Here’s one more bit of pushback to add to all of the denials and counters and head-scratching that accompanied the October publication of a bombshell Bloomberg BusinessWeek story about a secret Chinese hacking operation. You may recall it involving the allegation that Chinese agents had secretly planted malicious hardware onto Supermicro servers that were eventually were put into use by companies like Apple and Amazon.
Denials came swiftly from Amazon, Apple, and several other corners, and Apple CEO Tim Cook even took the rare step of calling on the publication to retract the story. And now, two months later, Supermicro has released a statement after having conducted an internal audit of its own systems. Yep, you guessed it: The statement amounts to, basically, we have no idea what this story is based on, but we didn’t find any evidence to support it.
In a letter dated December 11th, 2018 and signed by three executives, including Supermicro president and CEO Charles Liang, the company explains that it tapped an unnamed third-party investigations firm to test a representative sample of its motherboards.
“After a thorough examination and a range of functional tests, the investigations firm found absolutely no evidence of malicious hardware on our motherboards,” the letter reads. “We appreciate the industry support regarding this matter from many of our customers, like Apple and AWS. We are also grateful for numerous senior government officials, including representatives of the Department of Homeland Security, the Director of National Intelligence, and the Director of the FBI, who early on appropriately questioned the truth of these media reports.”
According to Reuters, Nardello & Co. conducted the analysis of old and new Supermicro motherboards.
Upon its publication, the BusinessWeek article certainly told a story that sounded ominous and plausible. The outlet isn’t known for being cavalier with sources and facts, which is another reason people wondered if it should be given the benefit of the doubt. At the same time, people started to poke holes in the story over things like its spotty description of how the actions it describes were actually carried out, and one of the story’s main sources claims that the story Bloomberg ultimately ran with didn’t make any sense.
Today’s news, of course, offers just one more in what’s proving to be a long line of oddities related to the story. As a refresher, here’s an excerpt from that piece that got everyone talking:
The chips had been inserted during the manufacturing process, two officials say, by operatives from a unit of the People’s Liberation Army. In Supermicro, China’s spies appear to have found a perfect conduit for what U.S. officials now describe as the most significant supply chain attack known to have been carried out against American companies.
One official says investigators found that it eventually affected almost 30 companies, including a major bank, government contractors, and the world’s most valuable company, Apple Inc. Apple was an important Supermicro customer and had planned to order more than 30,000 of its servers in two years for a new global network of data centers.