Rob Joyce, Senior Advisor for Cybersecurity Strategy at the NSA, is the latest official to question the accuracy of Bloomberg Businessweek's bombshell "The Big Hack" report about Chinese spies compromising the U.S. tech supply chain.
/article-new/2018/10/the-big-hack-800x600.jpg?lossy)
"I have pretty good understanding about what we're worried about and what we're working on from my position. I don't see it," said Joyce, speaking at a U.S. Chamber of Commerce cyber summit in Washington, D.C. today, according to a subscriber-only Politico report viewed by MacRumors.
"I've got all sorts of commercial industry freaking out and just losing their minds about this concern, and nobody's found anything," Joyce added.
Joyce, a former White House cybersecurity coordinator, noted that all of the companies named in the Bloomberg Businessweek report have issued strong denials, including Apple, Amazon, and Supermicro. He said those companies would "suffer a world of hurt" if regulators later determine that they lied.
Apple's statement read in part:
On this we can be very clear: Apple has never found malicious chips, "hardware manipulations" or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.
Bloomberg Businessweek, citing 17 unnamed sources, claimed that Chinese spies planted tiny chips the size of a pencil tip on server motherboards manufactured by Supermicro at its Chinese factories. The servers were then sold to companies such as Apple and Amazon for use in their respective data centers.
An unnamed government official cited in the report said China's goal was "long-term access to high-value corporate secrets and sensitive government networks," but no customer data is known to have been stolen.
The report claimed that Apple discovered the suspicious chips on the motherboards around May 2015, after detecting odd network activity and firmware problems. Two senior Apple insiders were cited as saying the company reported the incident to the FBI, but kept details about what it had detected tightly held.
Apple dropped Supermicro as a supplier in 2016, a decision the company said it made for reasons unrelated to "The Big Hack" story.
Joyce is far from the only source to question the accuracy of the Bloomberg Businessweek report. Both the U.S. Department of Homeland Security and the U.K.'s national cyber security agency have said they have "no reason to doubt" Apple's denial of the story, while the FBI is said to be unaware of the hack.
"We're just befuddled," said Joyce. He added that he had "grave concerns about where this has taken us," according to Politico. "I worry that we're chasing shadows right now. I worry about the distraction that it is causing."
In related news, Reuters reports that U.S. Senator John Thune has sent letters to the CEOs of Apple, Amazon, and Supermicro with questions about the allegations. U.S. Senators Marco Rubio and Richard Blumenthal also sent a joint letter to Supermicro CEO Charles Liang with similar questions.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Top Rated Comments
I’m sure Apple was hacked... I wouldn’t admit it either.
You’re sure because it’s fun to believe, not because you have any kind of expertise, firsthand knowledge of all the facts, or knowledge of something no one else does. You just prefer to believe it. At least be honest about that. Conspiracy theories get the juices flowing, which is why so many of them, even the patently absurd ones, persist.Yet the question remains: Why did Apple dump supermicro in 2016?
Link: https://www.marketwatch.com/story/super-micro-plummets-after-report-apple-cut-ties-on-security-fears-2017-02-23Yet the question remains: Why did Apple dump supermicro in 2016?
You seem to like that phrase “the question remains,” even when it doesn’t, i.e. even when there’s a readily accessible logical explanation. It’s not difficult or clever to say “the question remains” without presenting a rational argument why it does. The question remains why does the question remain to you?The interesting thing to me is this person stops short of saying, "it did not happen". If the likelihood of this particular claim is small(I have no idea), security experts must feel it could be possible.
Security experts, particularly government-level ones, are like scientists. You will hear “highly unlikely” or “the evidence doesn’t support” or “statistically improbable” or even “strains credibility” far more than “it’s impossible.” This is not mincing words; it’s avoiding hyperbole and allowing for future evidence. I don’t find it particularly interesting when an NSA official avoids that phrase, and I wouldn’t wait to hear it verbatim to understand that he’s saying it didn’t happen, particularly when synthesized with the detail in other corroborating statements. The burden is now squarely on Bloomberg to either support or retract their claim.