I don’t know if I read that particular piece, but I was certainly aware of the Bloomberg article at the time. I also remember it being (at least) borderline xenophobic; a great deal of what passed for “argument” was the repeated fact that the Supermicro managers (from Taiwan) and their personnel in mainland China both spoke Mandarin, while the American personnel didn’t. I was at the time, and remain, skeptical, not least because Bloomberg isn’t a publication I’d expect to have both reporters and editors sufficiently knowledgeable to vet such a story (but then, would you expect a lawyer to have a well-informed opinion on this subject?). And, of course, in what’s now a year and a half since the piece first appeared, there’s still no smoking gun.
You don’t think NSA could operate in a plant in, say, Taiwan? Or Latvia? With or without the cooperation of the local government?
While the Bloomberg article is (IMO) fanciful, and while I don’t believe the specific hack it claims actually did happen, it highlights a real concern for security of your supply chain. If your IT equipment, or major components of that equipment, are manufactured in not-completely-friendly countries (which sadly includes the US, even for US citizens/residents), that’s a risk you’ll need to assess and mitigate or tolerate. And this will be a concern with any manufacturer’s products–unless you’re completely vertically integrated (every step of the process, from the mine/well to the finished product, is under your control), you’re going to be relying on another party to provide you something. And that something could be defective or even malicious.
But as this applies to Supermicro, it also applies to Dell, HP, and Synology. And I suspect that if you aren’t either a state-level actor or a major corporation, the risk is quite minimal.