According to Bloomberg News, Appleboum has ample technical documentation to back up his findings, but presumably sharing it with other parties would violate his non-disclosure agreement by revealing the identity of his telecom client.
'Unusual communications from a Supermicro server and a subsequent physical inspection revealed an implant built into the server's Ethernet connector, a component that's used to attach network cables to the computer, ' the paper reports Appleboum as confirming, citing 'documents, analysis and other evidence of the discovery' provided by Appleboum to its reporters in support of the claim. "In light of your important leadership roles in Congress, we want to assure you that a recent report in Bloomberg Businessweek alleging the compromise of our servers is not true", Apple's vice president of information security George Stathakopoulos wrote in the letter. "Supermicro is a victim", he told the publication.
Appleboum said his concern is that there are countless points in the supply chain in China where manipulations can be introduced, and deducing them can in many cases be impossible. Neither adage proves nor disproves the claims of a highly sophisticated supply-chain attack infiltrating the world's most powerful organizations.
Supermicro, based in San Jose, California, gave this statement: "The security of our customers and the integrity of our products are core to our business and our company values". "We take care to secure the integrity of our products throughout the manufacturing process and follow rigorous industry quality and security standards". We still do not know any unauthoriszed components and have not been informed by any customer that such components have been found. But notably he goes on to state that "he was told by Western intelligence contacts that the device was made at a Super Micro subcontractor factory in Guangzhou, a port city in southeastern China". AT&T flatly denied it was the telecom company in question, while Verizon, T-Mobile, and Sprint declined to comment on the story.
FitzPatrick raised his concerns with Bloomberg as the story was initially described to him before publishing - "Wow, this doesn't make sense", he remembers as his reaction - and after publishing, in an email, but both times was reassured that other sources had corroborated the details of the hacking.
'Real Housewives' husband Joe Giudice to be deported
Giudice was born in Saronno, Italy, but moved to New Jersey with his family as a child and never obtained US citizenship. The Giudices both served time behind bars after pleading guilty to multiple fraud charges.
Supermicro, however, had some stuff to say that threw some shade at Bloomberg.
Now, one of the few named sources in the original story - Joe FitzPatrick, a hardware security expert, who is only quoted in relation to a hypothetical scenario where a piece of "hardware opens whatever door it wants" - says he highly doubts the report is accurate. "The fact is, China's chip technology is still at a primary stage".
"Implanting a chip to crack [the server] without a trace is not possible as Chinese companies only assemble the components designed by the vendors. I don't see it", said Joyce, who is also a former White House cybersecurity coordinator.
While the hardware manipulation reported Tuesday is different from the one described last week, Bloomberg said they shared key characteristics, namely that they were both created to "give attackers invisible access to data on a computer network in which the server is installed".
Taylor Swift Teases 'The Next Chapter' at AMAs 2018
Karyn is the name given to the snake that Taylor has adopted since she kicked off her Reputation tour in May this year. I gotta prove people wrong because they said I wasn't going to make it after I had a baby", she said from the stage.