Lawmakers Press Company Accused of Selling Servers Compromised by China

Report: China used subcontractors to plant malicious chips in servers sold by Super Micro

Chinese flag
Getty Images
• October 11, 2018 2:15 pm


Lawmakers are demanding answers from a server manufacturer accused of selling equipment compromised by Chinese spies to major U.S. tech companies, including Apple and Amazon.

The issue captured bipartisan attention earlier this week following a Bloomberg report contending that Chinese intelligence services used subcontractors to plant malicious chips in server motherboards sold by Super Micro over a two-year span. Super Micro, Apple, and Amazon have all disputed the report's findings.

Rep. Greg Walden (R., Ore.), who chairs the House Energy and Commerce Committee, said he and ranking member Frank Pallone (D., N.J.) are closely examining the report's claims. The two are pursuing legislation that would address the national security risks to the supply chains of U.S. telecommunications companies.

"As we gather more information about exactly what happened in this potential compromise of America's communications supply chain, what's clear is that the seriousness of risks to the supply chain cannot be overstated," Walden told the Washington Free Beacon. "The many layers of supply chain infrastructure, from software to hardware, pose a rich target to America's adversaries and a complex environment for national security."

A spokesperson for Sen. Tom Cotton (R., Ark.), Caroline Tabler, said it's "past time for American companies to wake up" and realize that Beijing views American private enterprise as "fair game in their subversive campaign" against the country.

"The Chinese Communist Party will stop at nothing to undermine the security of the United States," Tabler told the Free Beacon.

Super Micro, based in San Jose, California, is one of the world's largest suppliers of server systems in the world. According to Bloomberg, the company came under federal scrutiny when a contractor that made software to help send drone footage to the CIA and International Space Station detected a breach of its computer systems.

An FBI counter-intelligence probe into the hack found that microchips had been inserted onto equipment made by subcontractors of Super Micro during manufacturing in China. The chips enabled hackers to create an opening into any network using the compromised servers, national security officials familiar with the investigation told Bloomberg.

Sens. Marco Rubio (R., Fla.) and Richard Blumenthal (D., Conn.) sent a letter to Super Micro CEO Charles Liang on Wednesday asking if the company had ever detected tampering with its products and whether it investigated its supply chain after Apple found compromised firmware in February 2017.

"If this news report is accurate, the potential infiltration of Chinese backdoors could provide a foothold for adversaries and competitors to engage in commercial espionage and launch destructive cyber attacks," Rubio and Blumenthal wrote.

FBI director Christopher Wray told a Senate panel Wednesday the bureau is investigating the claims put forward by Bloomberg. Kirstjen Nielsen, the secretary of homeland security, said the department is also looking into the report, adding that she has "no reason to doubt" the denials by Super Micro, Apple, and Amazon.

Sen. John Thune (R., S.D.), who serves as the chairman of the Senate Commerce Committee, sent letters to the CEOs of each of the companies last week requesting staff briefings on the report by Friday, Oct. 12. The companies have not yet commented on Thune's letter.

Published under: China