- Chinese spies attempted to plant tiny microchips in the data centres of 30 major American companies, including Amazon and Apple, according to a Bloomberg investigation.
- Amazon reportedly discovered the issue in 2015 while researching an acquisition target, the video service firm Elemental. Bloomberg said Amazon alerted US authorities, who are still investigating.
- The hack is said to have sent a “shudder through the intelligence community.”
- Amazon and Apple strongly rejected the findings, which Bloomberg said were based on conversations with 17 anonymous sources, including insiders at both tech giants.
Amazon and Apple were among 30 companies targeted by Chinese spies through a tiny microchip that infiltrated the supply chains of American technology firms, according to Bloomberg.
A Bloomberg Businessweek investigation found that Chinese operatives managed to insert microchips, no bigger than a grain of rice, into hardware supplied to the US firm Supermicro, described as one of the world’s biggest sellers of server motherboards.
Supermicro’s compromised motherboards were built into the servers of the US companies targeted. China’s reported goal was to access these data centres and swipe confidential information. No consumer data is known to have been stolen, Bloomberg said.
Amazon reportedly spotted the microchips while doing the due diligence for its $US500 million acquisition of the US video service firm Elemental in 2015. Amazon hired a third party to test Elemental’s servers, which had been put together by Supermicro. After spotting tiny chips on the servers’ motherboards that were not part of the original design, Amazon reportedly showed its findings to US authorities, “sending a shudder through the intelligence community.” A secret investigation apparently remains open three years later.
Citing three internal sources, Bloomberg said Apple also discovered the malicious chips in motherboards supplied by Supermicro in 2015. A year later, Apple ended its relationship with Supermicro for what it described as unrelated reasons.
Amazon, Apple, and Supermicro strongly disputed the findings.
An Amazon spokesman said: “As we shared with Bloomberg Businessweek multiple times over the last couple months, at no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in Supermicro motherboards in any Elemental or Amazon systems.”
Apple pointed Business Insider to the statement it sent Bloomberg, which said: “Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server.”
Supermicro is yet to respond to a request for comment, but told Bloomberg it was unaware of an investigation. US investigators, including the FBI, declined to comment. The Chinese government did not address the report. “Supply-chain safety in cyberspace is an issue of common concern, and China is also a victim,” it told Bloomberg.
Bloomberg said its report was based on confirmations of the hack by 17 unnamed people. These included six current and former national security officials, two Amazon insiders, and three sources at Apple.
One official told Bloomberg Businessweek that investigators found that the microchip problem affected almost 30 companies, including a major bank and government contractors.
Business Insider Emails & Alerts
Site highlights each day to your inbox.