Story image

Supermicro, Apple, & Amazon vs crippling scandal – who’s lying?

06 Oct 18

How much damage a little report can do!

It’s unlikely that there was very much sleep going on at some of the data centre titans last night, as a new report has dug up a potentially gigantic scandal.

Bloomberg released its findings in an article that was published yesterday, claiming that Supermicro had sold motherboards containing malicious chips to almost 30 US customers, including Apple and Amazon. The article says the chips were planted by Chinese spies to enable backdoor access to all private networks the mother systems were involved with.

In the wake of this report Supermicro’s stocks have collapsed more than 40 percent, while Amazon and Apple each saw their stocks decline around two percent – despite all three aforementioned companies purporting the claims to be false.

Now then, to the report. Bloomberg News says the report is rock solid and based on more than a year of investigations and more than 100 interviews. On top of this, it is claimed to have inputs from multiple former and current Apple and Amazon employees, in addition to current and former US national security officials.

According to the report, Amazon first discovered the malicious chips three years ago in 2015 as a result of an overhaul following its acquisition of Elemental. The company then reported this to the relevant authorities which prompted an investigation by US intelligence agencies that is still ongoing today.

Similarly, Apple (already a big Supermicro customer) was on the verge of buying a further 30,000 servers from Supermicro in 2015 when it also discovered the chip.

Of course these are all allegations, but if true, they could blow the industry apart far beyond this trio of companies. For example, other big players like IBM and Intel are both known Supermicro customers.

In terms of how the motherboards became affected, Bloomberg claims Supermicro’s systems and components are manufactured in China with some of that work then subcontracted to other companies. The Chinese military then took advantage of these subcontractors to secretly plant the illicit chips.

Since the article painted headlines around the world, Supermicro has released a statement with input from both Apple and Amazon.

“In an article today, it is alleged that Supermicro motherboards sold to certain customers contained malicious chips on its motherboards in 2015. Supermicro has never found any malicious chips, nor been informed by any customer that such chips have been found,” the statement reads.

Amazon Web Services chief information security officer Steve Schmidt was also steadfast in his commentary.

"As we shared with Bloomberg BusinessWeek multiple times over the last couple months, at no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in Supermicro motherboards in any Elemental or Amazon systems,” says Schmidt.

Similarly, a statement from Apple attempted to rubbish Bloomberg’s claims.

"We are deeply disappointed that in their dealings with us, Bloomberg's reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected driver on a single Supermicro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple."

To put it all in perspective, a recent IDC report states Supermicro to have shipped 175,000 servers in the second quarter of this year, making it the fifth largest vendor in terms of units shipped, shared with Huawei.

So the question remains, just who is lying? We will keep you updated as this case evolves.

Data centre cybersecurity actions that most people overlook
Schneider’s Steven Carlini discusses ways to improve data centre cybersecurity that most people don’t think of until it’s too late.
Alibaba Cloud showcases commitment to Hong Kong
The company’s service capability in Hong Kong has doubled since it established its first data centre in the city in 2014.
5 tips to reduce data centre transceiver costs
Keysight Technologies' Nicole Faubert shares her advice on how organisations can significantly reduce test time and cost of next-generation transceivers.
The new world of edge data centre management
Schneider Electric’s Kim Povlsen debates whether the data centre as we know it today will soon cease to exist.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
SUSE partners with Intel and SAP to accelerate IT transformation
SUSE announced support for Intel Optane DC persistent memory with SAP HANA.
Inspur uses L11 rack level integration to deploy 10,000 nodes in 8 hours
Inspur recently delivered a shipment of rack scale servers of more than 10,000 nodes to the Baidu Beijing Shunyi data center within 8 hours.
How HCI helps enterprises stay on top of data regulations
Increasing data protection requirements will supposedly drive the demand for Hyper-Converged Infrastructure solutions across the globe.