Official statement from DHS:
The Department of Homeland Security is aware of the media reports
of a technology supply chain compromise. Like our partners in the
UK, the National Cyber Security Centre, at this time we have no
reason to doubt the statements from the companies named in the
story. Information and communications technology supply chain
security is core to DHS’s cybersecurity mission and we are
committed to the security and integrity of the technology on which
Americans and others around the world increasingly rely. Just this
month — National Cybersecurity Awareness Month — we launched
several government-industry initiatives to develop near- and
long-term solutions to manage risk posed by the complex challenges
of increasingly global supply chains. These initiatives will build
on existing partnerships with a wide range of technology companies
to strengthen our nation’s collective cybersecurity and risk
For me, having the current U.S. government weighing in publicly on this issue does not fill me with any sense of confidence or reassurance on either side of this story.
But, still: Bloomberg’s Big Hack story should eventually be fully-corroborated, if true. According to their report, there are thousands of compromised servers out there. If there are, security experts will eventually identify these rogue chips and document them.
And whatever you think of a statement from DHS, from what I’ve heard, this is only beginning. Apple is not letting this go.
★ Sunday, 7 October 2018