Spy chips story, disputed by cloud providers, could stoke growing US tensions over Chinese espionage

Key Points
  • Equipment manufactured by Super Micro contained microchips used for spying by China that made their way into Apple and AWS data center equipment, according to a Bloomberg report.
  • All three companies strongly dispute the report.
  • Tensions over the prospect of third-party spying by China are high. On Wednesday, the U.S. Department of Homeland Security cybersecurity agency warned companies using managed service providers that cyberattacks and espionage campaigns may be waged through them.
Jeanette Manfra, Deputy Undersecretary for Cybersecurity at the Department of Homeland Security. 
Joshua Roberts | Reuters

A Bloomberg BusinessWeek report that Chinese equipment manufacturer Super Micro may have allowed microchips used for spying into U.S. data center equipment run by AWS, Apple and others is likely to stoke trade tensions between the two nations over alleged espionage.

Apple and AWS strongly dispute the Bloomberg report.

Just Wednesday, the U.S. Department of Homeland Security urged companies to protect against cyberthreats from their managed service providers. It was the latest warning in a long series of ramped-up concerns over espionage from nation-states involving third-party products and services.

The U.S. Computer Emergency Response Team, which provides disaster response and warnings about serious cybersecurity issues, published an alert that nation-states have been using shared cloud services and managed service providers — like those that provide outsourced handling of corporate functions — to launch advanced attacks and espionage campaigns against critical U.S. companies.

The attacks have resulted in a variety of adverse consequences, including lost sensitive information, disruption of operations and leaks of proprietary material, according to the US-CERT. The agency said victims of the attacks have included information technology firms, health-care companies, communications providers and manufacturers. It did not identify them.

China is not mentioned in the warning, but government agencies have grown increasingly wary about how vulnerable U.S. infrastructure may be to Chinese espionage, said Tom Kellermann, chief cybersecurity officer for security company Carbon Black and a former top cybersecurity official for the World Bank.

"China's activities in this area have only become ramped up in recent years, particularly as trade tensions between China and the U.S. have increased," he said.

More action on several fronts

The Department of Justice has also boosted enforcement and rhetoric about espionage activities waged against corporations and enterprise infrastructure from China in recent months

On Sept. 25, a Chinese national identified as Ji Chaoqun was arrested in Chicago following a complaint accusing him of acting on behalf of Beijing to recruit spies from government contractors in the Midwest. Ji has denied the charges. The complaint is one of several in recent years calling out what the U.S. says are Chinese government-sponsored campaigns to steal huge amounts of U.S. intellectual property for use both by the government and competitively at Chinese-owned businesses.

How do you stop a cyberwar?

A focus on manufacturers

China has repeatedly denied a role in espionage against the U.S. In August, Hua Chunying, a spokeswoman for China's foreign ministry, countered hacking claims by President Donald Trump, saying: "We are firmly opposed to all forms of cyberattacks and espionage."

Equipment manufacturers have recently been targeted by the Trump administration, putting pressure on many large technology companies with roots in China.

In July, the administration moved to block China Mobile from entering the U.S. market over "national security" fears. In August, mobile manufacturers Huawei and ZTE were banned for use in U.S. government agencies, in a bill signed by Trump. Earlier this year, digital surveillance camera maker Hikvision was also the subject of scrutiny after allegations the equipment, used on several military bases and overseas embassies, was capable of sending images back to China. (Some military officials disputed this view. In January 2018, U.S. Army Col. Christopher Beck said the decision to replace the Hikivision cameras was based on concerns about "negative perception" rather than actual security risk.)

Huawei and ZTE have denied claims their technology has been used for espionage. Hikvision has said the alleged security vulnerabilities were bugs that have since been fixed.

"Chinese commercial technology is a vehicle for the Chinese government to spy on United States federal agencies, posing a severe national security threat," Rep. Mike Conaway, R-Texas, said in January. "Allowing Huawei, ZTE, and other related entities access to U.S. government communications would be inviting Chinese surveillance into all aspects of our lives."

Correction: The allegations against Hikvision's cameras were that they were capable of sending data back to China. There were no allegations that CNBC is aware of that they were actually doing so. 

WATCH: Huawei fires back at proposed FCC rule

Huawei fires back at proposed FCC rule