Intel warned some companies including Chinese tech firms; of the Spectre and Meltdown security flaws before notifying the U.S. government; The Wall Street Journal reported. The flaws were first discovered by Google’s Project Zero team in June of last year. Intel held off on disclosing the issue while it worked on possible fixes. The company planned to announce on January 9; but The Register revealed the story on January 2. The company then verified the news the next day.
Intel Warned Some Companies of Spectre and Meltdown
Intel did apprise some major tech firms to limit the potential loss and support work on fixes. A spokesperson from the Department of Homeland Security told that; the department did not discover the flaws until the story surfaced, however. Homeland Security is usually apprised of such matters before the public and often serves as a source of direction for how to address them.
The NSA was also unaware of the predicament. Rob Joyce, the White House’s top official on subjects of cybersecurity; posted out a tweet saying that the NSA was unaware of the vulnerabilities.
Here’s the Tweet
I think he’s twisting the truth – sort of like ODNI and DIRNSA claims about collection. For the record, I also don’t think he believes he’s being dishonest since he’s answering some form of the imperfect question posed to him.
— Jake Williams (@MalwareJake) January 12, 2018
Intel denied naming any of the companies it notified before the scheduled January 9 release. That being said, some of the companies had been recognized; including Microsoft, Chinese computer manufacturer Lenovo, Amazon, and Chinese cloud-computing firm Alibaba Group Holding. A spokesperson from Intel stated that it had proposed to brief others, including the U.S. government; before the January 9th report. However, the company said that it could not do so since the story arrived sooner than expected.
Jake Williams, a former employee of the National Security Agency and current president of Rendition Infosec LLC; told the Wall Street Journal that the Spectre and Meltdown vulnerabilities would have been of great interest to any intelligence organization.
Williams also cautioned that it is a “near certainty” that the Chinese government was conscious of Spectre and Meltdown before the U.S; given that the Communist Party strictly monitors such communications.
Representatives from the Chinese government did not comment on this story; that says Intel warned some companies of potential security flaws. However, in the past, the country’s foreign ministry has said that; it is “resolutely opposed” to all forms of hacking.