Around the Watercooler: Bloomberg “Big Hack” Edition

What do a former NSA hacker, a former defense contractor, and an expert in microcontroller hardware all have in common?

They now all work here at Cylance, and they are among a number of security experts we asked to weigh in on the still-unfolding, bombshell news article first reported by Bloomberg in early October.

For the unaware, Bloomberg’s cover story, The Big Hack, alleged the existence of a Chinese government espionage operation which sought to compromise the supply chain of a motherboard manufacturer called Supermicro by inserting microchips into them that would allow them to spy on American technology giants, including Apple and Amazon.

If true, the story holds enormous consequences for U.S. national security.

Even if not true, there have already been significant implications for Supermicro. The company has already lost 40% of their stock value at market open the morning the story ran – a real world, tangible consequence to what might be thought of as an otherwise “niche” cyber story.

Suffice to say, Bloomberg’s story has stirred quite a bit of controversy.

The story has already drawn swift, detailed, and forcefully-worded responses from Amazon, Apple, and others, which were then echoed by official statements made by the U.S. Department of Homeland Security and its British partner, the National Cyber Security Center. Even former White House Cyber Coordinator Rob Joyce cast doubt on it publicly.

But Bloomberg has stood by its story, and even published a follow-on story with more detail regarding impact in the U.S. telecommunications sector.

China’s official response (as quoted in Bloomberg) was intriguing in that it suggested that they were victims of supply chain compromise too, with a wink and a nudge at the U.S. government.

On Monday of this week, news reports indicated that the CEO of (Read more...)

*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by The Cylance Threat Intelligence Team. Read the original post at: