Home / News & Analysis / A new twist in Bloomberg’s ‘spy chip’ report implicates U.S. telecom

A new twist in Bloomberg’s ‘spy chip’ report implicates U.S. telecom

There’s a new wrinkle in the Bloomberg’s ongoing but controversial series on alleged hardware hacks affecting U.S. tech giants — despite heavy skepticism after the named companies rebuffed the allegations and critics poked holes in the reporting.

Bloomberg’s new report out Tuesday said that a U.S. telecom discovered that hardware it used in its datacenters was “manipulated” by an implant designed to conduct covert surveillance and exfiltrate corporate or government secrets.

The implant was found on an Ethernet connector — used to hard-wire device to a network — on a motherboard developed by Supermicro, a major computer manufacturer that was named in the first Bloomberg story.

It was that first report that claimed China had infiltrated a Supermicro factory to install chips on motherboards that went on to go into servers in datacenters operated by Apple and Amazon. Apple, Amazon and Supermicro denied the claims in a series of strong rebuttals. Supermicro’s said on Tuesday that it “still [has] no knowledge of any unauthorized components” and said it hadn’t been informed by any customer of the alleged security breach.

Although the report claims “fresh evidence of tampering” by China, it does not explicitly link the tampering to similar attacks on Apple and Amazon, or others.

What lends more credence to this second Bloomberg story than the first is that a security researcher said he inspected the implant first-hand, rather than the reporters having to rely on descriptions from several sources who allegedly had knowledge of the implants.

Yossi Appleboum, co-founder of Sepio Systems and former Israeli intelligence officer, provided Bloomberg with evidence and documentation — which wasn’t published alongside the story — that the alleged implant was introduced at the factory where the telecom’s equipment was built. He also said there are many ways that China’s supply chain is compromised and implants could be introduced.

Plot twist: Bloomberg didn’t name the telecom because of a non-disclosure agreement between Appleboum and the company.

We asked Appleboum several questions by email — including if the telecom company informed the FBI of the discovery — but he did not immediately respond to a request for comment. If that changes, we’ll update.

This new story certainly adds more to the mix on Bloomberg’s continuing reporting streak on hardware hacks, but doesn’t negate the apparent failings — or the lack of evidence — in its first report.

For its part, Bloomberg said as of Monday that it stood by its reporting.

But it’s difficult not to be skeptical, given the criticism on Bloomberg’s earlier reporting. Apple’s watertight statement to lawmakers explicitly denying the reporters’ claims shifted the onus onto Bloomberg to provide further evidence for its assertions in its original report, which the publication has yet to do.

Until then, it’s fair to take the reports with a healthy dose of salt.

Bloomberg’s spy chip story reveals the murky world of national security reporting

Check Also

Box releases Skills, which lets developers apply AI and machine learning to Box content

When you have as much data under management as Box does, you have the key ingredient for artificial intelligence and machine learning, which feeds on copious amounts of data. Box is giving developers access to this data, while letting them choose the AI and machine learning algorithms they want to use. Today, the company announced the general availability of the Box Skills SDK, originally announced at BoxWorks a year ago. Jeetu Patel, Box’s chief product officer and chief strategy officer, says Beta customers have been focusing on use cases specific to each company. They have been pulling information from different classes of content that matter most to them to bring an element of automation to their content management. “If there’s a way to bring a level of automation with machine learning, rather than doing it manually, that would meaningfully change the way that business processes can function,” Patel told TechCrunch. Among the use cases Box has been seeing with the 300 Beta testers, is using artificial intelligence to recognize the contents of a photo for the purpose of auto tagging, thereby eliminating the need for humans to do that tagging. Another example is in contract management where the terms are pulled automatically from the contract, saving the legal team from having to do this. Where this can get really powerful though is that the Skill can drive a more complex automated workflow inside of Box. If, for example, the Skill is driving the creation of automated metadata, that can in turn drive a workflow, Patel said. Box is providing the means to ingest Box data into a given AI or machine learning algorithm, but instead of trying to create those on its own, it’s been relying on partners who have more specific expertise such as IBM Watson, Microsoft Azure, Google Cloud Platform and Amazon Web Services. In fact, Box says it is working with dozens of AI and machine learning partners. For customers who aren’t comfortable doing any of this on their own, Box is also providing a consulting service, where it can come into a customer and help work through a set of requirements and choose the best algorithm for the job.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Disclaimer: Trading in bitcoins or other digital currencies carries a high level of risk and can result in the total loss of the invested capital. theonlinetech.org does not provide investment advice, but only reflects its own opinion. Please ensure that if you trade or invest in bitcoins or other digital currencies (for example, investing in cloud mining services) you fully understand the risks involved! Please also note that some external links are affiliate links.