NSA Official Questions the Accuracy of 'The Big Hack' Report from Bloomberg

Donna Miller
October 11, 2018

Like Joyce, Jeanette Manfra, DHS's top cybersecurity official, said Wednesday that the department still hasn't found any information that corroborates the Bloomberg report.

A news report claiming a compromise of USA companies' supply chains by Chinese spies has triggered a thorough search in government and industry for evidence of the breach that has so far turned up nothing, according to a senior National Security Agency official, who expressed concern that the search was a distraction and potentially a waste of resources.

The security expert, Yossi Appleboum, provided documents, analysis and other evidence of the discovery following the publication of an investigative report in Bloomberg Businessweek that detailed how China's intelligence services had ordered subcontractors to plant malicious chips in Supermicro server motherboards over a two-year period ending in 2015.

In other words, Bloomberg - seemingly surprised by the forceful denials of its story - is arguing that only a small group of people were aware of the investigations it wrote about and so claims of inaccuracy may come from people who simply do not know about them.

The issue is sensitive given the tense state of relations between the USA and China, not to mention the danger of stock market and information-technology panic if China's tight grip on the computer supply chain compromised a huge number of servers in sensitive corporate and government facilities.

FitzPatrick was interviewed on Risky Business, a podcast that features "news and in-depth commentary from security industry luminaries".

"I have the expertise to look at he technical details and I have the knowledge to look at the technical details and see that they're jumbled", Fitzpatrick said.

Razer Phone 2 leaks thanks to premature Amazon listing
The Razer Phone 2 sports a 120hz display, vapor chamber cooling, and has an improved dual lens camera with Sony sensors. A Snapdragon 845 will replace the older 835 chipset with 64GB of storage and 8GB of RAM to go alongside it.

"Spreading hardware fear, uncertainty and doubt is entirely in my financial gain, but it doesn't make sense because there are so many easier ways to do this". Because the compromise would be at the hardware rather than software level it would be very hard to detect. He offered an interesting detail about the specific hardware hack he revealed to Bloomberg News: compromised Ethernet connectors tend to have metal sides instead of the more common plastic construction because they have to diffuse the heat generated by the powerful spy chip hidden inside.

On Monday, Apple sent a letter to Congress reiterating its denial of Bloomberg's report, saying it "has never found malicious chips, "hardware manipulations" or vulnerabilities purposely planted in any server".

Bloomberg first published a report last week detailing how Chinese intelligence had managed to sneak surveillance chips into the server motherboards provided by United States company Supermicro, which provides server components to some of the largest USA firms.

But other experts have also raised doubts, both because of the technical details and because of the kind of denials the companies have given.

The "grain of rice" size of the alleged chip implant raised red flags for multiple experts. Some in China also noticed it was a standard component - one skeptical article circulating on WeChat was titled (in Chinese), "The "spy chips" that Bloomberg exposed? I can buy them on Taobao for 1 yuan".

What does this all mean in the end? One possibility is that someone is lying: either the US government - after all, the damage to Chinese technology reputation is done, and in that sense, it won't matter if the story is true or not - or the companies.

"It's possible that well-meaning sources confused malware Apple reportedly found in Supermicro firmware with a hardware-based espionage campaign".

Other reports by

Discuss This Article