When the story broke last week, though, the U.S. intelligence agencies were quiet, but the Department of Homeland Security stepped in over the weekend to say that although the agency is aware of Bloomberg's report, it has "no reason to doubt" the statements made by the two companies. "The NCSC engages confidentially with security researchers and urges anybody with credible intelligence about these reports to contact us".
Both Amazon and Apple strongly refute the story.
"The Department of Homeland Security is aware of the media reports of a technology supply chain compromise", the agency said. According to Bloomberg, these servers wound up in the data centers of nearly 30 companies, including Apple and Amazon.
Upon Further Review: No. 1 Alabama at Arkansas
Rakeem Boyd also caught a 21-yard pass on a wheel route and Deon Stewart had a 16-yard reception on the possession. The Tide (6-0, 3-0) reeled off a 99-yard TD drive in just five plays after that fumble to take a 28-7 lead.
The Bloomberg report claimed that the chips, which were the size of a pencil tip and allegedly ended up in server boards used by nearly 30 companies as well as government agencies, compromised entire data centres operated by Amazon and Apple. "Apple's proprietary security tools are continuously scanning for precisely this kind of outbound traffic, as it indicates the existence of malware or other malicious activity", it stated. As the Register wrote, Apple and Amazon's denials were unusually firm, and it's possible that government sources overplayed the threat-though the site also found it "inconceivable that [Bloomberg] would publish a story this huge that wasn't watertight".
Apple and Amazon, the largest two companies which were connected to the allegedly affected supplier Super Micro, issued strong denials in response to the report last week. In addition, he notes that there are "many operational issues" using "non-directed HW [hardware] backdoors at scale as described [in the report]". This is what had been alleged in a recent article by Bloomberg BusinessWeek. DHS said they have no reason to doubt them or believe otherwise.
Apple contested the Bloomberg report on Thursday, saying its own internal investigations found no evidence to support the story's claims and that neither the company, nor its contacts in law enforcement, were aware of any investigation by the FBI on the matter.
"In essence, this story seems to pass the sniff test", says Theo Markettos, who is on the security team at Cambridge University's Computer Lab. "If I wanted to do this, this is how I'd do it".