A weird followup to the second Bloomberg Supermicro story: Patrick Kennedy of talks directly to Yossi Appleboum of Sepio Systems, a source for the Bloomberg article, who seems to think the story isn't about Supermicro at all.

<<We found it in different vendors, not just Supermicro. We found it not just in servers, in different variations, but hardware manipulation on different interfaces, mostly in network related. >>

<< We found it in different devices connected to the network, even Ethernet switches. I am talking about really big what are considered to be major American brands, many compromised through the same method.

This is why I think that Supermicro has nothing to do with that. In many cases, by the way, it is not through manufacturing, it is after through the supply chain.>>

<<Summarizing Supermicro’s fault in this, he said:

I think they are innocent and someone is using them to dilute the story instead of mitigating the threat. Please help me, them, and everyone else to understand that the problem is bigger. Dealing with this as a Supermicro problem will ruin the opportunity to face the reality that we need to fix it.>>

It is starting to look as if the Bloomberg reporters really don't have any clue.

@ultimape @natecull
Both the DHS and the GCHQ have issued press releases claiming that no such hardware exists. That's really fuckin' weird. Makes me think this is a 5eyes operation.

@enkiv2 @ultimape

I think the denials are more specific than that. Not that the hardware doesn't exist (the vector has existed for years, hardware can always be created) but that the specific companies named did not report the specific intrusion events named to the specific agencies named.


Given the fact that Chinese spyware has been found practically everywhere, I'm inclined to believe the reports.

@enkiv2 @natecull

@natecull The only confirmed threat I'm getting out of all this is Bloomberg.

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!