Apple investigates, but finds nothing about alleged Chinese espionage

And here we go to another chapter involving the alleged espionage of the Chinese government. If you are out of this new controversy, here is a brief summary: Bloomberg Businessweek He said that data centers operated by Apple, Amazon and many other American companies (about 30 in total) as well as agencies of the US government itself may have been subject to surveillance by the Chinese government.

The government would have taken advantage of the fact that today everything is made in China to insert a microchip in servers used by Apple and other companies during the process of making this equipment, in order to gather intellectual property and trade secrets from American companies.

Apple vehemently denied the information; even the company's legal director (who is now retired, but was at the head of the company when it all supposedly happened) said that nothing in this story makes sense.

Now several senior Apple executives have spoken to BuzzFeed News under the condition of anonymity so that they could talk freely, without strings attached. And all denied the story, still expressing a certain confusion with the magazine's timeline.

Among the people who spoke with the vehicle, three of them are senior executives who work with security and legal teams. And, according to them, there is no way to explain these allegations. O BuzzFeed News informed that a soft, granular investigation was carried out and very focused not only on the claims made by Bloomberg, but about unrelated incidents that could have inspired the published story and nothing, nothing was found. "We tried to find out if there was anything, anything that happened even remotely close to it," said an Apple security executive. "We didn't find anything."

We tried to find out if there was anything, anything that happened even remotely close to it. We found nothing.

A senior security engineer directly involved in Apple's internal investigation described everything as "endoscopic", saying they had never seen a microchip like the one described in the story, let alone found one. "I don't know if something like this exists," said that person, noting that Apple did not receive a malicious chip or plaque from me to examine. They gave us nothing. No hardware. No chips. No email. ”

Another point that greatly intrigued Apple executives was the statement of FBI involvement (the Bloomberg described that Apple “reported the incident to the FBI”). According to sources BuzzFeed News, Ma has not contacted the FBI and has not been contacted by them, the CIA, the NSA or any other government agency that could have anything to do with this type of incident. Still according to the BuzzFeed News, the reach and responsibilities of this person they talked to are so high that it is very unlikely that he will not be on the inside of something like this.

An Apple security engineer said while still rebutting a statement from Bloomberg that after identifying the malicious microchips in 2015, the company replaced all of Super 7's approximately 7,000 servers in a matter of weeks that no servers were removed, “neither 7,000 nor 2,000”.

What happened, according to him, was that a single malware common, on a single server (in a lab environment) was found. Apple determined that the episode was the result of Super Micro's lack of system hygiene. “We have lost confidence in the supplier. We move on. Many companies do this. ”

THE Bloomberg, in turn, said that its story is equally striking, stating that the report is the result of more than a year of investigations and more than 100 interviews. Seventeen individual sources, including government officials and insiders in companies, confirmed the manipulation of hardware and other elements of the attacks. We also publish complete statements from three companies, as well as a statement from the Ministry of Foreign Affairs of China. We maintain our history and are confident in our reports and sources, ”said a spokesman for the Bloomberg to BuzzFeed News.

Statement by the Department of Homeland Security

On its website, the Department of Homeland Security (Department of Homeland Security, or DHS) of the United States made the following statement:

The Department of Homeland Security is aware of media reports about a compromise in the technology supply chain. Like our partners in the UK, the National Cyber ​​Security CenterAt this moment, we have no reason to doubt the statements of the companies mentioned in the report. The security of the information and communication technology supply chain is critical to DHS's cybersecurity mission and we are committed to the security and integrity of the technology that Americans and others around the world increasingly trust. Just this month, the National Cybersecurity Awareness Month launched several industry government initiatives to develop short and long-term solutions to manage the risk posed by the complex challenges of increasingly global supply chains. These initiatives will build on existing partnerships with a wide range of technology companies to strengthen our nation's collective cyber security and risk management efforts.

As John Gruber (from Daring Fireball) said, if the Bloomberg is correct, there are thousands of servers compromised by (not only from Apple and Amazon). If so, security experts will eventually identify these intrusive chips at some point.

Gruber also said that, from what he heard, Apple is very uncomfortable with the story and that he will not let that pass.

Apple and the US Congress

Ma's vice president of information security, George Stathakopoulos, wrote a letter to the American Congress (more precisely, to the home trade committee) reaffirming that the company investigated everything thoroughly and found absolutely nothing that could refer to the statements of the Bloomberg.

Apple's proprietary security tools are continually searching for exactly that type of data transmission, as well as identifying the existence of malware or any other malicious activity.

· • ·

Let us wait for the scenes of the next chapters