I believe bloomberg myself
Though I am obviously biased I suppose as I have had a small fear about this exact kind of thing since Lenovo bought IBM's Thinkpad line.
Fortunately I don't have anything of value that the Chinese would want. After being a die hard Thinkpad fan for many years when Lenovo bought them I swore off of them for 11 years - I used Toshiba in between. I am on Thinkpad again after I guess I accepted whatever could happen to Lenovo Thinkpad is just as likely to happen to Toshiba (that and Toshiba didn't have the hardware I was looking for at the time).
I've read conflicting comments on whether or not this kind of thing is possible, and to me based on history of other sorts of surveillance activities from other countries I absolutely have to be on the side of the fact that is probable this happened given the resources of a country like China. I'm just as likely to believe something similar could happen in the U.S. as well with NSA/CIA whomever. I also totally believe that the intelligence community is pissed off at the report for revealing that they knew what China was doing. They'd rather keep that secret so they can continue monitoring and quietly contain it.
I'm just hoping some day to see another Snowden-style leak of internal documents that say yes this did in fact happen, and those paranoid folks were right all along. Sort of reminds me of the early days of the reveals about the taps that the NSA had at AT&T facilities. As a AT&T data center customer at the time I joked with their staff about it, but really didn't surprise me, I continued as their customer until I moved to another job.
Some folks say why didn't more places encounter this well the answer seems obvious they targeted the attacks to lessen the likelihood of it being detected, like any good APT.
Certainly sucks for Supermicro right now though I'd suspect the vast vast majority(99.99%) of their customers have nothing to worry about(as they are not juicy targets). I run (1) supermicro server myself in a colocation in the bay area. I was thinking about getting a new one as that one is 7 years old. This report does nothing to sway my opinion either way.
However I wouldn't be caught dead running supermicro in mission critical production (again, this report has absolutely nothing to do with that either, just based off of ~18 years off and on of using their hardware). I do realize of course some 3rd party appliances I have may very well have supermicro hardware on the inside, but at least those are managed by the vendor as in I don't have to worry about diagnosing strange hardware faults or asking fortune tellers what changes are in the latest firmware, and don't have to worry about resetting all configurations to defaults when flashing said firmware(and the obvious negative implications from doing so from a remote location -- my critical servers are 2,400 miles away from my home)
To me at the end of the day this is hopefully a good thing in that it would raise awareness. I think it's totally possible for similar things to happen to other manufacturers as well even the big guys like HP and Dell. The trend of racing towards the bottom on pricing really puts pressure on the abilities for companies to be willing to be extra vigilant.
Biting the hand that feeds IT
