NSA Cyber Official Asks for First-Hand Accounts of Chip Hacking

An NSA cybersecurity official asked anyone with "first-degree knowledge" of Chinese attempts to hack hardware headed for US data centers to share what they know with federal authorities•The senior cybersecurity adviser made the plea Wednesday at an event hosted by the US Chamber of Commerce and RealClearPolitics•He was addressing a report by Bloomberg Businessweek last week, which said Chinese military agents had spy chips covertly planted on Supermicro motherboards ordered by US companies

Bloomberg

October 11, 2018

3 Min Read
The NSA data center campus in Utah
The NSA data center campus in UtahElectronic Frontier Foundation

John Voskuhl (Bloomberg) -- A cybersecurity expert with the National Security Agency made a public plea Wednesday for anyone with “first-degree knowledge” of Chinese attempts to hack computer hardware to share it with federal authorities.

Rob Joyce, an NSA senior adviser for cybersecurity strategy, said that so far, the agency has not been able to corroborate an investigative report in Bloomberg Businessweek that detailed efforts by China’s intelligence services to plant malicious chips in server motherboards produced by Super Micro Computer Inc.

“We’re just befuddled,” Joyce said during a question-and-answer session that was part of a cybersecurity program hosted by the U.S. Chamber of Commerce and RealClearPolitics.

Bloomberg’s report, which was based on accounts from 17 unnamed sources, said Chinese officials had ordered subcontractors to plant the chips in Supermicro server motherboards over a two-year period ending in 2015. The company has said that it has “no knowledge of any unauthorized components.”

Investigators found that Chinese infiltration through Supermicro reached almost 30 companies, including Amazon.com Inc. and Apple Inc., according to the report. All three companies have disputed the findings. In an emailed statement, the Chinese government said in part “we hope parties make less gratuitous accusations and suspicions but conduct more constructive talk and collaboration.”

The U.S. Department of Homeland Security said it has “no reason to doubt” the companies.

Joyce said on Wednesday that “at this point, I have no leads I can specifically work.”

“If somebody has first-degree knowledge, can hand us a board, can point to somebody in a company that was involved in this, as claimed, we want to talk to them,” he said. He urged anyone with knowledge to approach the FBI, the NSA or DHS.

Joyce said it’s particularly important to find people who know about the activities first-hand. “What’s happening right now is we’ve gotten a lot of people who have heard from another person who heard from another person, right?”

Also Wednesday, FBI Director Christopher Wray deflected questions from a Republican senator about Bloomberg Businessweek’s report. The report cited national security officials familiar with the matter in saying that the infiltration of the computer systems was investigated as part of an FBI counterintelligence probe.

“We have very specific policy that applies to us as law enforcement agencies to neither confirm nor deny the existence of an investigation,” Wray told the Senate Homeland Security Committee on Wednesday. “I do want to be careful that my comment not be construed as inferring, or implying I should say, that there is an investigation.”

“Be careful what you read in this context,” Wray added.

Senator Ron Johnson, a Wisconsin Republican and committee’s chairman, said the article seems like it’s “pretty sound reporting,” and he asked, “How come I’m finding out from Bloomberg and not in terms of contact from the federal government?”

On Tuesday, Bloomberg News reported that a major U.S. telecommunications company discovered manipulated hardware from Supermicro and removed it in August, citing Yossi Appleboum, a security expert for the telecommunications company. He provided documents, analysis and other evidence of the discovery after the publication of the Bloomberg Businessweek report. Bloomberg isn’t identifying the company due to Appleboum’s nondisclosure agreement with the client.

Supermicro responded in a statement that it didn’t know of any unauthorized components and had “not been informed by any customer that such components have been found.”

Appleboum told Bloomberg that he has seen similar manipulations of different vendors’ computer hardware made by contractors in China, not just products from Supermicro. “Supermicro is a victim -- so is everyone else,” he said.

Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.

You May Also Like