Homeland Security latest to deny Bloomberg report about Chinese spy technology
The U.S. Department of Homeland Security has backed Amazon.com Inc., Apple Inc. and others in essentially denying a report published by Bloomberg Oct. 4 that claimed China had inserted tiny spying devices in various forms of technology.
Bloomberg claimed in its report that Chinese intelligence had secretly implanted microscopic spy chips nearly the size of a grain of rice inside motherboards used for Super Micro Computer Inc. servers. It said they eventually made their way inside the information technology infrastructure of Apple, Amazon and others, including networks used by both the U.S. and U.K. governments.
The report alleged that the chips were first uncovered by Amazon when it audited Elemental Technologies Inc., a video compression startup that it acquired in September 2015 for $500 million. Quoting a person familiar with the matter, Amazon hired a third-party that is alleged to scrutinized Elemental’s servers, designed and delivered by San Jose, California-based Supermicro, detecting “a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design.”
Since the report was published, everyone named has denied its veracity, including, now, the DHS.
“The Department of Homeland Security is aware of the media reports of a technology supply chain compromise,” the department said in a statement Saturday. “Like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story.”
The U.K. National Cyber Security Centre, a unit of Britain’s spy agency GCHQ, had previously stated Friday that “we are aware of the media reports but at this stage have no reason to doubt the detailed assessments made by AWS and Apple.”
Anthony James, vice president at CipherCloud Inc., told SiliconANGLE that he believes the accusation that the Chinese are embedding malware and surveillance into standard devices is “quite real and based on facts.”
“In 2014 an embedded malware named ‘Zombie Zero’ targeted the shipping and logistics industry,” James explained. “The weaponized malware was delivered into enterprise shipping and logistics environments by a Chinese manufacturer that sold proprietary hardware for terminal scanners (barcode readers) used to inventory items for shipment. The malware was delivered through the Windows embedded XP operating system pre-installed on the hardware at the manufacturer’s location in China. The embedded malware would send information back via a botnet that terminated at the Lanxiang Vocational School purportedly located in the Shangdong province in China.”
James added that the school was tied to the infamous Operation Aurora cyberespionage campaign that hit Google LLC, Adobe Systems Inc., Intel Corp., and other major U.S. firms a few years earlier. “Not-so-amazingly, this cyberespionage group was located about one block from the inventory scanner manufacturer in question,” he said. “So you would buy a new barcode scanner from this manufacturer and magically get a dose of this pre-installed weaponized malware courtesy of Lanxiang Vocational School, a repeat offender proxy for the Chinese government cyberactivity.”
These “belligerent” nations are attacking U.S. manufacturers and their supply chains, he said. “Nation state-sponsored attacks against the west are ramping up,” he said. “Neither enterprise nor municipal government has the capacity to deal with this type of attack. Respectfully submitted, that may include Amazon, Apple and other companies that may not have the resources or funds allocated to detecting and eliminating such a sophisticated threat.”
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.