Slashdot Mirror
In an Unprecedented Move, Apple CEO Tim Cook Calls For Bloomberg To Retract Its Chinese Spy Chip Story (buzzfeednews.com)
John Paczkowski and Joseph Bernstein, reporting for BuzzFeed News: Apple CEO Tim Cook, in an interview with BuzzFeed News, went on the record for the first time to deny allegations that the company was the victim of a hardware-based attack carried out by the Chinese government. And, in an unprecedented move for the company, he called for a retraction of the story that made this claim. Earlier this month Bloomberg Businessweek published an investigation alleging Chinese spies had compromised some 30 US companies by implanting malicious chips into Silicon Valley bound servers during their manufacture in China. The chips, Bloomberg reported, allowed the attackers to create "a stealth doorway" into any network running on a server in which they were embedded. Apple was alleged to be among the companies attacked, and a focal point of the story. [...] "We turned the company upside down," Cook said. "Email searches, datacenter records, financial records, shipment records. We really forensically whipped through the company to dig very deep and each time we came back to the same conclusion: This did not happen. There's no truth to this." A Bloomberg spokesperson said, "We stand by our story and are confident in our reporting and sources."
... he would be suing, not asking for a retraction.
This is different than Trump demanding that the NY Times retract stories, right? I think both emperors have been caught with their pants down.
Probably some republican ploy to reduce chinas grip on making stuff (and it's huge!)
I'll be interesting to trace the story back to it's roots (ie, start asking the writer lots of questions). The answers should be most interesting (and also should be fact checked to make sure the little sh*t isn't lying more)
I'd be willing to bet this is actually true and the companies don't want to publically admit it and have to recall billions are dollars in tech and they probably convinced the government it would be detrimental to the companies and rhwbeconomy for it to happen as well.
Lets be real here. China, Russia, Japan, Taiwan, and even the Grand ol USA are all trying to do the exact same thing. There is exactly ZERO chance that over the last decade Apple was not the target of one of the above listed nations trying to inject compromised hardware into their supply chain. That is not a riff on Apple, they are a major international company, they are a target. What is a nock on Apple is that Cook is a child like idiot who denies an obvious problem. Cook could have been believed if he said that Bloomberg had misidentified the vendor, or maybe timeline, or maybe response, or maybe the specific product. But to flat out deny that essentially any nation state had ever compromised their supply chain is pathetic.
...is that I know that a company of Apple's size can't 'turn the company upside down' in just a matter of weeks and expect to find anything.
If this was protected by a gag letter and high clearance, unless Tim Cook has clearance, that part of Apple is hidden from him.
... those who deny do so because they would endanger their profit in China ? I don't know how far manufacturers such Supermicro can go. But we've seen intel and AMD go pretty far with their "CPU in the CPU". So I'm more likely to buy the technical possibility, and doubt about the denial. But doubt anyway.
Totof
you forgot isrel
2c
Email searches, datacenter records, financial records, shipment records.
Why are you looking at emails and financial records? They're alleging that China hacked you by physically inserting a spy chip on your server motherboards. What makes you think your emails will have any evidence of this?
I don't think 'unprecedented' means what the sub thinks it means.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
He's too busy salivating over selling chink made iPhones to chinks to care about his customers privacy or companies security.
Apple has no interest in the truth. It's bad for their business model.
I was reading in Ars Technica an article about Russian spies hacking athlete's doping test results. In the comment section someone I suspect to be a Russian troll was expressing mild outrage at the fact that Ars ran an article on that subject but hadn't yet mentioned anything about the Chinese chip hacking conspiracy, linking to the Bloomberg article. Both the quasi-science-fiction Bloomberg article allegations and the circumstances that led me to read it make me suspicious that it is probably fabricated. I don't think that Bloomberg journalists lied, but I consider it likely that they were fed false information that ended up in that article.
Bloomturd has no concerns for facts, they're selling stories that push their agenda then they move on without consequence for the businesses and lives they impact.
