NSA Senior Advisor Latest to Question Report Claiming China Hacked Apple's Former Server Supplier

MacRumors

macrumors bot
Original poster
Apr 12, 2001
48,664
10,093



Rob Joyce, Senior Advisor for Cybersecurity Strategy at the NSA, is the latest official to question the accuracy of Bloomberg Businessweek's bombshell "The Big Hack" report about Chinese spies compromising the U.S. tech supply chain.


"I have pretty good understanding about what we're worried about and what we're working on from my position. I don't see it," said Joyce, speaking at a U.S. Chamber of Commerce cyber summit in Washington, D.C. today, according to a subscriber-only Politico report viewed by MacRumors.

"I've got all sorts of commercial industry freaking out and just losing their minds about this concern, and nobody's found anything," Joyce added.

Joyce, a former White House cybersecurity coordinator, noted that all of the companies named in the Bloomberg Businessweek report have issued strong denials, including Apple, Amazon, and Supermicro. He said those companies would "suffer a world of hurt" if regulators later determine that they lied.

Apple's statement read in part:
On this we can be very clear: Apple has never found malicious chips, "hardware manipulations" or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.
Bloomberg Businessweek, citing 17 unnamed sources, claimed that Chinese spies planted tiny chips the size of a pencil tip on server motherboards manufactured by Supermicro at its Chinese factories. The servers were then sold to companies such as Apple and Amazon for use in their respective data centers.

An unnamed government official cited in the report said China's goal was "long-term access to high-value corporate secrets and sensitive government networks," but no customer data is known to have been stolen.

The report claimed that Apple discovered the suspicious chips on the motherboards around May 2015, after detecting odd network activity and firmware problems. Two senior Apple insiders were cited as saying the company reported the incident to the FBI, but kept details about what it had detected tightly held.

Apple dropped Supermicro as a supplier in 2016, a decision the company said it made for reasons unrelated to "The Big Hack" story.

Joyce is far from the only source to question the accuracy of the Bloomberg Businessweek report. Both the U.S. Department of Homeland Security and the U.K.'s national cyber security agency have said they have "no reason to doubt" Apple's denial of the story, while the FBI is said to be unaware of the hack.

"We're just befuddled," said Joyce. He added that he had "grave concerns about where this has taken us," according to Politico. "I worry that we're chasing shadows right now. I worry about the distraction that it is causing."

In related news, Reuters reports that U.S. Senator John Thune has sent letters to the CEOs of Apple, Amazon, and Supermicro with questions about the allegations. U.S. Senators Marco Rubio and Richard Blumenthal also sent a joint letter to Supermicro CEO Charles Liang with similar questions.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: NSA Senior Advisor Latest to Question Report Claiming China Hacked Apple's Former Server Supplier
 

AngerDanger

macrumors 601
Dec 9, 2008
4,689
21,243
Bloomberg Businessweek, citing 17 unnamed sources, claimed that Chinese spies planted tiny chips the size of a pencil tip on server motherboards manufactured by Supermicro at its Chinese factories. The servers were then sold to companies such as Apple and Amazon for use in their respective data centers.
Pfft, if they know what they were doing, they'd plant the chips inside the pencils themselves! :rolleyes:

pencil.gif
 

IG88

macrumors 6502a
Nov 4, 2016
612
680
https://www.bloomberg.com/news/arti...cked-supermicro-hardware-found-in-u-s-telecom

A major U.S. telecommunications company discovered manipulated hardware from Super Micro Computer Inc. in its network and removed it in August, fresh evidence of tampering in China of critical technology components bound for the U.S., according to a security expert working for the telecom company.


The security expert, Yossi Appleboum, provided documents, analysis and other evidence of the discovery following the publication of an investigative report in Bloomberg Businessweek that detailed how China’s intelligence services had ordered subcontractors to plant malicious chips in Supermicro server motherboards over a two-year period ending in 2015.
The threat from hardware implants “is very real,” said Sean Kanuck, who until 2016 was the top cyber official inside the Office of the Director of National Intelligence. He's now director of future conflict and cyber security for the International Institute for Strategic Studies in Washington. Hardware implants can give attackers power that software attacks don’t.

