US Senators demand answers from Supermicro over spy chip allegations

Posted:
in General Discussion
A pair of senators have written to Supermicro requesting more information about events detailed in the recent Bloomberg investigation alleging the company's servers were compromised, in an attempt to find out if it is a risk to the national security of the United States.




The letter from Senator Marco Rubio and Senator Richard Blumenthal expresses concern about the potential tampering of computer hardware produced by Supermicro, reports Business Insider, allegedly as part of a sophisticated espionage scheme by the Chinese government.

The report from Bloomberg, where the allegations stem from, made claims tiny chips were planted on motherboards to provide backdoors to Chinese operatives, granting access to data without needing to perform a more traditional and short-term hack.

"If this news report is accurate, the potential infiltration of Chinese backdoors could provide a foothold for adversaries and competitors to engage in commercial espionage and launch destructive cyber attacks," the letter states. "As Members of Congress, we are alarmed by any potential threats to national security and have a responsibility to ensure our nation's sensitive networks are kept safe."

The letter details a list of eight question areas that the Senators ask to be responded to by October 17.

The list starts by asking when Supermicro became aware of reports regarding malicious hardware and firmware, and if the company ever found tampering of components in its products. It is also asked if an investigation of the supply chain has been conducted to identify any tempering, and if it has severed ties with any firms that performed such actions.

Referring to a report from February 2017 by The Information that Apple had discovered compromised firmware, the letter asks if Supermicro conducted an investigation of its supply chain at that time, and if so, what was discovered. Supermicro's compliance with U.S. Law enforcement over the reports is also questioned, along with whether screening measures and supply chain audits have been put in place.

More directly, it is also asked if the Chinese government has "ever requested access to Supermicro's confidential security information or sought to restrict information regarding the security of Supermicro's products?"

The Bloomberg report's allegations have received considerable scrutiny regarding how genuine the report really is. Shortly after its release, companies such as Apple and Amazon named in the report issued strong denials about its content, including one from Apple characterizing the story as "wrong and misinformed."

Apple has also performed a "massive, granular, and siloed investigation" into claims raised in the report, but did not discover any evidence of hardware tampering, or any unrelated incidents that could have contributed to the report's claims. Apple has already contacted the U.S. Congress, insisting there is a lack of evidence.

Security agencies the UK National Cyber Security Centre and the Department of Homeland Security have both cast doubt on the report. Other U.S. officials are also uncertain of its accuracy, with one official changing their stance following their initial assertion the "thrust of the article" was true.

One of the few named sources in the original report has also revealed doubts over the veracity of the story, including dealings with journalist Jordan Robertson, one of the Bloomberg report's authors. Security researcher Joe Fitzpatrick advised on Monday he had discussed proof-of-concept devices he had demonstrated at Black Hat 2016, but found it strange that ideas he mentioned were confirmed to the publication by other sources.

Bloomberg has since doubled down on its reporting, referencing comments made by a security researcher that similar tampering occurred with Supermicro hardware located at a data center owned by a major U.S. telecommunications company.
«1

Comments

  • Reply 1 of 22
    wood1208wood1208 Posts: 1,555member
    This issue not going away soon.
  • Reply 2 of 22
    Seems to me they'd be better off asking Bloomberg about it.  But Bloomberg would just respond with something like "we can't give more details so as to protect our sources' confidentiality."
    StrangeDaysSpamSandwichjony0
  • Reply 3 of 22
    Rayz2016Rayz2016 Posts: 4,182member
    Seems to me they'd be better off asking Bloomberg about it.  But Bloomberg would just respond with something like "we can't give more details so as to protect our sources' confidentiality."

    Can't they be compelled to hand over the information in the interest of national security?

    SuperMicro will say "nope" either way, so the only really "credible" source is Bloomberg.
  • Reply 4 of 22
    gatorguygatorguy Posts: 19,269member
    Rayz2016 said:
    Seems to me they'd be better off asking Bloomberg about it.  But Bloomberg would just respond with something like "we can't give more details so as to protect our sources' confidentiality."

    Can't they be compelled to hand over the information in the interest of national security?

    SuperMicro will say "nope" either way, so the only really "credible" source is Bloomberg.
    You prefer 2nd hand information from an anonymous source over the 1st parties answers? I doubt that. 
    I think Congress examining this is a great idea as 'truthiness" is of a little more importance. If a person is found to have lied to them during the course of an investigation, and this qualifies as one, actual jail time is possible. 
  • Reply 5 of 22
    So, the senators are asking to open an investigation about the credibility of a news report about tech companies that supposedly found spy chips in hardware and reported it to the FBI? Why don't the senators just start by asking the FBI what was supposedly reported to them?
    edited October 10 thtradarthekatStrangeDaysjony0
  • Reply 6 of 22
    gatorguygatorguy Posts: 19,269member
    So, the senators are asking to open an investigation about the credibility of a news report about tech companies that supposedly found spy chips in hardware and reported it to the FBI? Why don't the senators just start by asking the FBI what was supposedly reported to them?
    Silly....
    Why not go straight to the source, Supermicro? If they lie they chance prosecution and the CEO serving jail time since he's the one the questions are being put to. Think they'll risk it?
  • Reply 7 of 22
    Rayz2016Rayz2016 Posts: 4,182member
    gatorguy said:
    Rayz2016 said:
    Seems to me they'd be better off asking Bloomberg about it.  But Bloomberg would just respond with something like "we can't give more details so as to protect our sources' confidentiality."