And Trump was targeted for assassination by ISIS, but if Bloomberg ran a story saying they succeeded, the story would still be wrong. I'm not saying there's no chance it was successful, but your logic fails, as an attack is not necessarily successful and therefore saying "Obviously they were targeted!" is not equivalent to saying "Their hardware is definitely compromised and China has full access to their systems."
News article: Husband and spouse called the police to report a break-in to their home.
Husband to spouse: Was our home broken into? Did we call the police: ... did you guys report a break-in to the police?
Spouse: idk, I don't think anything is missing, and I'm pretty sure I didn't call the police
Husband to kids: Hey
Kids: No, we've not called the police
Husband to the press: Umm .. I don't know what you're talking about, but we've never called the police.
Internet troll: Husband is an idiot. Doesn't he know in this modern age that it's easy to break into hoses with crowbars? ... it didn't like ... actually ... ever call the police ...
Husband: but
Both realistically, and as a matter of fundamental logic, absence of evidence does not mean evidence of absence.
I basically buy that Apple did an investigation, and maybe it was as thorough as Cook says. The problem is, I also buy that Bloomburg did an investigation, and there's a real story here. Did Apple and Bloomburg specifically meet up and coordinate their investigations? The truth is, any Apple investigation is going to be distinctly unfocused if they did not, and highly focused if they did.
Therefore, just because Cook's investigation didn't turn up any evidence, didn't mean the data attack didn't happen. It could just as easily mean that the investigation didn't look at the right things or in the right places.
By this logic it's premature for Cook to call for a story retraction. Cook can say they didn't find any evidence, and he can call for more information to prove Apple's story wrong, incomplete, or so forth. He can also say "Apple can't find an issue, and we are going to stop looking unless someone tells us what to look for." Which is really political cover for, "we want to know more details on Bloomburg's story, we are interested but we have hit a wall."
Somebody really doesn't like Amazon and Apple for some reason... I think that same entity probably has a similar dislike for some other American companies, such as Google.
It will become clear soon...
a propaganda machine for the WH which wants justification for a trade war.
"Email searches, datacenter records, financial records, shipment records. We really forensically whipped through the company to dig very deep and each time we came back to the same conclusion: This did not happen.
I think they forgot to inspect something. It may be branded with a Supermicro logo.
Why would you bother injecting hardware in a supply chain (which would be very expensive, on the order of millions of dollars per machine) when you can just hack their machines from the Internet?
The SuperMicro BMC story is just as ludicrous - if you can reach the device, nobody updates the firmware and even if you do, there are still various Dropbear SSH and embedded HTTP server bugs. Why even bother installing a chip when you can just reprogram the firmware to dial home.
Custom electronics and digital signage for your business: www.evcircuits.com
A company suing someone for libel / defamation is completely different from suing someone for copying your designs.
Has there been libel / defamation in the past?
How many times did Apple sue someone for libel / defamation in the past, again?
Zero times? Why would they start now?
Can we get those chinese spy dudes to solder a headphone jack into the new iphones?
There were 30 companies affected according to the story.
Tim Cook isn't saying that the story is false per se, only that Apple are not one of the 30 companies affected.
can those ip addresses be spoofed? as in they are really coming from canada but spoofed to look like china? just asking for a friend, as this seems to be about all the proof russia hacked america. oh, that and russian media references in the code (is that correct? and is that also something that could be spoofed meaning a french person acting like they are chinese?).
There is exactly ZERO chance that over the last decade Apple was not the target of U.S. of A. trying to inject compromised hardware into their supply chain
Fixed that for you.
As revealed in the Snowden leaks, the USA has been proven to do spying against its own citizens and against other countries in particular China, whereas all the Chinese hacking accusations so far are coming from the American cybersecurity companies (or its five eye partners) who have deep interested in framing a powerful foreign enemy, just like the military industrial complex accused Iraq of hiding WMDs before the Iraq War.
It is not a chinese spy chip,
It is an american spy chip.
caption - virtuous
thou dost protest too much.
