Could Apple, Amazon, and more have been breached by Chinese hackers?
Just waiting on the James Bond version of this story in 2021.
Chinese spies have been accused of inserting microchips into servers used by some of the biggest companies in the United States, including Amazon and Apple. In total, up to 30 companies could have been compromised.
In a scathing report, Bloomberg Businessweek claims it has uncovered a state-sponsored spy operation that was coordinated by China’s armed forces. Going back at least three years, the nation-state forced Chinese manufacturers to insert chips the size of the tip of a pencil into parts that were supplied to Supermicro, one the world’s biggest sellers of server motherboards.
From there, the sabotaged servers made their way inside data centers operated by dozens of U.S. companies. When the servers were activated, the microchip could alter the operating system’s core so it could accept modifications.
The report says Amazon and Apple discovered the hack through internal investigates and promptly reported it to U.S. authorities. The publication found no direct evidence that company or user data was stolen or tampered with.
Interestingly, no company would go on record to admit that the hack even happened
In dueling email statements, Amazon explained, “It’s untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications.”
Apple, meanwhile, said “Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.”
So far, the U.S. intelligence community has also thrown cold water onto the report by not commenting.
China speaks out
China did have something to say, however. Through a spokesperson, China’s Ministry of Foreign Affairs said:
China is a resolute defender of cybersecurity. It advocates for the international community to work together on tackling cybersecurity threats through dialogue on the basis of mutual respect, equality and mutual benefit.
A story like this sounds like something cooked up in a spy novel, which doesn’t necessarily make it untrue. Still, the public will probably never know one way or another conclusively. It will be interesting to see if anyone will eventually go on record to confirm this story going forward.
Regardless, if the story is true, it sounds like the operation has been discovered and has been shut down.
What are your thoughts about this reported Chinese hackers/spies?
- The Samsung Galaxy 7 has a hacking vulnerability, but it’s still a great phone
- Why healthcare hacking is profitable and how you can prevent it
- How to make your IoT apps more resilient against hacking attempts