clock menu more-arrow no yes

Filed under:

Another US intel chief casts doubt on Chinese spy chip story

New, 9 comments

The Bloomberg report has faced speculation from cybersecurity experts across the world

Illustration by Alex Castro / The Verge

On Thursday, US director of national intelligence Dan Coats told Cyberscoop that he has yet see any evidence to corroborate the claims that Chinese spies compromised critical US tech infrastructure following a report by Bloomberg earlier this month.

“We’ve seen no evidence of [Chinese hardware manipulation],” Coats said, “but we’re not taking anything for granted.”

An earlier Bloomberg report claimed that Chinese spies had inserted tiny malicious chips into Supermicro servers that were subsequently purchased by dozens of Silicon Valley’s most prominent tech companies, including Apple and Amazon. The reported cited multiple unnamed sources from US intelligence services as well as former employees from both companies.

But in the weeks since the spy chip story was published, many have grown skeptical. The report has yet to be corroborated by reporters outside of Bloomberg, and it has met with a string of detailed denials from tech companies and government officials. Both Apple and Amazon released statements vehemently denying the claims made in the report. “On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server,” a statement from Apple read.

Senior officials from the Department of Homeland Security and the UK’s top cybersecurity agency also say they are not aware of a supply-chain attack like the one described by Bloomberg. One of the report’s named sources also said on a podcast that the story’s central claim “didn’t make any sense.”

Thomas Rid, a political scientist and information technology expert, has called for Bloomberg to retract the story or otherwise provide further evidence. “Man up Bloomberg, face the facts if you think facts matter, get to the bottom of what went wrong here,” Rid said in a tweet. “And try to salvage your badly tarnished reputation in computer security reporting.”