“Manufacturers that overlook this concern are ignoring a potentially serious problem,” Kanuck said. “Capable cyber actors -- like the Chinese intelligence and security services -- can access the IT supply chain at multiple points to create advanced and persistent subversions.”
 

Kabeyun

macrumors 68030
Mar 27, 2004
2,602
4,852
Eastern USA
Yet the question remains: Why did Apple dump supermicro in 2016?
You seem to like that phrase “the question remains,” even when it doesn’t, i.e. even when there’s a readily accessible logical explanation. It’s not difficult or clever to say “the question remains” without presenting a rational argument why it does. The question remains why does the question remain to you?
 

grayskies

macrumors regular
Nov 9, 2006
129
40
You seem to like that phrase “the question remains,” even when it doesn’t, i.e. even when there’s a readily accessible logical explanation. It’s not difficult or clever to say “the question remains” without presenting a rational argument why it does. The question remains why does the question remain to you?
Just because they haven’t found them, doesn’t mean they aren’t there. And if they did find them, do you really think Apple would admit to finding them? Of course not. They’d say exactly what they are saying now. Lol.
The interesting thing to me is this person stops short of saying, "it did not happen". If the likelihood of this particular claim is small(I have no idea), security experts must feel it could be possible.
 
  • Like
Reactions: groadyho

topmounter

macrumors 68020
Jun 18, 2009
2,265
430
FEMA Region VIII
The interesting thing to me is this person stops short of saying, "it did not happen". If the likelihood of this particular claim is small(I have no idea), security experts must feel it could be possible.
It definitely seems that Bloomberg is on to something. I can see why these companies aren't entertaining the possibility. Lots of risk if some political figure starts (rightly or wrongly) churning this up into some sort of panic among the general populace and turning sentiment against CE devices manufactured in the PRC.
 
  • Like
Reactions: DVD9

iapplelove

Suspended
Nov 22, 2011
4,932
6,826
East Coast USA
I’m sure Apple was hacked... I wouldn’t admit it either.

Edit... well not Apple but their machines they purchased.

They already admitted it once back in 2016.
 
  • Like
Reactions: rafark

Kabeyun

macrumors 68030
Mar 27, 2004
2,602
4,852
Eastern USA
The interesting thing to me is this person stops short of saying, "it did not happen". If the likelihood of this particular claim is small(I have no idea), security experts must feel it could be possible.
Security experts, particularly government-level ones, are like scientists. You will hear “highly unlikely” or “the evidence doesn’t support” or “statistically improbable” or even “strains credibility” far more than “it’s impossible.” This is not mincing words; it’s avoiding hyperbole and allowing for future evidence. I don’t find it particularly interesting when an NSA official avoids that phrase, and I wouldn’t wait to hear it verbatim to understand that he’s saying it didn’t happen, particularly when synthesized with the detail in other corroborating statements. The burden is now squarely on Bloomberg to either support or retract their claim.
 

Kabeyun

macrumors 68030
Mar 27, 2004
2,602
4,852
Eastern USA
I’m sure Apple was hacked... I wouldn’t admit it either.
You’re sure because it’s fun to believe, not because you have any kind of expertise, firsthand knowledge of all the facts, or knowledge of something no one else does. You just prefer to believe it. At least be honest about that. Conspiracy theories get the juices flowing, which is why so many of them, even the patently absurd ones, persist.
 

iapplelove

Suspended
Nov 22, 2011
4,932
6,826
East Coast USA
You’re sure because it’s fun to believe, not because you have any kind of expertise, firsthand knowledge of all the facts, or knowledge of something no one else does. You just prefer to believe it. At least be honest about that. Conspiracy theories get the juices flowing, which is why so many of them, even the patently absurd ones, persist.
Did it or did it not already happen in 2016 according to Apple?

Conspiracy theory I think not.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.