Rob Joyce, Senior Advisor for Cybersecurity Strategy at the NSA, is the latest official to question the accuracy of Bloomberg Businessweek's bombshell "The Big Hack" report about Chinese spies compromising the U.S. tech supply chain.
"I have pretty good understanding about what we're worried about and what we're working on from my position. I don't see it," said Joyce, speaking at a U.S. Chamber of Commerce cyber summit in Washington, D.C. today, according to a subscriber-only Politico report viewed by MacRumors.
"I've got all sorts of commercial industry freaking out and just losing their minds about this concern, and nobody's found anything," Joyce added.
Joyce, a former White House cybersecurity coordinator, noted that all of the companies named in the Bloomberg Businessweek report have issued strong denials, including Apple, Amazon, and Supermicro. He said those companies would "suffer a world of hurt" if regulators later determine that they lied.
Apple's statement read in part:
On this we can be very clear: Apple has never found malicious chips, "hardware manipulations" or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.
Bloomberg Businessweek, citing 17 unnamed sources, claimed that Chinese spies planted tiny chips the size of a pencil tip on server motherboards manufactured by Supermicro at its Chinese factories. The servers were then sold to companies such as Apple and Amazon for use in their respective data centers.
An unnamed government official cited in the report said China's goal was "long-term access to high-value corporate secrets and sensitive government networks," but no customer data is known to have been stolen.
The report claimed that Apple discovered the suspicious chips on the motherboards around May 2015, after detecting odd network activity and firmware problems. Two senior Apple insiders were cited as saying the company reported the incident to the FBI, but kept details about what it had detected tightly held.
Apple dropped Supermicro as a supplier in 2016, a decision the company said it made for reasons unrelated to "The Big Hack" story.
Joyce is far from the only source to question the accuracy of the Bloomberg Businessweek report. Both the U.S. Department of Homeland Security and the U.K.'s national cyber security agency have said they have "no reason to doubt" Apple's denial of the story, while the FBI is said to be unaware of the hack.
"We're just befuddled," said Joyce. He added that he had "grave concerns about where this has taken us," according to Politico. "I worry that we're chasing shadows right now. I worry about the distraction that it is causing."
In related news, Reuters reports that U.S. Senator John Thune has sent letters to the CEOs of Apple, Amazon, and Supermicro with questions about the allegations. U.S. Senators Marco Rubio and Richard Blumenthal also sent a joint letter to Supermicro CEO Charles Liang with similar questions.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.