Report: China planted surveillance microchip in servers used in U.S.
Major tech companies dispute article
China secretly inserted surveillance microchips into servers used by major technology companies, including Apple and Amazon.com, in an audacious military operation likely to further inflame trade tensions between the United States and its leading source of electronics components and products, Bloomberg Businessweek reported Thursday morning.
The article detailed a sweeping, yearslong effort to install the surveillance chips in servers whose motherboards — the brains of the powerful computers — were assembled in China. One affected company had its servers used by U.S. government clients, including Department of Defense data centers, Navy warships and the CIA in its drone operations.
The extent of the data China collected from the surveillance chips was not clear from the report, and no consumer information was known to have been stolen, according to Bloomberg Businessweek. But it said a top-secret U.S. government investigation, dating from 2015 and involving the FBI, remains open.
The story cited 17 unnamed sources, including industry insiders and current and former U.S. officials. The Chinese government, Apple, Amazon and other involved companies disputed the report to Bloomberg Businessweek, and the FBI and U.S. intelligence officials declined to comment.
One U.S. official told The Washington Post on Thursday morning that the thrust of Bloomberg Businessweek’s reporting was accurate. This person spoke on the condition of anonymity to discuss matters not approved for public release.
The revelations came just hours before Vice President Mike Pence was to deliver a stinging rebuke of China in a speech at the Hudson Institute in Washington. Mr. Pence issued a range of criticisms at what the Trump administrations sees as China’s increasingly aggressive behavior, including allegations by President Donald Trump last week that the country is meddling in the U.S. midterm elections.
Both Apple and Amazon discovered the surveillance chips in 2015 and took steps to replace the affected servers, according to the report, which described close cooperation between U.S. investigators and affected companies. The report said that dozens of companies may have used sabotaged servers in their data centers before the Chinese operation was detected.
Apple on Thursday morning referred the Post to its statement in the Bloomberg Businessweek story alleging that the reporting was inaccurate. “Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident.”
The report also quoted denial of the reporting by Amazon Web Services, a cloud-services subsidiary of Amazon, which in 2015 acquired a company, Elemental, whose servers reportedly were affected by the Chinese operation.
“It’s untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental,” the Amazon statement said. “It’s also untrue that AWS knew about servers containing malicious chips or modifications in data centers based in China, or that AWS worked with the FBI to investigate or provide data about malicious hardware.”