    Can't they be compelled to hand over the information in the interest of national security?

    SuperMicro will say "nope" either way, so the only really "credible" source is Bloomberg.
    You prefer 2nd hand information from an anonymous source over the 1st parties answers? I doubt that. 
    I think Congress examining this is a great idea as 'truthiness" is of a little more importance. If a person is found to have lied to them during the course of an investigation, and this qualifies as one, actual jail time is possible. 

    SuperMicro can just say they don't know anything about it, and they might not. If Bloomberg thinks that this is happening then they can hand over the info and we can start from there. If they have what they say they have then the feds can start asking specific questions, rather than senators. fishing about in vague areas they don't really understand.
    jony0
  • Reply 8 of 22
    Rayz2016Rayz2016 Posts: 4,182member

    gatorguy said:
    So, the senators are asking to open an investigation about the credibility of a news report about tech companies that supposedly found spy chips in hardware and reported it to the FBI? Why don't the senators just start by asking the FBI what was supposedly reported to them?
    Silly....
    Why not go straight to the source, Supermicro? If they lie they chance prosecution and the CEO serving jail time since he's the one the questions are being put to. Think they'll risk it?

    Just because they say "no, we don't know anything about it,' that doesn't mean they're lying. That could mean exactly that: they don't know anything about it.

    And of course, they could lie, especially if they think they could get away with it.

    You may not know this, but there are cases of people saying they're innocent, when it fact, they're guilty.  😱

    According to Bloomberg, National Security is on the line here; so let's not waste time dealing with possible untruths. The truth lies with Bloomberg – apparently – so let's start there.
    jony0
  • Reply 9 of 22
    gatorguygatorguy Posts: 19,269member
    Rayz2016 said:

    gatorguy said:
    So, the senators are asking to open an investigation about the credibility of a news report about tech companies that supposedly found spy chips in hardware and reported it to the FBI? Why don't the senators just start by asking the FBI what was supposedly reported to them?
    Silly....
    Why not go straight to the source, Supermicro? If they lie they chance prosecution and the CEO serving jail time since he's the one the questions are being put to. Think they'll risk it?

    Just because they say "no, we don't know anything about it,' that doesn't mean they're lying. That could mean exactly that: they don't know anything about it.

    And of course, they could lie, especially if they think they could get away with it.

    You may not know this, but there are cases of people saying they're innocent, when it fact, they're guilty.  ߘ᦬t;br>
    According to Bloomberg, National Security is on the line here; so let's not waste time dealing with possible untruths. The truth lies with Bloomberg – apparently – so let's start there.
    You mean their second hand accounts made by sources off-the-record? No sense wasting time asking the parties involved under penalty of perjury when you have a reporter's notes of verbal accounts. Is that really what you're advocating as the sensical approach?

    ...and on the one hand you say Amazon and Apple should be taken at face value because if they were lying they'd be sued and fined and all kinds of horrid things and therefore would never risk it. Then today you say something like
    "And of course, they could lie, especially if they think they could get away with it.
    You may not know this, but there are cases of people saying they're innocent, when it fact, they're guilty"


    Ummm.... yeah.
    Gotcha. 

    Talking about painting yourself into a corner...
    edited October 10
  • Reply 10 of 22
    Rayz2016 said:
    Seems to me they'd be better off asking Bloomberg about it.  But Bloomberg would just respond with something like "we can't give more details so as to protect our sources' confidentiality."

    Can't they be compelled to hand over the information in the interest of national security?

    SuperMicro will say "nope" either way, so the only really "credible" source is Bloomberg.
    No that’s a horrible idea. A free press is one of the hallmarks of the United States. Forcing the press to hand over sources and notes is the way to tyranny.
    edited October 10 chasm
  • Reply 11 of 22
    gatorguygatorguy Posts: 19,269member
    Rayz2016 said:
    Seems to me they'd be better off asking Bloomberg about it.  But Bloomberg would just respond with something like "we can't give more details so as to protect our sources' confidentiality."

    Can't they be compelled to hand over the information in the interest of national security?