What is a nock on Apple is that Cook is a child like idiot who denies an obvious problem
And you have knowledge of this problem, and Tim Cook is an "idiot" because how? Because you are super sure that this must be the case? Because you see through the lies of Tim Cook to the truth of the incompetence of Apple Inc?
But to flat out deny that essentially any nation state had ever compromised their supply chain is pathetic.
Sure thing, internet dude. Whatever you say. You know the truth
You overlooked the obvious: Apple may well be complicit in allowing China, Russia, the US, etc in monitoring their hardware. It's quite possible said monitoring chips were installed at the request of China and the servers were intended to be eventually installed in China but they were inspected, as stated, by a third party that was there to try to verify they were undetectable at the request of said Chinese government--they may well want to make sure only those higher ups were aware of what was going on. It's even further possible some of those servers were improperly mixed up and shipped to the US/Canada.
The point is, it's entirely possible everything Tim Cook said was true but for it to also be entirely meaningless. If Apple, Amazon, and others are actively working with the various intelligence agencies in each country and complying with whatever spying requests they make, then there's no real example of a compromise. It doesn't mean there wasn't spying going on or that China wasn't the source of things.
You know I miss the days when stories like this would pop up and the first thing everyone would do is produce actual proof. The story literally says that China planted chips in their servers, but since the planted would have happened before the actual knowing where the board was going, they would have had to planted thousands of chips into boards in hopes of hitting a good target. So that said, finding one of these chips out in the wild shouldn't be that difficult and yet, zero people have produced an actual chip to show the story true. We literally have the Fermi paradox here. SMB would have had to produce tens of thousands of these boards that would have ended up everywhere from some CIA bunker to some NAS server in a rando University. At some point, someone, somewhere would have uncovered this and barring some complex and massive cover story conspiracy, would have seen this story and ran to side with Bloomberg to validate their claim. And yet that has not happened
So there is obviously something up here.
One, it isn't as widespread as Bloomberg paints and the Chinese got incredibly lucky with where their hacked boards went in that they're all sitting in Apple/Amazon/CIA places where no one in their right mind would come forward.
Two, it isn't as widespread as Bloomberg paints and there's maybe 1,000 - 100 boards out there and only one actually hit the target and the rest will be like finding a needle in a haystack.
Three, it is as widespread as Bloomberg paints it and everyone is a complete moron at finding these things.
Four, it is as widespread as Bloomberg paints it and the Chinese have invented a completely inconceivable clandestine process for hiding chips that far exceeds anything previously thought possible.
Five, China has somehow invaded every aspect of the reseller market for these boards and anything that's left their intended target has been brought back via these channels to China to prevent the boards from leaking out to other sources.
And hell there's likely more outcomes here than I'm covering but the point remains that given the massive claims that Bloomberg has made, some sort of hard proof should turn up and yet none has. That lack of hard proof makes me seriously question the accuracy of the story. It's an incredible claim, none the less, but count me as non-believer till I see some hard proof here. There's people who will see Cook's request as some sort of "proof" but that's just the deep down cynicism talking. This massive claim has been made, and Bloomberg really needs to back it up with something. And not that weak sauce story they printed about the researcher who found blah-blah-blah on the Ethernet port. Yeah, we all already knew about that trick. No I want to see this duplicitous capacitor or resistor looking chip that's somehow so well made that you can't tell the difference between it and an actual cap/resistor and somehow invades the board enough to leak useful info or make susceptible to an outside actor in a way that's undetectable. Because the engineering feat required to get that done isn't something I would normally attribute to Chinese scientist.
Yes, Apple and Amazon have both sued SMB before for crappy firmware. And if the story said, "They're putting super hidden firmware inside the board" I'll be honest with you, I'd be on the believer side having beers with the buds there. But this chip thing is a whole another level. Bloomberg needs to put up or shut up at this point. I'll be more than happy to eat my words if proof come across the table till then, I just don't buy this story.
In the article its mentioned that this same reporter has screwed up like this before. 1. The reporter makes stuff up. 2. The reporter has a bad source/s with some kind of bad motive.
