heavily detailed, denying the Bloomberg report point-by-point. It’s something these companies rarely, if ever, do. Most statements following the discovery of security flaws or public backlash only ever acknowledge the concerns and make vague promises on behalf of consumer privacy.

Chinese spies have infiltrated the supply chain for servers used by nearly 30 US companies, including government contractors, Apple, and Amazon, according to an explosive report from Bloomberg Businessweek.

The operation is perhaps the most audacious example of hardware hacking by a nation state ever publicly reported, with a branch of China’s armed forces reportedly forcing Chinese manufacturers to insert microchips into US-designed servers. The chips were “not much bigger than a grain of rice,” reports Bloomberg, but able to subvert the hardware they’re installed on, siphoning off data and letting in new code like a Trojan Horse.