Bloomberg reported last week that Chinese intelligence was implanting tiny microchips into technology products bound for the U.S., and more evidence came out Tuesday after a major U.S. telecommunications company discovered a chip in its network in August.
A security expert named Yossi Appleboum provided documents, analysis and other evidence of the discovery following Bloomberg’s report, though, a non-disclosure agreement blocks him from telling which U.S. company was targeted, according to the latest report from Bloomberg.
Last week’s report showed nearly 30 U.S. companies including Apple, Amazon and even the U.S. government have been targeted. China’s predatory tech theft tactics have drawn the ire of U.S. President Donald Trump and is a cornerstone of his ongoing efforts to even the trading field with China, which has a stated goal of becoming a world leader in tech by 2025.
Appleboum previously worked in the technology unit of the Israeli Army Intelligence Corps and is now co-chief executive officer of Sepio Systems in Gaithersburg, Maryland. His firm specializes in hardware security and was hired to scan several large data centers belonging to the telecommunications company. Bloomberg is not identifying the company due to Appleboum’s nondisclosure agreement with the client. Unusual communications from a Supermicro server and a subsequent physical inspection revealed an implant built into the server’s Ethernet connector, a component that’s used to attach network cables to the computer, Appleboum said.
The chips are being implanted into hardware developed by Supermicro Computer Inc., which Appleboum says is a victim itself.
“Supermicro is a victim — so is everyone else,” he said. Appleboum said his concern is that there are countless points in the supply chain in China where manipulations can be introduced, and deducing them can in many cases be impossible. “That’s the problem with the Chinese supply chain,” he said.
Supermicro “strongly refutes” reports its servers contained malicious microchips, and China’s embassy in Washington D.C. didn’t return a request for comment, Bloomberg said.
“The security of our customers and the integrity of our products are core to our business and our company values. We take care to secure the integrity of our products throughout the manufacturing process, and supply chain security is an important topic of discussion for our industry. We still have no knowledge of any unauthorized components and have not been informed by any customer that such components have been found.”
Supermicro’s shares crashed 41 percent Thursday following the initial Bloomberg report, and fell as much as 27 percent after Tuesday’s latest report.