An explosive report in USA publication claims that China is spying on companies like Apple, Amazon and even United States organisations such as Federal Bureau of Investigation through the computers and servers that were made in China. "Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China", notes Bloomberg.
Citing 17 anonymous sources, the news outlet on Thursday reported that People's Liberation Army operatives managed to add tiny, nefarious microchips to server motherboards manufactured by Super Micro.
The attack was reportedly uncovered following Amazon Web Services' (AWS) $500m September 2015 acquisition video encoding startup Elemental Technologies. Elemental's servers could be found in Department of Defense data centers, the CIA's drone operations, and the onboard networks of Navy warships.
Amazon reported the findings to USA authorities, the report stated, but the investigation is still open some three years later.
According to the report, Apple and Amazon used Supermicro products in their respective data centers until 2015 or 2016, when both companies abruptly upgraded and switched providers. S. authorities, who determined that the chips allowed attackers to create "a stealth doorway" into networks using those servers, the story said. The lengthy statement can be found here (published separately from the original report), along with statements from Amazon, Super Micro and China's Ministry of Foreign Affairs, which are also named in the story.
That just leaves Bloomberg, which claims the issue was first discovered by Apple in May, 2015 and quietly reported to the Federal Bureau of Investigation.
Apple and Amazon have distanced themselves from claims that they were among U.S. companies targeted by the Chinese hackers. Supermicro itself is not implicated and disputes the Bloomberg report. Apple and AWS deny these moves involving Super Micro were related to chip worries.
"While we would cooperate with any government investigation, we are not aware of any investigation regarding this topic nor have we been contacted by any government agency in this regard", Super Micro's statement said.
Amazon subsidiary Amazon Web Services, which provides on-demand cloud computing platforms, was described in the Bloomberg story as having known about the malicious chips and working with the FBI to investigate the matter. "On this, we can be very clear: Apple has never found malicious chips, ´hardware manipulations´ or vulnerabilities purposely planted in any server", Apple told Bloomberg.
"As we shared with Bloomberg BusinessWeek multiple times over the last couple months, this is untrue", Amazon said in a statement, which you can read here. This level of hardware hacking would be borderline unprecedented in scope, and Bloomberg claims the FBI opened an investigation (after the incident was reported by Apple) that's still in progress three years later.