    SuperMicro will say "nope" either way, so the only really "credible" source is Bloomberg.
    No that’s a horrible idea. A free press is one of the hallmarks of the United States. Forcing the press to hand over sources and notes is the way to tyranny.
    and that too. Again we have more in common than you realize. 
    edited October 10
  • Reply 12 of 22
    “We demand answers for something you may or may not have done!”
    entropys
  • Reply 13 of 22
    boltsfan17boltsfan17 Posts: 2,015member
    Rayz2016 said:
    Seems to me they'd be better off asking Bloomberg about it.  But Bloomberg would just respond with something like "we can't give more details so as to protect our sources' confidentiality."

    Can't they be compelled to hand over the information in the interest of national security?

    SuperMicro will say "nope" either way, so the only really "credible" source is Bloomberg.
    No that’s a horrible idea. A free press is one of the hallmarks of the United States. Forcing the press to hand over sources and notes is the way to tyranny.
    A judge can rule to hand over the information, but reporters will usually end up in jail for protecting sources. From doing a quick search, the longest a reporter has been held in jail (in USA) was seven months. I guess that reporter refused to hand over a video he made of a G-8 protest that showed a possible crime. 
    edited October 10
  • Reply 14 of 22
    boltsfan17boltsfan17 Posts: 2,015member
    tzeshan said:
    Very funny. A magazine reports that a crime has happened and alleged many victims. But the victims denied the crime has happened to them. And many people talk like the crime has happened. Have people lost common sense? When a crime happened what common sense should people do? Not talking but go to investigate the crime scene. That is, examine the many many allegedly compromised servers which allegedly are used to commit crimes. Why white people are becoming dumber and dumber? 
    White people? What does that have to do with anything? If you are referring to the Senators, you do realize Marco Rubio is Hispanic. 
    SpamSandwich
  • Reply 15 of 22
    sflocalsflocal Posts: 4,242member
    tzeshan said:
    Very funny. A magazine reports that a crime has happened and alleged many victims. But the victims denied the crime has happened to them. And many people talk like the crime has happened. Have people lost common sense? When a crime happened what common sense should people do? Not talking but go to investigate the crime scene. That is, examine the many many allegedly compromised servers which allegedly are used to commit crimes. Why white people are becoming dumber and dumber? 
    "White People"?  What the heck does race even have to do with this?  You do know that while SuperMicro is based in San Jose, CA just about all the workers there are asian right?

    Ignorant assholes like you are the problem, and being one like you are is not limited to a certain race.  Heck, I'm hispanic and I find your comment disgusting.  Take your racist attitude elsewhere.
    SpamSandwich
  • Reply 16 of 22
    So to recap, Bloomberg releases a story about spy chips introduced in factories. New super small spy chips that create back doors. Within a few days it experts cast doubts on it on various fronts. So Bloomberg tries to add weight to their story by releasing a completely different story that was recycled out of the NSA snowden leaks of 5 years ago that relates to the whole industry (not just supermicro). Is this fake news? Is it even news? Bloomberg are really scraping the bottom of the barrel here!
  • Reply 17 of 22
    entropysentropys Posts: 1,248member
    tzeshan said:
    Very funny. A magazine reports that a crime has happened and alleged many victims. But the victims denied the crime has happened to them. And many people talk like the crime has happened. Have people lost common sense? When a crime happened what common sense should people do? Not talking but go to investigate the crime scene. That is, examine the many many allegedly compromised servers which allegedly are used to commit crimes. Why white people are becoming dumber and dumber? 
    Speaking as a white middle aged male (aka an example of the latest devil incarnate) tzeshan is exactly right. It’s like the Salem witchcraft trials never happened. That a large proportion of the population think these senators are doing the right thing is depressing. An hysterical newspaper makes unprovable accusations, and despite denials every way including Sunday, a couple of Senators start grandstanding, which is exactly what they are doing.  I hate politicians.
  • Reply 18 of 22
    Oh boy. US senators have obviously been reading GG's hundreds of relentless posts...
    SpamSandwich
  • Reply 19 of 22
    gatorguygatorguy Posts: 19,269member
    Oh boy. US senators have obviously been reading GG's hundreds of relentless posts...
    Really? Again? Don't let yourself develop an unhealthy fixation on what I have to say on some unimportant-in-the-bigger-picture internet forum. You, me, everyone else here, are relative nobody's as far as influencing popular opinion go. DED is a possible exception in a particular niche area.
    edited October 10
  • Reply 20 of 22
    chasmchasm Posts: 835member
    As much as I respect and cherish press freedoms, it comes with a responsibility to not abuse them. Congress would have a difficult time compelling journalists to name confidential sources, but there's a far simpler way to get to the bottom of this.

    The entire article is premised on the "fact" the FBI has been doing an investigation into this for years. Ask the FBI to share what they know. This will instantly show the Bloomberg report as the lie that it is.

    Sounds like the only named security source in the story would be happy to chat as well.
    SpamSandwich
Sign In or Register to comment.