UK Cybersecurity Centre Backs up Apple’s Denial of Chinese Hacking

The United Kingdom’s cybersecurity agency on Friday backed Apple’s and Amazon’s denial of targeted Chinese hacking.

Earlier this week, Bloomberg Businessweek reported that Chinese military spies had planted tiny chips onto motherboards manufactured by a firm called Super Micro in China and Taiwan.

These motherboards eventually ended up in use at Apple and Amazon data servers and allegedly were used to steal corporate trade secrets and government information and transmit them to the Chinese government. Apple was reportedly the first to discover the chips and report them to the FBI.

But the National Cyber Security Centre at the GCHQ — Britain’s equivalent to the NSA — told Reuters that it had no reason to refute the statements from Apple and Amazon that counter Bloomberg’s story.

“We are aware of the media reports but at this stage have no reason to doubt the detailed assessments made by (Amazon Web Services) and Apple,” the agency said.

The NCSC added that it “engages confidentially with security researchers and urges anybody with credible intelligence” about the report to contact them.

Super Micro had supplied Apple with data server hardware at one point. But the Cupertino tech giant severed ties with the California-based firm in 2016.

Reportedly, that was due to an unrelated security incident in which Apple engineers found one compromised driver on a single Super Micro server. But Apple says that it was an accidental, one-time incident that doesn’t indicate any widespread targeting of the company.

Bloomberg Businessweek reportedly cited a slew of government and corporate officials, including anonymous insiders at Apple.

Apple has refuted the story in a strongly-worded statement, stating that the company’s practice is to thoroughly check every one of its servers for security vulnerabilities and had “never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server.”

The company also clarified that it is not under any kind of government gag order due to a secret investigation into the incident.

Amazon and Super Micro also disputed the factuality of the story. Apple, for its part, said that none of its own security personnel or its contacts in law enforcement were aware of any such investigation into targeted Chinese spying.

Furthermore, Apple’s recently retired general counsel, Bruce Sewell, said that he had called the FBI last year after Bloomberg told him of an investigation into Super Micro.

Reuters reported that Sewell called the FBI’s then-general counsel, James Baker, and inquired about the investigation. “I got on the phone with him personally and said, ‘Do you know anything about this?” Sewell told the media outlet.

“(Baker) said, ‘I’ve never heard of this, but give me 24 hours to make sure.’ He called me back 24 hours later and said ‘Nobody here knows what this story is about.’”