DHS and GCHQ join the China spy BS brigade

The Department of Homeland Security (DHS) has stated it, and the UK’s National Cyber Security Centre, are supporting industry denials regarding malicious microchips installed on hardware by China.

Last week Bloomberg unveiled a weighty report which pointed the finger at the Chinese government for an in-depth and delicate espionage campaign which would have shaken the telco industry’s global supply chain. By allegedly compromising motherboards produced by Super Micro, the security protocols and trade secrets of more than 900 companies have been directly compromised. Who knows how wide the web could spread when you look at the indirect implications, partners who use the infected networks or collateral damage.

While the claims have been refuted by all the parties involved, including Apple and AWS, and despite confidence from the DHS and the National Cyber Security Centre, a division of GCHQ, without a denial from the body likely to be conducting the supposed investigation, the CIA, or a flat-out rejection from the White House, there is still an air of possibility.

“Like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story,” a statement from the Department of Homeland Security reads. “Information and communications technology supply chain security is core to DHS’s cybersecurity mission and we are committed to the security and integrity of the technology on which Americans and others around the world increasingly rely.”

The initial report is a damning one. According to Bloomberg, Chinese agents infiltrated subcontractors of Super Micro operations in Shanghai, or coerced the managers of these facilities, to gain access to the motherboards. A microchip, smaller than a grain of rice, was placed on the hardware, before it was shipped onto customers to be incorporated into servers. Elemental, now an AWS company, was supposedly one of the customers who used the motherboards, as was Apple, a major US bank, the US Navy and the CIA, who used Elemental servers for drone missions. The information which would be available is staggering.

All parties involved have denied finding any malicious microchips on hardware, and also being aware of or aiding in any investigation led by US intelligence services. With the DHS and GCHQ also stating they have no reason to doubt the statements of denials, the chorus of disapproval is getting louder. That said, there is still an element of doubt.

Bloomberg is one of the most trusted and professional news sources on the planet, with a pedigree for unveiling worrying truths which have been deemed unsuitable for the general public. The report, which was researched and written over months, points to a total of seventeen sources. One source might have been suspect, two or three might have been dubious, but seventeen individuals confirming the same story suggests there is at least an element of truth to the claims.

Ultimately we doubt there will be anything the companies or government can do to completely remove the element of distrust. The claim of nefarious actors and activity has been raised, and now there will always be a heightened suspicion. A concrete rejection of the claims from the White House and the US intelligence services would set the ball rolling, but don’t expect that any time soon. This saga conveniently supports the anti-China rhetoric being fuelled by the US government; why would it want to do anything to discredit the help Bloomberg is giving it?

  • BIG 5G Event


  1. Avatar Tim Wessels 08/10/2018 @ 3:11 pm

    Well, given their fiduciary responsibility to their shareholders what else would you expect Apple, AWS, and Supermicro to say publicly? Note: Supermicro’s stock faces being de-listed from NASDAQ. If they admitted that they made or bought computers implanted with the means to spy on their networks, it would leave them open to shareholder lawsuits and a lot of bad publicity. Bloomberg is not in the “fake” news business. You can bet the legal department at Bloomberg went over this report very carefully before release. For the US DHS and the British NCSC to say they believe Apple, AWS, and Supermicro is meaningless. The opinions of the US CIA, NSA, and the British GCHQ would carry a lot more weight, and they haven’t made any public comments. Companies should take a hard look at the security of their international supply chains and decide what level of risk they can tolerate if their products are subject to tampering in places where they have no control.

    • Jamie Davies Jamie Davies 08/10/2018 @ 5:15 pm

      Hi Tim, completely get that fiduciary responsibility is to protect shareholders, but lying is another matter. That is called fraud and is illegal. You’re point is valid, they have to protect their brand and spreadsheet, but fiduciary responsibility should not extend to blatant lying if that what you are implying. Have a good evening.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.