Amazon urges Bloomberg to drop high-profile claims in an article about Chinese spyware modules in servers
Andy Yassi, CEO of Amazon Web Services, urged Bloomberg to abandon the statements made in a previously published article. It is worth recalling that it was about Chinese modules located in the server hardware. “They did not provide evidence, the plot continues to change, plus there is no reaction to external factors,” Jesse said.
He believes that Bloomberg should take responsibility and abandon high-profile statements from the article. Earlier, Apple CEO Tim Cook said roughly the same thing. He stated that what Bloomberg described in an article never happened, the information should be refuted.
As for the article itself, it talks about the Chinese spy microchip, which is installed on the motherboards of Supermicro servers. This chip supposedly allows the Chinese to get almost any information that the server itself works with the hardware backdoor.
Almost immediately after the release of the material, the head of Apple wrote a response statement stating disagreement with the information contained in the article. According to Cook, this whole story is a fiction, since the servers are under reliable protection of the company's specialists and there can be nothing of the kind in them. Cook also said that server hardware has been tested repeatedly, including several months before a controversial article appeared in Bloomberg.
The corporation was not able to detect any chips, it is possible because there were none. “We have never been tested or warned of this danger by the FBI,” Cook said. In addition, the corporation stated that FBI agents did not apply even after the entire article was made public. And the special services would be the first to pay attention to such an incident, which threatens the national security of the country.
As far as Amazon is concerned, this is not the first time that it has been trying to refute Bloomberg’s claims about Chinese digital surveillance of data that is transmitted and processed using servers developed by SuperMicro.
Initially, experts claimed a complete lack of evidence. But soon it appeared, though slightly different in form from what Bloomberg reporters reported. One of the leaders of Sepio System, a company specializing in the security of hardware solutions , said that spyware modules do exist . Recently, this company carried out the order of one of the major customers (whom it was not yet possible to establish whom). The client wanted to know how many vulnerabilities exist in his hardware and software and how to get rid of them.
According to Yossi Applebaum, the head of the company, there are no problems in detecting problems in the server hardware. His company was able to detect more than one spy module. According to Applebaum, the vulnerability is still being introduced at the factory - possibly the factory where the company's servers are manufactured and equipped. Supermicro capacities are quite large, and the facility itself is located about a hundred kilometers from t Shenzhen.
Unfortunately, the experts were not able to figure out to the end what data the infected hardware transmits or processes. It is also unknown whether the telecommunications company that hired Applebaum contacted the FBI. It’s hard to understand what kind of company it was.
By the way, according to many experts, the Bloomberg article has so many inaccuracies and errors that it’s even difficult to count them. However, there are those who believe that this is all true, and the hardware attack is pre-planned.
Opponents of the "conspiracy theory" argue that the problematic element provides unusual traffic that can be studied if the module existed, then its unusual activity of the security system would be discovered at the very beginning, immediately after installation. According to Bloomberg, the module is a miniature device that can be located anywhere. Most often, it is placed in an Ethernet connector, and it is through this channel that the spy chip transmits data.
Amazon, Apple and other companies conducted a survey of their own servers - in order to calm panics. Andy Yassi said that no modules of any kind were found, all of these are ordinary, unsubstantiated rumors.
“Our employees always inspect equipment and monitor its work - studying both hardware and software, regularly conducting security audits. In the future, we will strengthen this practice, as well as use equipment designed by us, including such critical elements as processors, servers, storage systems and network equipment, ” Amazon said in a statement.