Amazon and Apple targeted by China through microchip: Bloomberg

Amazon CEO Jeff
Bezos.
Getty

• Chinese spies attempted to plant tiny microchips in the
  data centers of 30 major American companies, including Amazon
  and Apple, according to a Bloomberg investigation.
• Amazon reportedly discovered the issue in 2015 after
  buying video service firm Elemental. Bloomberg said Amazon
  alerted US authorities, who are still investigating.
• The hack is said to have sent a “shudder through the
  intelligence community.”
• Amazon and Apple both strongly rejected the findings,
  which Bloomberg said were based on conversations with 17
  anonymous sources, including insiders at both tech
  giants.

Amazon and Apple were among 30 companies targeted by Chinese
spies through a tiny microchip that infiltrated the supply chain
for American technology firms,
according to Bloomberg.

The Bloomberg Businessweek investigation found that Chinese
operatives managed to insert microchips, no bigger than a grain
of rice, into hardware supplied to US firm Supermicro, described
as one of the world’s biggest sellers of server motherboards.

Supermicro’s compromised motherboards were built into the servers
of the US companies targeted. China’s reported goal was to access
these data centers and swipe confidential information. No
consumer data is known to have been stolen, Bloomberg said.

Amazon first spotted the microchips while doing the due diligence
for its $500 million acquisition of US
video service firm Elemental in 2015. Amazon hired a
third-party to test Elemental’s servers, which had been put
together by Supermicro. After spotting tiny chips on the servers’
motherboards which were not part of the original design, Amazon
reported its findings to US authorities, “sending a shudder
through the intelligence community.” A secret investigation
remains open three years later.

Citing three internal sources, Bloomberg said Apple also
discovered the malicious chips in motherboards supplied by
Supermicro in 2015. A year later, Apple ended its relationship
with Supermicro for what it described as unrelated reasons.

Amazon, Apple, and Supermicro did not immediately respond to
Business Insider’s request for comment. All three companies,
however, strongly disputed the findings in statements to
Bloomberg.

Amazon said: “It’s untrue that Amazon Web Services knew about a
supply chain compromise, an issue with malicious chips, or
hardware modifications when acquiring Elemental.”Apple added:
“Apple has never found malicious chips, ‘hardware manipulations’
or vulnerabilities purposely planted in any server.”

Supermicro said it was unaware of an investigation, while US
investigators, including the FBI, declined to comment. The
Chinese government did not address the report. “Supply chain
safety in cyberspace is an issue of common concern, and China is
also a victim,” it told Bloomberg.

Bloomberg said its report was based on confirmations of the hack
by 17 unnamed people. These included six current and former
national security officials, two Amazon insiders, and three
sources at Apple.

One official told Bloomberg Businessweek that investigators found
that the microchip problem affected almost 30 companies,
including a major bank and government contractors.