Cyber Saturday—China’s Chip Hack, Amazon and Apple’s Denials, Google’s Trust Reversal
October 7, 2018, 4:07 AM UTC
Bloomberg Businessweek published a nuclear warhead-tipped report on Thursday alleging that Chinese military operatives have engaged in an unprecedented espionage campaign: Planting minuscule spy-chips on server motherboards that wound up inside “almost 30” companies, ranging from Apple to Amazon. While squishy on technical details, the magazine claimed that members of the People’s Liberation Army snuck rice grain-sized microchips onto these key IT infrastructure components during the manufacturing process, and the spies thereby gained, effectively, god-like powers over the machines.
There’s just one hitch: Just about every named organization has rejected the report. Supermicro, the business whose motherboards were said to contain the hardware backdoors, disputed the story. Amazon echoed the rebuttal. And Apple said it had “never found” anything like what Bloomberg described, “never had any contact with the FBI or any other agency about such an incident,” and was “not aware of any investigation.” (China’s Ministry of Foreign Affairs did not outright reject the report, but described its claims as “gratuitous accusations and suspicions.”)
This is all very troubling. Did China subvert a global technology supply chain upon which the world’s economy is built? Did it so imperil international relations? Or is the story off the mark?
Bloomberg said its reporting derived from 17 unnamed sources, including “senior Apple insiders” and “senior national security officials.” Without more transparency, it’s hard to assess the piece’s veracity. While one might wish for greater openness, national security matters of equal gravity often necessitate secrecy. So the world is left to speculate.
This is a story worth paying attention to. Given the strongly worded denials from all parties involved, one must proceed with skepticism. It seems tremendously convenient that the report appeared now, just as talk of a trade war between the U.S. and China gets boiling. It makes me wonder, who might have agenda to push? Context seems an important factor to consider.
It’s likely there is truth in the piece, but in which parts remains an open question.
Have a great weekend.
Robert Hackett
@rhhackett
robert.hackett@fortune.com
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
THREATS
Rope-a-dope. The U.S. Justice Department charged seven Russian military intelligence officers with a number of hacking-related crimes on Thursday. The Russian spies allegedly ran a disinformation campaign—including wire fraud, identity theft, and money laundering—that targeted hundreds of athletes and anti-doping officials in retaliation for the exposure of a Russian state-sponsored doping program. "All of this was done to undermine those organizations' efforts to ensure the integrity of the Olympic and other games," said Assistant Attorney General for the National Security Division John Demers at a news conference.
A piece of the puzzle. Jigsaw, an Alphabet unit that builds security, privacy, and anti-censorship tools, has released a new app called Intra. The app is designed to block DNS manipulation attacks, a censorship tactic that certain nation-states, like Venezuela and Turkey, have used to intercept and block or redirect website visits by their populations. Jigsaw said the tool will be embedded by default into the next version of Google's mobile operating system, Android Pie.
No fly zone. Google CEO Sundar Pichai paid a quiet visit to the Pentagon following the tech giant's decision not to renew a contract supplying AI tech to a military program, The Washington Post reports. Pichai supposedly sought to smooth over tensions after his company backed out of the defense deal, which involved analyzing video captured by drones. Thousands of employees had objected to the program, dubbed Project Maven.
Please re-enter password. California has signed into a law a bill that will require manufacturers of Internet-connected devices to create unique passwords for each device made or sold in the state. In other words, manufacturers of said devices can no longer use generic, pre-programmed passwords like "admin" or "password" to secure their products. If they do, customers have the right to sue for damages.
From masterpiece to master pieces.
Share today's Data Sheet with a friend:
http://fortune.com/newsletter/datasheet/
Looking for previous Data Sheets? Click here.
ACCESS GRANTED
"Pulling a Facebook." Recent moves by Google have some technical experts worrying the company is, inch by inch, selling out the trust it has built with users in favor of revenues. Among the transgressions: linking people's Chrome browsers to their Google accounts by default, striking a secret deal with Mastercard for people's credit card data, and exploring a censorship-friendly web browser for China. Matthew Green, an assistant professor at Johns Hopkins University who teaches cryptography, wrote a column for Slate explaining why he is turning his back on Google products.
In short, I fear Google is well on the way to becoming a different kind of company, and it worries me. This is not because I inherently love Google—it’s a profit-making entity, and its shareholders will always come before me. But I worry that it is increasingly trading away my trust for short-term benefits. Even worse, this course change indicates that companies’ self-interest in maintaining user trust may not be a match for the business pressures that drive them to become more intrusive.
FORTUNE RECON
The U.S.-China Cold War Has Begun by Clay Chandler
Does Facebook Have a Cyberattack Plan? If So, We Need to See It by Bugra M. Gezer and Shiva Rajgopal
Twitter Had a 'Fake News Ecosystem' Around the 2016 Election, Study Says by Don Reisinger
Fitbit Data Implicates Another Murder Suspect, This Time a 90-Year-Old Man Accused of Killing His Stepdaughter by Grace Dobush
Why Boeing's CEO of Defense Takes Trump's Idea of a Space Force Seriously by Beth Kowitt
Google CFO Ruth Porat: When It Comes to Data Privacy, 'We Need to Constantly Raise the Bar on Ourselves' by Andrew Nusca
A Convincing, New Phone Phishing Scam Wants Your Banking Secrets. Here’s How to Stay Secure by Glenn Fleishman
Startup CloudKnox Scores $10 Million Investment to Prevent Cloud Catastrophes by Robert Hackett
'It's a Bunch of Bunk.' Apple CEO Tim Cook on Why Tech Firms Don't Need All Your Data—and Why Apple Expelled Alex Jones by David Meyer
You’ll Be Using Quantum Computers Sooner Than You Think by Vern Brownell
ONE MORE THING
The Prince and the Pauper. A jet-setting, diamond-binging, sports car-splurging man known to investors the world over as His Royal Highness Khalid bin al-Saud—a self-proclaimed son of the Saudi Arabian king—was exposed as an alleged "epic con artist" by U.S. prosecutors in November. The man, whose real name is Anthony Enrique Gignac, is said to have begun life as a Colombian orphan, later adopted by a middle class couple from Michigan. Vanity Fair tells the unbelievable story of an international man of mystery.
