The CEO of privately owned Sepio Systems found that hardware used in the data center of a US telecom company manufactured by Super Micro Computer Inc (NASDAQ:SCMI) was compromised with an implant made by China designed to conduct covert surveillance and exfiltrate corporate or government secrets, according to a report by Bloomberg.
Yossi Appleboum, the co-founder and CEO of Sepio and a former Israeli intelligence officer, said the implant was introduced at the factory in China where the company's equipment was built. “Supermicro is a victim — so is everyone else,” he told Bloomberg.
Appleboum, who had worked in the technology unit of the Israeli Army Intelligence Corps, said there are countless points in the supply chain in China where spyware can be introduced and detecting them in many cases is almost impossible. "That's the problem with the Chinese supply chain," he said.
READ: Super Micro Computer rejects reports Chinese spy chips in servers used by Apple and Amazon.com
Super Micro disputed the conclusions reached in the report by issuing a statement: “The security of our customers and the integrity of our products are core to our business and our company values. We take care to secure the integrity of our products throughout the manufacturing process, and supply chain security is an important topic of discussion for our industry.
"We still have no knowledge of any unauthorized components and have not been informed by any customer that such components have been found. We are dismayed that Bloomberg would give us only limited information, no documentation, and half a day to respond to these new allegations.”
The news agency said it asked for comment on Monday and gave the company 24 hours to respond.
Appleboum said that he was told by Western intelligence contacts that the device was made at a Supermicro subcontractor factory in Guangzhou, some 90 miles upstream from Shenzhen, which borders Hong Kong. The city of Shenzhen is home to Chinese internet giants such as Tencent Holdings Ltd and Huawei Technologies Co Ltd.
The tampered hardware was found in a facility that had large numbers of Supermicro servers, and the telecommunication company's technicians couldn’t answer what kind of data was pulsing through the infected one, said Appleboum, who accompanied them for a visual inspection of the machine.
As a result of the story, the top Republican on the US Senate commerce committee, John Thune, sent a letter to the chief executives of Super Micro, Apple and Amazon seeking staff briefings from the three companies involved.
Separately, Democratic Senator Richard Blumenthal and Republican Senator Marco Rubio wrote to Super Micro CEO Charles Liang and asked him to provide by October 17 information about when the company first became aware of the report and whether and how it was investigated.
The two lawmakers said in their letter that the "potential infiltration of Chinese backdoors could provide a foothold for adversaries and competitors to engage in commercial espionage and launch destructive cyber attacks."
The fresh allegations against Super Micro had seemingly no immediate impact on its shares.
The shares were trading 2% higher at $12.72 in early trade on Wednesday.
On October 3, the stock had closed at $21.40. When the report first came out last week, the stock finished at $12.60 on Thursday, having plunged 37.75% during the session..
Reporting by Rene Pastor, contactable on [email protected]