Taken at face value, a pair of articles on Bloomberg by Jordan Robertson and Michael Riley details how Chinese government intelligence agencies snuck tiny chips into computer servers used by Amazon and Apple, and by at least one major U.S. telecoms company. The devices – as small as the tip of a pencil – could be used to listen to communications going in and out, or to dive deeper into those systems.
If true, Bloomberg’s reporting means that the Chinese government, and possibly other intelligence agencies and criminal groups, have a backdoor that leads deep into U.S. telecoms and data processing infrastructure. It is flatly denied by some U.S. government security officials, by Apple and Amazon, and, according to a story by Jason Koebler, Joseph Cox, and Lorenzo Franceschi-Bicchierai on Motherboard, by most major U.S. telecoms companies…
Motherboard has reached out to 10 major US telecom providers, and the four biggest telecoms in the US have denied to Motherboard that they were attacked: In an email, T-Mobile denied being the one mentioned in the Bloomberg story. Sprint said in an email that the company does not use SuperMicro equipment, and an AT&T spokesperson said in an email that “these devices are not a part of our network, and we are not affected.” A Verizon spokesperson said: “Verizon’s network is not affected.”
A CenturyLink spokesperson also denied that the company is the subject of Bloomberg’s new story. A Cox Communications spokesperson said in an email: ”The telecom company referenced in the story is NOT us." Comcast also said it’s not the company in the Bloomberg story.
Charter Communications and Frontier Communications, two of California’s biggest telecoms companies, aren’t on the not me list, but that might be the result of poor response by their press relations people or, less likely, because they weren’t contacted by Motherboard.
Although Bloomberg’s stories have been refuted by U.K. intelligence agencies, their U.S. counterparts have been silent, as is common practice. Which leaves the door open to uncomfortable speculation: they could have discovered the backdoors and be taking advantage of them too. And if they can, so can other national governments and criminal organisations. Unfortunately, U.S. government spy agencies put a higher priority on their own access to cracked systems, than on defending public cyberspace.
Until this mystery is solved, we’ll have to cope with the possibility that our data centers and telecoms networks are hopelessly compromised.