But that’s just what U.S. investigators found: The chips had been inserted during the manufacturing process, two officials say, by operatives from a unit of the People’s Liberation Army. In Supermicro, China’s spies appear to have found a perfect conduit for what U.S. officials now describe as the most significant supply chain attack known to have been carried out against American companies.
One official says investigators found that it eventually affected almost 30 companies, including a major bank, government contractors, and the world’s most valuable company, Apple Inc. Apple was an important Supermicro customer and had planned to order more than 30,000 of its servers in two years for a new global network of data centers. Three senior insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards. Apple severed ties with Supermicro the following year, for what it described as unrelated reasons.
Both Apple and Amazon aggressively deny the reports, but such was to be expected – these companies aren’t going to openly admit their products and data could be vulnerable to sophisticated Chinese hacking attempts. In addition, especially Apple is beholden to remaining in the Chinese government’s good graces, and won’t openly admit they’re being targeted by them – like no other company in the world, Apple is dependent on China, because no other country has the manpower, labour laws, and welcoming totalitarian government required to build the massive amount of devices Apple orders from China.
None of this should surprise anyone, and further illustrates that any company – especially major ones – claiming their products are secure and privacy-focused have really no way of guaranteeing as such. Whether it be domestic carriers snooping in on internet traffic or the Chinese government adding small microchips to hardware, nothing is secure or private.