SAN JOSE (KPIX 5) — Bloomberg Businessweek is reporting that tech giants Apple and Amazon may have been hacked by the Chinese military.
San Jose-based Supermicro is a key player in the Bloomberg investigation that has details worthy of a high-tech Hollywood spy thriller,
The report cites 17 different government and corporate sources with knowledge of the investigation, who say the Chinese military worked for years to insert a tiny, inconspicuous chip — oftentimes no larger than the tip of a pencil — onto the motherboards of servers.
Those motherboards were designed by Supermicro, but the alleged breaches happened at factories in China.
The military operatives allegedly gained access with bribes or threats of government inspections.
Supermicro’s hardware was then used in tens of thousands of machines all over the world, including U.S. military and intelligence servers and the data centers of dozens of companies including Apple and Amazon.
Sources told Bloomberg that when the boards are switched on, the spy chip alters the operating system’s core to accept modifications, such as not requiring passwords.
The chip could also contact other tainted hardware in search of further instructions.
Apple denied finding any malicious chips planted on any of its servers and working with the feds with a strongly worded press release titled “What Businessweek got wrong about Apple.”
The release read in part, “We are deeply disappointed that — in their dealings with us — Bloomberg’s reporters have not been open to the possibility that they or their sources might be wrong or misinformed.”
Amazon released its own statement entitled “Setting the record straight on Bloomberg Businessweek’s erroneous article.” It denying they found modified or malicious hardware in Supermicro motherboards, saying “There are so many inaccuracies in this article as it relates to Amazon that they’re hard to count.”
In a press release titled “Supermicro refutes claims in Bloomberg article,” the San Jose company said they have never been contacted by any government agencies, saying it “strongly refutes reports that servers it sold to customers contained malicious microchips in the motherboards of those systems.”