Supermicro spy chips, the sequel
- It really, really happened, and with bad BIOS and more, insists Bloomberg
Server maker says latest article is 'a mishmash of disparate allegations'
Following up on a disputed 2018 claim in its BusinessWeek publication that tiny spy chips were found on Supermicro server motherboards in 2015, Bloomberg on Friday doubled down by asserting that Supermicro's products were targeted by Chinese operatives for over a decade, that US intelligence officials have been aware of this, and that authorities kept this information quiet while crafting defenses in order to study the attack.
"China’s exploitation of products made by Supermicro, as the US company is known, has been under federal scrutiny for much of the past decade, according to 14 former law enforcement and intelligence officials familiar with the matter," states Bloomberg in its report, said to rely on interviews with more than 50 sources, mostly unnamed, in government and the private sector.
The article – a follow-on to BusinessWeek's 2018 spy chip bombshell – cites three specific incidents: the 2010 discovery by the Defense Department that thousands of its computers were sending military network data to China due to code hidden in chips that handle the server startup process; Intel's discovery in 2014 that a Chinese hacking group penetrated its network via a server that fetched malware from an unidentified supplier's update site; and a 2015 warning issued by the FBI to multiple companies that Chinese agents had hidden an extra chip with backdoored code on one manufacturer's servers.
In other words, Bloomberg has expanded its claim that chips containing malicious spyware were added to Supermicro server motherboards, to also include claims of malicious alterations to BIOS-level software to load and run surveillance code hidden in firmware, and to include alleged attacks on other vendors.
For the rest of this article please go to source link below.