The Chinese military managed to install and disguise tiny chips on computing hardware destined for U.S. military and intelligence agencies, as well as companies such as Apple (aapl), according to a Bloomberg Businessweek report about a quiet but long-running investigation in the U.S.
According to the Thursday report, the chips were hidden on server motherboards being sold by the San Jose-based company Supermicro, during the manufacturing process in China. They were disguised as another type of component known as a signal conditioning coupler.
The hardware implants were apparently first discovered by security testers doing due diligence on the systems of a video-compression firm called Elemental, ahead of its takeover by Amazon. That reportedly sparked a three-year probe that is still ongoing.
The unnamed U.S. officials who informed Bloomberg‘s piece said the chips made it possible to modify the operating systems running on those servers, giving spies a way to remotely contact and commandeer those computers. The targets, one said, were sensitive government networks and the secrets of big corporations.
The servers apparently made their way into everything from Defense Department data centers and CIA drone operations to companies such Apple, insiders from which told the publication that malicious chips were found on Supermicro motherboards in 2015—the same year when Amazon’s retained security experts found them.
Amazon also found altered motherboards on Supermicro-build servers in its Chinese Amazon Web Services operations, the article claimed.
In a series of statements, Amazon (amzn) denied knowing about malicious chips when buying Elemental or finding modified motherboards in its Chinese data centers, Apple insisted it had also never found the chips, Supermicro said it knew nothing about any investigation, and China’s foreign affairs ministry said the country was a “resolute defender of cybersecurity.”
However, Bloomberg claimed its reportage was based on interviews with 17 people, including six current and former senior national security officials, two people inside Amazon Web Services, and three Apple insiders.
Introducing spy chips into the supply chain would be a significant feat. The revelations of NSA whistleblower Edward Snowden showed that U.S. intelligence prefers to sneak such hardware into the items that targets buy, while the items are in transit. But then again, China makes an awful lot more hardware than the U.S. does.
According to the report, intelligence specifically warned the White House in 2014 that China’s military was planning to install the chips on Supermicro motherboards. But, because Supermicro’s hardware is so widely used, and the target was unclear, and this was a major American company—unlike China’s Huawei and ZTE (ztcoy), which have been publicly accused of presenting security threats—the FBI held back from issuing a public warning. That reticence continued through from the Obama administration to the Trump administration.