Security Market Segment LS
Wednesday, 10 October 2018 09:39

Bloomberg says big US telco hit by hardware tampering Featured

By
Bloomberg says big US telco hit by hardware tampering Pixabay

Apparently undeterred by strong criticism of a supply chain attack story it published last week, Bloomberg has put out another yarn, dealing with a similar theme, this time about a "major US telecommunications company" that allegedly encountered doctored hardware made by the US company Supermicro Computer.

Tuesday's story, written by Jordan Robertson and Michael Riley — the same reporters who filed a yarn last week claiming that chips are being implanted by a Chinese contractor on server motherboards sold by Supermicro and being used to spy on some companies — alleges that a security expert working for the telco in question found evidence of tampering.

Last week's story has been met with strong denials from Apple and Amazon, two companies named as being affected. It has also been contradicted by the US Department of Homeland Security and the British National Cyber Security Centre.

Additionally, a senior Apple security official wrote to the US Congress directly saying there was no evidence to back Bloomberg's claims while a former general counsel of the company said he had asked the FBI about the charges and been told that the agency knew nothing about it.

In Tuesday's story, headlined "New evidence of hacked Supermicro hardware found in US telecom", Bloomberg cited Yossi Appleboum, whom it described as a security expert working for Sepio Systems and a former hacker with the Israeli Army Intelligence Corps, as saying "unusual communications from a Supermicro server and a subsequent physical inspection revealed an implant built into the server’s Ethernet connector, a component that's used to attach network cables to the computer".

The story did not name the US telco in question. The website Motherboard  said it had contacted 10 major American providers and the four biggest companies — AT&T, Verizon, Sprint and T-Mobile — had denied they had been attacked. CenturyLink also issued a denial.

Bloomberg included a statement from Supermicro in Tuesday's story, again denying that any of its hardware had been compromised. The company said: "We are dismayed that Bloomberg would give us only limited information, no documentation, and half a day to respond to these new allegations.” To that, Bloomberg said Supermicro had been given 24 hours to respond.

The story also mentioned that Supermicro shares had fallen 47% after the first story on Thursday last week. After the new story appeared, the company's stock fell by 27%.

As iTWire has reported, citing a Business Insider story from 2013, Bloomberg has a practice of paying higher annual bonuses to those who write stories that move markets. The first story resulted in Lenovo shares falling by as much as 23% across Asia on Friday, while the stocks of ZTE Corporation, China's biggest telecommunications equipment maker, fell by about 14% in Hong Kong trading. And both Apple and Amazon lost a little less than 2% of their value following the report.

According to Tuesday's story, the tampering was done on an Ethernet connector, which it said appeared to be similar to a method used by the NSA, the details of which were leaked in 2013.

Further, it said that this made the server that had tampered equipment appear as two devices on the network. "The legitimate server was communicating one way, and the implant another, but all the traffic appeared to be coming from the same trusted server, which allowed it to pass through security filters," is how it was described.

Meanwhile, in a development related to last Thursday's story, hardware security expert Joe Fitzpatrick, who was briefly quoted by Bloomberg in that story, gave an interview to the podcast Risky Business in which he said he was not comfortable with the story.

Fitzpatrick also said that it appeared that various hypothetical situations he had outlined to Robertson had been adapted in the story to appear as if they had actually transpired.

"It was surprising to me that in a scenario where I would describe these things and then he would go and confirm these and 100 percent of what I described was confirmed by sources," was how he put it.

And he hinted that the report may have cited him as an anonymous source at a different point in the story from the place where he was quoted.


Subscribe to ITWIRE UPDATE Newsletter here

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments