Bloomberg Businessweek, which published an exclusive report Thursday based on a lengthy investigation, said that Chinese hacking was "the most significant known supply chain attack ever against United States companies". "We did not uncover any unusual vulnerabilities in the servers we purchased from Supermicro when we updated the firmware and software according to our standard procedures". Investigators say that a unit of China's People's Liberation Army planted chips the size of a pencil point onto computer motherboards being built for a USA company called Supermicro. It wasn't long before that company uncovered "troubling issues", which prompted Amazon Web Services (AWS) to take a closer look at Elemental's server products.
"(In the) ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines.
Consumer data is not believed to have been involved in the security incident. The nature of the attack allowed the spies to create secret backdoors in these products, providing almost unlimited access to some of the data generated by the products these motherboards were powering.
Apple was one of the victims of the apparent breach, according to Bloomberg. "Amazon reported the discovery to USA authorities, sending a shudder through the intelligence community", the report continues.
But Supermicro, Amazon, and Apple are roundly denying the report.
Amazon, for its part, was equally firm about the issue.
Vietnam donates $100000 for disaster relief work in Indonesia
Indonesia's national disaster agency has upped the official death toll to 1,407, with 70,000 others displaced. On Monday, Prime Minister Narendra Modi called up Indonesian President Joko Widodo and offered assistance.
AWS has also denied the report, telling Bloomberg: "We've found no evidence to support claims of malicious chips or hardware modifications". The story says Amazon found the chips while investigating a potential partnership with a startup and alerted the government, though Amazon also disputes the account.
"On this, we can be very clear: Apple has never found malicious chips, "hardware manipulations" or vulnerabilities purposely planted in any server", the tech giant says. This level of hardware hacking would be borderline unprecedented in scope, and Bloomberg claims the FBI opened an investigation (after the incident was reported by Apple) that's still in progress three years later. Apple removed all Super Micro servers from its data centers in 2016. "We are not aware of any investigation by the FBI, nor are our contacts in law enforcement".
Bloomberg said its report was based on confirmations of the hack by 17 unnamed people. The Chinese government claimed to be "a resolute defender of cybersecurity" in statements to Bloomberg.
Bloomberg's investigation has not been confirmed on the record.
The full story can be accessed via Bloomberg News.
Apple and Amazon stock were both down over 1% at the time of publication.