Apple tells Congress that global supply chain wasn’t compromised

Apple Inc. told US lawmakers that its servers weren’t compromised and sought to assure them that the company’s global supply chain is secure.

In a letter to the chairmen and ranking Democrats on the House and Senate Commerce committees, the Cupertino-based company on Monday disputed a Bloomberg report that Chinese spies used a microchip to infiltrate American computer networks. The letter, signed by Apple’s vice president for information security, George Stathakopoulos, offered additional briefings for staff members of the committees.

“Individuals, communities, and nations depend on the security and integrity of our shared technological infrastructure,” the letter said. “We at Apple hold this responsibility sacrosanct, and we will continue to dedicate intense focus on keeping ahead of the hackers, cybercriminals, and even nation states that hope to steal data and harm user faith in the potential of technology to build a better world.”

Bloomberg Businessweek reported on Thursday that Chinese spies exploited vulnerabilities in the US technology supply chain to infiltrate the computer networks of almost 30 US companies, including Apple, Inc., a major bank, and government contractors. Among the targets was a contractor that made software to help funnel drone footage to the Central Intelligence Agency and communicate with the International Space Station.

The infiltration of the computer systems, which stemmed from servers assembled by Super Micro Computer Inc., was investigated as part of an FBI counter-intelligence probe, according to national security officials familiar with the matter.

Investigators found that tiny microchips, not much bigger than a grain of rice, had been inserted during manufacturing in China onto equipment made by subcontractors of Super Micro. The San Jose, California-based company is one of the world’s biggest suppliers of server motherboards, the fiber-mounted clusters of chips and capacitors that act as neurons of data centers.

In emailed statements, Amazon, Apple and Super Micro disputed Bloomberg Businessweek’s reporting. In an emailed statement, the Chinese government said in part “we hope parties make less gratuitous accusations and suspicions but conduct more constructive talk and collaboration.”

Investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines, according to people familiar with the matter.

Stathakopoulos, in the letter, said the company did not alert the FBI to any security issues, and Apple’s internal investigations contradict the allegations in the article. He detailed the security measures Apple takes to screen vendors for any vulnerabilities and detect all threats “simple and sophisticated.”