[ad_1]
Last week, Bloomberg released a succinct report on how Chinese spies have been able to implement chips into computer servers manufactured by SuperMicro, an American company.
If this is true, the report raises questions as to whether Chinese spies have been able to access sensitive data from the US government and corporations, and whether all the data stored on PCs is essentially at risk.
But since then, a series of statements by government officials and information security professionals – some of whom have been named in the articles – have cast doubt on the report's key demands.
On Wednesday, the secretary of the US Department of Homeland Security rejected the report at a Senate hearing – the strongest denial of government ever recorded.
"Regarding the article, the DHS does not have any evidence to support the article," Kirstjen Nielsen said Wednesday. "We have no reason to doubt what companies have said."
(During the same hearing, Chris Wray, director of the FBI, said that he could neither confirm nor deny the existence of an investigation into a compromised SuperMicro equipment, which would have been claimed in the Bloomberg report.)
Nielsen's denial comes on the same day as a senior NSA official said he's worried that "we are pursuing the shadows right now."
"I have very good access, [and yet] I have no advantage in pulling from the government side, "said Rob Joyce, perhaps the world's most senior NSA cybersecurity officer, at a meeting of the US Chamber of Commerce.
"We are stunned," Joyce said, according to Cyberscoop.
Alex Stamos, former head of Facebook security, called The denial of Joyce "the most damning point" compared to the story that he had seen.
The growing doubt about Bloomberg's claims comes as legislators demand additional responses based on the series of reports. Detectives Richard Blumenthal and Marco Rubio have asked SuperMicro to cooperate with law enforcement in a very short letter on Tuesday. Senator John Thune also sent letters to Amazon and Apple, which, according to Bloomberg, would have bought compromised servers.
The sources come back
But government officials are not the only ones who have doubts about these stories.
Joe Fitzpatrck, one of the most prominent hardware security specialists, who was named in history, ended up creating a revealing podcast with a more technical selling point than Bloomberg, Risky Business.
Journalists who write stories from anonymous sources often use experts to supplement some of the more general parts of a story and improve the flow of it.
But Fitzpatrick said it was not what had happened.
"I think I have a good idea of what is possible and what is available and how to do it, just from my practice," said Fitzpatrick. "But it was amazing to me that in a scenario where I would describe these things, then he would confirm them and 100% of what I describe was confirmed by sources."
He went on to say that he had heard about the details of the story at the end of August and had sent an e-mail expressing a major doubt. "I've heard the story and it does not make sense to me." And that's what I said. Wow, I do not have more information for you, but it does not make sense. "
Several notable information security professionals have used Fitzpatrick's quotes as a starting point to express their doubts about the story:
Bloomberg stays true to its history
Bloomberg's report was obviously explosive and had immediate effects.
Super Micro lost more than 40% of its value on the day of the report. Apple and Amazon, which the report said had bought compromised servers, strongly denied the report in public statements.
While Bloomberg issued a statement that it remained true to its report shortly after the first article, the strongest institutional support for this article was published in Bloomberg news, according to which new evidence of material hacked Supermicro had been found in an American telecom.
Bloomberg has not named the affected telecom.
"The most recent manipulation differs from that described in last week's Bloomberg Businessweek report, but it shares some essential features: they are both designed to give attackers unseen access to data stored on a computer network on which the server is installed; According to Bloomberg's follow-up report, modifications would have been made to the plant, the motherboard being produced by a subcontractor of Supermicro in China ".
But even the source for tracking now says that he's "angry" at the turn of the story.
"I want to be quoted, I'm angry and nervous, and I hate what happened to history." Everyone misses the main problem, "namely, that it's about A global problem related to the hardware supply chain, not a problem specific to SuperMicro, Yossi Appleboum told Serve The Home.
But everyone says it's possible
But the most delicate thing about the Bloomberg story is that almost everyone is in agreement could This did not happen as suggested in the report.
Security experts agree that the safety of electronics manufacturing plants is a recurring problem, even if no chip has yet been found.
"What we can tell you though, is that it is a very real and emerging threat that worries us," Sec. Nielsen said shortly after stating that she had no evidence in favor of the story.
And as a manufacturing expert at Business Insider said, "I do not think it's difficult to inject things that the brand or design team did not intentionally ask for."
Chinese industrial espionage has been a problem for many years and it is a hot topic for President Donald Trump, who accused Chinese exchange students of being "spies" earlier this year. year in a conversation with CEOs, including Apple CEO Tim Cook.
But there is evidence that Chinese spies are spying on American companies. Earlier this week, a Chinese officer was extradited to the United States to face espionage charges related to theft of business secrets such as GE Aviation.
The FBI also arrested a Chinese national earlier this year who was working for Apple and who would pass on information about an autonomous car to a little known Chinese start-up.
So there is a lot of evidence that there are spies who are actively working to steal American trade secrets. Maybe just not with malicious chips inserted into the supply chain – for now.
[ad_2]
Source link