Apple's Former Legal Chief Bruce Sewell Says FBI 'Never Heard' of Supermicro Allegations Last Year
Apple's recently retired general counsel Bruce Sewell told Reuters he called the FBI's then-general counsel James Baker last year after being told by Bloomberg of an open investigation into Supermicro, and was told that nobody at the federal law enforcement agency knew what the story was about.
"I got on the phone with him personally and said, 'Do you know anything about this?," Sewell said of his conversation with Baker, reports Reuters. "He said, 'I've never heard of this, but give me 24 hours to make sure.' He called me back 24 hours later and said 'Nobody here knows what this story is about.'"
Sewell's comments are consistent with a statement Apple shared with Bloomberg Businessweek and on its Newsroom on Thursday:
On this we can be very clear: Apple has never found malicious chips, "hardware manipulations" or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.
Also from Apple's Newsroom:
No one from Apple ever reached out to the FBI about anything like this, and we have never heard from the FBI about an investigation of this kind — much less tried to restrict it.
Apple later clarified that it is not under any kind of gag order or other confidentiality obligations after speculation mounted.
Amazon and Supermicro have also refuted the Bloomberg Businessweek report, with the latter company claiming it has "never been contacted by any government agencies either domestic or foreign regarding the alleged claims."
The UK's National Cyber Security Centre has also backed Apple's and Amazon's denials of the Bloomberg Businessweek report, which claimed Chinese spies planted tiny chips the size of a pencil tip on server motherboards manufactured by Supermicro, which were used in Apple data centers and elsewhere.
"We are aware of the media reports but at this stage have no reason to doubt the detailed assessments made by AWS and Apple," the agency, a unit of the GCHQ, said in a statement provided to Reuters today.
"The NCSC engages confidentially with security researchers and urges anybody with credible intelligence about these reports to contact us."
Bloomberg Businessweek yesterday reported that Apple discovered the suspicious microchips around May 2015, after detecting odd network activity and firmware problems. Two senior Apple insiders were cited as saying the company reported the incident to the FBI, but kept details tightly held.
The insiders cited in the report said in the summer of 2015, a few weeks after Apple identified the malicious chips, the company started removing all Supermicro servers from its data centers. Every one of the 7,000 or so Supermicro servers was replaced in a matter of weeks, according to one of the insiders.
One government official cited in the Bloomberg Businessweek report said China's goal was "long-term access to high-value corporate secrets and sensitive government networks." No consumer data is known to have been stolen, the report added, but the extent of the alleged attack appears to be unclear.
At this point, there is a clear divide between what Bloomberg is reporting and the denials from Apple, Amazon, and Supermicro. In the coming days, additional information will hopefully provide some clarity about the matter.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.