According to a Bloomberg report released on Friday, Feb. 12, chips supplied to Super Micro Computer Inc. (Supermicro) were compromised by the Chinese in an effort to spy on the U.S systems. It also stated that U.S. intelligence agencies were aware of this wide-reaching espionage program. But these agencies did not warn Supermicro or its customers, because they prioritized monitoring China’s surveillance techniques in the hopes of developing countermeasures against them.
“This was espionage on the board itself,” said Mukuk Kumar, former chief security officer of Altera Corp. who said he received a warning about the spying in an unclassified briefing in 2015.
“There was a chip on the board that was not supposed to be there that was calling home – not to Supermicro but to China.”
“Supermicro is the perfect illustration of how susceptible American companies are to potential nefarious tampering of any products they choose to have manufactured in China,” Jay Tabb, a former senior Federal Bureau of Investigation (FBI) official, told Bloomberg. “It’s an example of the worst-case scenario if you don’t have complete supervision over where your devices are manufactured.”
Chinese spying through Supermicro under investigation for nearly a decade
China’s spying through computer products made by Supermicro has been under federal scrutiny for much of the past decade. This included a 2012 counterintelligence investigation by the FBI. Here agents started monitoring the communications of a small group of Supermicro workers, using warrants obtained under the Foreign Intelligence Surveillance Act, or FISA. (Related: Over 1,000 Chinese researchers have fled the US since federal crackdown on technological and economic espionage.)
Whether the probe is still ongoing, as well as what it found, is still unknown. But according to an adviser to two security firms that helped the FBI in its investigation, the Bureau had been enlisting private-sector help in analyzing Supermicro equipment that contained the added chips as recently as 2018.
Tabb declined to address specifics of the Bureau’s probe, but he confirmed that it knew that the spying had been going on for some time.
“The Chinese government has been doing this for a long time, and companies need to be aware that China is doing this,” he said. “And Silicon Valley in particular needs to quit pretending that this isn’t happening.”
What is known, is that neither Supermicro nor any of its employees have been implicated in the espionage. Former U.S. officials who provided information for the Bloomberg report emphasized that the company itself has not been the target of any counterintelligence operation.
Supermicro itself has stated that it has “never been contacted by the U.S. government, or by any of our customers, about these alleged investigations.” It claimed that the report was a “mishmash of disparate and inaccurate allegations” and that it drew “farfetched conclusions.”
The company noted that federal agencies, including those conducting investigations into the spying, are still buying Supermicro products.
“Supermicro is an American success story and the security and integrity of our products is a top priority,” the company said.
Bloomberg reported on espionage before
The new report is not the first time that Bloomberg has reported on alleged Chinese spying through Supermicro’s chips. The news outlet ran a similar report on it back in 2018. Back then, the outlet reported that Apple and Amazon had found the spy chips on Supermicro equipment that they had purchased.
Following that story, Apple, Amazon and Supermiacro publicly called for a retraction, while some government officials also disputed the article.
But with the new report, it’s clear that the prior story only captured part of a larger chain of events in which U.S. officials first suspected, then investigated and monitored China’s spying through Supermicro’s products.
“In early 2018, two security companies that I advise were briefed by the FBI’s counterintelligence division investigating this discovery of added malicious chips on Supermicro’s motherboards,” said Mike Janke, a former Navy SEAL who co-founded venture capital firm DataTribe. “These two companies were subsequently involved in the government investigation, where they used advanced hardware forensics on the actual tampered Supermicro boards to validate the existence of the added malicious chips.”
Following the Bloomberg report, other sources have also spoken out about the spying. Talking to The Register, an unnamed former executive at a major semiconductor company supported Bloomberg‘s claim.
“I have physically held evidence in my hands,” he said with regard to the compromised hardware. “I have seen it from multiple governments.”
Follow CommunistChina.news for more on China’s attempts to steal American technology.