Those claims were never confirmed, no? Some of it might be true or trueish but I'm not talking Bloomberg's anonymous sources word for it, and with so much supermicro gear out there you would think some other evidence would show up.
alephnerd•41m ago
A supply chain attack similar to Supermicro's would be much more targeted and recalls with national security implications do get flagged via a separate chain.
protimewaster•39m ago
It depends on what you consider confirmed. It was kind of corroborated, at least. There was a CEO of a hardware security firm that came forward after the original article. He claimed that his firm had actually found a hardware implant on a board during a security audit. It wasn't exactly as Bloomberg described, though.
His take was that it was very unlikely that it impacted exclusively Supermicro, though.
I don't think it was a confirmed story. That is, the tiny "grain of rice" size Ethernet module that CEO of a security audit company allegedly found, was not present in other SuperMicro servers. SuperMicro itself, as well as it's buggest customers did not confirm the findings.
From what i recall, the story was very vague, there were no pictures of the specific chip, no pictures of the motherboard of the motherboard that would include serial, i.e. no details that would accompany a serious security research.
throwa356262•45m ago
Didn't that turn out to be incorrect?
Multiple security companies looked into this and found nothing malicious.
alephnerd•44m ago
Nope. Bloomberg doubled down on it and even Bruce Schneider accepted it despite initially being a skeptic.
tumult•39m ago
No evidence was ever presented and nobody ever found anything, as far as I can tell?
protimewaster•36m ago
There was a security auditing firm that came out a few days later claiming they'd found a chip, similar to the one Bloomberg described, during a security audit.
It's still nothing concrete, though. Their CEO basically said that they'd found one and that they couldn't say much more about it due to an NDA.
protimewaster•38m ago
There also was a CEO of a hardware security company that came out and said that his firm had found an implanted chip during an audit. IIRC, he was convinced that it was very unlikely to be limited to Supermicro hardware.
alephnerd•29m ago
> he was convinced that it was very unlikely to be limited to Supermicro hardware
Yep. This was why there was a significant movement around mandating Hardware BOMs in both US and EU procurement in the early 2020s.
Also, the time period that the Bloomberg story took place was the late 2000s and early 2010s, when hardware supply chain security was much less mature.
unsnap_biceps•35m ago
I don't believe that there was ever extra chips being added to the boards, but what I could believe is that they shipped with firmware on specific chips that enabled data exfiltration for specific customers and due to a game of telephone with non technical people it turned into "they're adding chips inside the pcb layers!"
greedo•28m ago
Schneier was simply taking at face value the contents of the Bloomberg article, especially the statement by Mike Quinn who claimed he was told by the Air Force not to include any Supermicro gear in a bid.
Bloomberg's tech coverage is not great from what I've seen. Last year they published a video which was intended to investigate GPUs being smuggled into China, but they couldn't get access to a data center so they basically said we don't know if it's true or not. Meanwhile an independent Youtuber with a fraction of the resources actually met and filmed the smugglers and the middlemen brokering the sales between them and the data centers. Bloomberg responded by filing a DMCA takedown of that video.
vicchenai•1h ago
The timing is brutal - SMCI already had the accounting restatement scandal in 2024, spent months fighting delisting, finally got somewhat rehabilitated in the AI infrastructure boom... and now this. 25% single-day drop on a company that was already trading at a discount to peers tells you the market was still pricing in tail risk. For anyone tracking institutional holdings - the 13F filings from Q4 showed several funds adding back SMCI after the accounting mess cleared up. Those bets just got very painful.
It's sad to see what's happened to SuperMicro. They were one of the few vendors of server-grade hardware fitting standard ATX, mATX, and ITX form factors. In my experience their hardware was always better than the others who attempted to do the same (Gigabyte, Asus, ASRock). These days, motherboards with the features I want are going to be on AliExpress. Ironic considering this latest news is about putting trade barriers between the US and mainland China.
int32_64•16m ago
Remember when Singapore buyers were an abnormally high percentage of nvidia's revenue? You have to wonder if these companies are this brazen because they know the DoJ will have political pressure not to nuke the bubble which is more important than being China hawks.
simonebrunozzi•16m ago
So, good time to buy on the panic?
czbond•6m ago
If you do, you could protect yourself with a sell stop below $17.25... because if it breaks that on weekly candles, next are $14 and $10.
Not investment advice, do you own research.
simonw•13m ago
I'd been assuming that the Chinese AI labs producing excellent LLMs despite the NVIDIA export restrictions was due to them finding new optimizations for training against the hardware they had access to.
I wonder if any of those $2.5B of smuggled chips ended up being used for those training runs.
alephnerd•1h ago
[0] - https://www.bloomberg.com/news/features/2018-10-04/the-big-h...
[1] - https://www.bloomberg.com/features/2021-supermicro/
[2] - https://www.schneier.com/blog/archives/2021/02/chinese-suppl...
[3] - https://www.theinformation.com/articles/apple-severed-ties-w...
progbits•55m ago
alephnerd•41m ago
protimewaster•39m ago
His take was that it was very unlikely that it impacted exclusively Supermicro, though.
It was covered various places, including The Register https://www.theregister.com/2018/10/09/bloomberg_super_micro...
kantselovich•17m ago
From what i recall, the story was very vague, there were no pictures of the specific chip, no pictures of the motherboard of the motherboard that would include serial, i.e. no details that would accompany a serious security research.
throwa356262•45m ago
Multiple security companies looked into this and found nothing malicious.
alephnerd•44m ago
tumult•39m ago
protimewaster•36m ago
It's still nothing concrete, though. Their CEO basically said that they'd found one and that they couldn't say much more about it due to an NDA.
protimewaster•38m ago
alephnerd•29m ago
Yep. This was why there was a significant movement around mandating Hardware BOMs in both US and EU procurement in the early 2020s.
Also, the time period that the Bloomberg story took place was the late 2000s and early 2010s, when hardware supply chain security was much less mature.
unsnap_biceps•35m ago
greedo•28m ago
frenchtoast8•25m ago
Bloomberg's tech coverage is not great from what I've seen. Last year they published a video which was intended to investigate GPUs being smuggled into China, but they couldn't get access to a data center so they basically said we don't know if it's true or not. Meanwhile an independent Youtuber with a fraction of the resources actually met and filmed the smugglers and the middlemen brokering the sales between them and the data centers. Bloomberg responded by filing a DMCA takedown of that video.