"New Evidence of Hacked Supermicro Hardware Found in U.S. Telecom" (SMCI)
Supermicro stock is down 25.42% (-3.75) at $11.0.
From Bloomberg, October 9, 2018, 8:01 AM PDT:
Discovery shows China continues to sabotage critical technology components bound for America
A major U.S. telecommunications company discovered manipulated hardware from Super Micro Computer Inc.
in its network and removed it in August, fresh evidence of tampering
in China of critical technology components bound for the U.S., according
to a security expert working for the telecom company.
The security expert, Yossi Appleboum, provided documents, analysis and other evidence of the discovery following the publication of an investigative report in Bloomberg Businessweek that
detailed how China’s intelligence services had ordered subcontractors
to plant malicious chips in Supermicro server motherboards over a
two-year period ending in 2015.
Yossi Appleboum
Source: Yossi Appleboum
Appleboum previously
worked in the technology unit of the Israeli Army Intelligence Corps
and is now co-chief executive officer of Sepio Systems in
Gaithersburg, Maryland. His firm specializes in hardware security and
was hired to scan several large data centers belonging to the
telecommunications company. Bloomberg is not identifying the company due
to Appleboum’s nondisclosure agreement with the client. Unusual
communications from a Supermicro server and a subsequent physical
inspection revealed an implant built into the server’s Ethernet
connector, a component that's used to attach network cables to the
computer, Appleboum said.
The executive said he has seen similar
manipulations of different vendors' computer hardware made by
contractors in China, not just products from Supermicro. “Supermicro is a
victim -- so is everyone else,” he said. Appleboum said his concern is
that there are countless points in the supply chain in China where
manipulations can be introduced, and deducing them can in many cases be
impossible. “That's the problem with the Chinese supply chain,” he said.
Supermicro,
based in San Jose, California, gave this statement: “The security of
our customers and the integrity of our products are core to our business
and our company values. We take care to secure the integrity of our
products throughout the manufacturing process, and supply chain security
is an important topic of discussion for our industry. We still have no
knowledge of any unauthorized components and have not been informed by
any customer that such components have been found. We are dismayed that
Bloomberg would give us only limited information, no documentation, and
half a day to respond to these new allegations.”
Bloomberg News
first contacted Supermicro for comment on this story on Monday at 9:23
a.m. Eastern time and gave the company 24 hours to respond....MUCH MORE
