In a new letter to senators this week, motherboard manufacturer Supermicro denied a report that its computer hardware had been compromised by Chinese spies who allegedly installed microchips onto equipment that was then sold to tech giants and telecommunications companies including Apple and Amazon.
The letter, sent to Sens. Marco Rubio (R-FL) and Richard Blumenthal (D-CT), was in response to a request from the senators for more information about a Bloomberg Businessweek report detailing how Supermicro had sold the allegedly compromised equipment to those companies, allowing the Chinese government to infiltrate U.S. computer systems and spy on Americans.
“With respect to the recent media reports, Supermicro has seen no evidence of any unauthorized components in our products, no government agency has informed us that they have found unauthorized components on our boards, and no customer has reported finding any such unauthorized components,” Perry G. Hayes, a Supermicro executive, told Rubio and Blumenthal. Hayes promised a more detailed response to the senators next week.
ADVERTISEMENT
The Bloomberg story, published Oct. 4, has drawn intense scrutiny from lawmakers, intelligence officials, and the tech companies. Earlier Friday, Apple CEO Tim Cook told BuzzFeed News that the magazine should retract its story, adding: “There’s no truth to this.” Dan Coats, the director of national intelligence, issued a rare on-record denial, telling CyberScoop: “We’ve seen no evidence of that.”
Bloomberg has stood by its story, although the magazine published the denials—including one from Supermicro, a major international supplier—that it received while reporting the story. Bloomberg has not responded to multiple requests for comment from The Daily Beast.
If true, the alleged hack has been described by cybersecurity experts as a nightmare scenario that intelligence officials have feared for years, one that would allow a foreign government to covertly move hacked hardware devices into a commercial supply chain.
In an interview earlier this month, Blumenthal told The Daily Beast that his doubts about the veracity of the report sparked the senators’ letter to Supermicro, adding: “We have no independent knowledge.”
Sen. Mark Warner (D-VA), the vice chairman of the Senate Intelligence Committee, said it was clear to him that “the initial response from the American government has been, they don’t think that the Bloomberg story, to the full extent, has much validity.” He told The Daily Beast that he has already begun raising the issue with the intelligence community.
FBI Director Christopher Wray also appeared to push back on the veracity of the Bloomberg report during a Senate Homeland Security Committee hearing earlier this month.
“I would say to the newspaper article or, I mean the magazine article, I would say be careful what you read, especially in this context,” Wray told Sen. Ron Johnson (R-WI), the chairman of the committee, when Johnson asked about the FBI’s response to the report.
Johnson pressed Wray for a more detailed explanation about whether the Bloomberg story rings true, but Wray would only say that he could not disclose the existence of any possible investigation into the matter.
Homeland Security Secretary Kirstjen Nielsen, also testifying before the committee, went further than Wray, telling senators that DHS does “not have any evidence that supports the article.” Across Capitol Hill, the Bloomberg report has been met with a similar amount of skepticism. But lawmakers were frustrated that top intelligence officials appeared unwilling to give them an assessment about the accuracy of the report.
“My whole point is I think exposure—people aware of threats and what people are doing to attack our systems—we need to know that. And just keeping this withheld within the intelligence community doesn’t do people a whole lot of good,” Johnson told The Daily Beast this month. “I’m more concerned about, okay, why doesn’t Homeland Security know anything about this? Who can come to the oversight committees in Congress to let us know? We can do it in a secure briefing. Let us know. If these things are true, I shouldn’t be reading about these things in a Bloomberg article.”