AWS, Apple Get Support From UK Agency Over China Hack Report
At least one government agency is raising questions about a Bloomberg Businessweek story that claimed infiltration of servers, used by the likes of Amazon Web Services and Apple, by Chinese spies.
In a statement to Reuters, the United Kingdom's National Cyber Security Centre has shown support for the strongly worded rebuttals of the story issued by AWS and Apple.
"We are aware of the media reports but at this stage have no reason to doubt the detailed assessments made by AWS and Apple," the National Cyber Security Centre said in the statement, according to Reuters. CRN has reached out to the agency for the full statement.
[Related: Apple Responds To China Hack Story, Again: 'No One At Apple Has Ever Heard Of This Investigation']
The Reuters report also cited an interview with Bruce Sewell, who retired as Apple's general counsel a year ago, which would seem to cast additional doubt on the Bloomberg report. Reuters referred to a conversation between Sewell and former FBI general counsel James Baker, in which Baker told Sewell of the purported China hack, "Nobody here [at the FBI] knows what this story is about."
The FBI declined to comment to CRN.
The Bloomberg Businessweek report contends that server motherboards made by San Jose-based Supermicro, which were eventually used by companies including AWS and Apple, were compromised with malicious hardware during manufacturing.
According to Bloomberg, the servers were implanted with tiny microchips that were intended to steal sensitive data for China. The FBI has been involved in investigating the alleged incursion, Bloomberg reported.
Apple, AWS and Supermicro have all issued statements disputing the report.
In a lengthy statement posted on Apple's website, the company said "there is no truth to these claims" reported by Bloomberg.
"Despite numerous discussions across multiple teams and organizations, no one at Apple has ever heard of this investigation," Apple said.
AWS also released a lengthy statement calling claims in the Bloomberg report "untrue."
"There are so many inaccuracies in this article as it relates to Amazon that they're hard to count," wrote AWS chief information security officer Steve Schmidt in the statement posted online.
In its statement to Reuters, the National Cyber Security Centre noted that it "engages confidentially with security researchers and urges anybody with credible intelligence about these reports to contact us."