Story image

Supermicro, Apple, & Amazon vs crippling scandal – who’s lying?

06 Oct 18

How much damage a little report can do!

It’s unlikely that there was very much sleep going on at some of the data centre titans last night, as a new report has dug up a potentially gigantic scandal.

Bloomberg released its findings in an article that was published yesterday, claiming that Supermicro had sold motherboards containing malicious chips to almost 30 US customers, including Apple and Amazon. The article says the chips were planted by Chinese spies to enable backdoor access to all private networks the mother systems were involved with.

In the wake of this report Supermicro’s stocks have collapsed more than 40 percent, while Amazon and Apple each saw their stocks decline around two percent – despite all three aforementioned companies purporting the claims to be false.

Now then, to the report. Bloomberg News says the report is rock solid and based on more than a year of investigations and more than 100 interviews. On top of this, it is claimed to have inputs from multiple former and current Apple and Amazon employees, in addition to current and former US national security officials.

According to the report, Amazon first discovered the malicious chips three years ago in 2015 as a result of an overhaul following its acquisition of Elemental. The company then reported this to the relevant authorities which prompted an investigation by US intelligence agencies that is still ongoing today.

Similarly, Apple (already a big Supermicro customer) was on the verge of buying a further 30,000 servers from Supermicro in 2015 when it also discovered the chip.

Of course these are all allegations, but if true, they could blow the industry apart far beyond this trio of companies. For example, other big players like IBM and Intel are both known Supermicro customers.

In terms of how the motherboards became affected, Bloomberg claims Supermicro’s systems and components are manufactured in China with some of that work then subcontracted to other companies. The Chinese military then took advantage of these subcontractors to secretly plant the illicit chips.

Since the article painted headlines around the world, Supermicro has released a statement with input from both Apple and Amazon.

“In an article today, it is alleged that Supermicro motherboards sold to certain customers contained malicious chips on its motherboards in 2015. Supermicro has never found any malicious chips, nor been informed by any customer that such chips have been found,” the statement reads.

Amazon Web Services chief information security officer Steve Schmidt was also steadfast in his commentary.

"As we shared with Bloomberg BusinessWeek multiple times over the last couple months, at no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in Supermicro motherboards in any Elemental or Amazon systems,” says Schmidt.

Similarly, a statement from Apple attempted to rubbish Bloomberg’s claims.

"We are deeply disappointed that in their dealings with us, Bloomberg's reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected driver on a single Supermicro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple."

To put it all in perspective, a recent IDC report states Supermicro to have shipped 175,000 servers in the second quarter of this year, making it the fifth largest vendor in terms of units shipped, shared with Huawei.

So the question remains, just who is lying? We will keep you updated as this case evolves.

Lenovo DCG moves Knight into A/NZ general manager role
Knight will now relocate to Sydney where he will be tasked with managing and growing the company’s data centre business across A/NZ.
The key to financial institutions’ path to digital dominance
By 2020, about 1.7 megabytes a second of new information will be created for every human being on the planet.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
Record revenues from servers selling like hot cakes
The relentless demand for data has resulted in another robust quarter for the global server market with impressive growth.
Opinion: Critical data centre operations is just like F1
Schneider's David Gentry believes critical data centre operations share many parallels to a formula 1 race car team.
MulteFire announces industrial IoT network specification
The specification aims to deliver robust wireless network capabilities for Industrial IoT and enterprises.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill.