Doubts are increasing about some bombshell hacking allegations. A report by Bloomberg news alleged that Chinese spies had slipped malicious chips into servers used by U.S.-based companies. Apple, Amazon and other American companies deny the report, but Bloomberg is standing by it. CGTN’s Jim Spellman examines the allegations – with the writer – and with security experts.
In early October, Bloomberg Businessweek published a bombshell story claiming Chinese manufacturers secretly installed tiny chips onto complex computer circuit boards, allowing the Chinese government to allegedly spy on companies including Apple and Amazon.
“We cite 17 different sources in the story, now these are senior level officials across the government, but also senior level officials inside the companies,” says Jordan Robertson, one of the reporters behind the story, in an appearance on Bloomberg TV.
But problems with the story soon emerged.
“The cyber security community, which is very active, has become very skeptical of this, and you’ve seen a growing chorus of U.S. government officials unable to corroborate the details and the points made in the original story,” says Paul Triolo, head of global technology policy at the Eurasia Group, an independent consulting firm.
Apple released a statement saying in part:
“Over the course of the past year, Bloomberg has contacted us multiple times with claims, sometimes vague and sometimes elaborate, of an alleged security incident at Apple. Each time, we have conducted rigorous internal investigations based on their inquiries and each time we have found absolutely no evidence to support any of them.”
And Amazon’s chief information security officer released a statement saying in part:
“There are so many inaccuracies in this article as it relates to Amazon that they’re hard to count… At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips…”
And now one of the few named sources in the article is speaking out. On the Risky Business podcast, computer hardware security expert Joe Fitzpatrick says many of the technical details in the article seem to be based on discussions with the authors about what may be theoretically possible – not about actual hardware hacks.
“I heard the story, and it just didn’t make sense to me,” Fitzpatrick says on the podcast, “I didn’t speak to any fact checkers. I see a lot of details that I gave out of context. I’m not an expert judge on the quality of journalism, but I definitely have my doubts on this one.”
One of the Bloomberg reporters says U.S. authorities may be reluctant to publicly admit hardware hacking has occurred. Cybersecurity experts say U.S. firms sometimes fear that revealing vulnerabilities will hurt their businesses.
“What we discovered is the U.S. government is in a very tricky position because if they announced the breech that could potentiality damage a U.S. company and also this was a U.S. company and this was a problem with no solution,” says Jordan Robertson, the Bloomberg reporter.
Bloomberg is defending the article, releasing a statement that reads in part:
“Seventeen individual sources, including government officials and insiders at the companies, confirmed the manipulation of hardware and other elements of the attacks… We stand by our story and are confident in our reporting and sources.”
China has denied the allegations, saying it opposes and combats all forms of cyber-attack and espionage.
“The relevant accusation is totally groundless. Someone in the U.S. keeps trying to slander and frame China by making up story based on hearsay evidence,” says Lu Kang, Chinese Foreign Ministry Spokesman.
Some cyber security analysts are wondering if global politics may be at play.
“It comes at a very sensitive time in U.S.-China relations so some people have questioned the timing of this too and why this has come out right now,” says Triolo.
The U.S. National Security Agency has not been able to corroborate the charges made in the story. An N.S.A. adviser is calling for anyone with direct knowledge of hardware hacks to come forward. So far, none of the alleged hacked circuit boards has surfaced.