Move along; nothing to see. If you trust the stuffs you read from Bloomberg then you are just a dump sheep, you don't deserve the truth and you don't care.
Did you read the aricle?
The article did not say "we suspect a nation state has the capability to compromise Apple's supply chain". Nor did the article did not say "a nation state has at some point compromised Apple's supply chain". Either of these could be forgiven.
The article said "this specific nation state compromised Apple's supply chain in this exact way with this exact method during this time window". It was *extremely specific*, and provably false.
According to the Supreme Court case Sullivan vs. NYT, it's really hard for a public company or public personality to win a libel case. You have to prove the reported acted with malice or knowledge they were false when they were reported. If they think it's true, that's good enough. So, any politician (for example) pretty much has the burden to prove intent to harm.
A private person has better protection according to Gertz vs. Robert Welch. Basically, the idea is that any public figure (or major corporation) can counteract false news (as Cook is) by presenting evidence. But that a private person has a much harder time getting a counternarrative out there.
Your ad here. Ask me how!
Even the head of the FBI department has stated that you should be careful of what you read in conjunction with this story!
China sucks (and I avoid doing business there), but has any of this been corroborated?
If this is just a smear piece, that's lame.
Assuming it's false. And if it is false, why isn't Apple out there actually proving that it's false, rather than oh-so-gently asking for a retraction (pretty please)?
I got this email from Corvalent's mailing list (Corvalent is an industrial/embedded manufacturer). Had some of their insight into the whole ordeal which i found interesting.
What is Corvalent’s Insight on Hardware Hacking?
“It is our technical opinion that modifications of hardware, firmware and/or software are all possible ways to interfere with the normal operation of boards. Each of them has advantages and disadvantages, including technical complexity, ease of detection, and cost of implementation,” said Martin Rudloff, Corvalent’s CTO. “Typically this means that for someone to deploy an attack of the scope reported by Bloomberg in its Super Micro feature, the target must be specific and worthwhile in order to justify the high cost involved. Targeting only one or a few major companies would also minimize the risk of discovery.”
“Without deeper knowledge of the hardware and the software running on a server, information gathered from it may not allow a thief to decode or understand what the data means. And without knowing the end users’ security measures, we find it unlikely that the information could be forwarded to an external recipient,” added Rudloff.
Curiosity kicked in when we were discussing the level of difficulty in modifying the RJ45, so we decided to open one and check it out firsthand. As you can see below, it is very hard to open the metal enclosure without damaging it. The interior is fully packed, leaving little space to add additional circuitry. A fully assembled modified unit would probably be a better choice, but would involve the highly sophisticated effort of tapping into the supply chain and replacing the original parts with counterfeits.
Should we Question Such a Significant Story?
Bloomberg is a trusted new source with impeccable standards for truth and accuracy in reporting. Even so, it is possible that the story is incorrect. Sources provided data they understood to be accurate and truthful based on reports seen by them only; however, these were not shared with Bloomberg directly. There are technical inconsistencies to consider as well.
It should be possible to detect oddities in network traffic coming from a BMC behaving in unexpected ways. Alterations to the kernel and software stack should also set off alarms during or after system boot.
The chip pictured in the Bloomberg story fits on the tip of a pencil, yet it purportedly holds enough data to replace the data extracted from the BMC, alter the existing OS, and implement backdoor system access. This means the chip must either be larger than pictured or is using new lithography.
Why go to the trouble of placing a new chip on the board instead of a backdoor version of one already certified as part of the design?
Strong and specific denials by Amazon and Apple – different from the usual ‘we do not discuss issues of security as a matter of policy’– further stress the story’s validity.
On the one hand, it certainly seems easy to believe that by demanding a retraction it adds credence to the initial claim. On the other hand, I can see the mere accusation of this being true hurting Apple's efforts with corporate customers who may feel like trade secrets shared via "secure" corporate email may still wind up in the hands of the Chinese and hurt sales of iCloud subs, along with hardware sales.
I'm a little more inclined towards the former, however, since if Cook had just kept his mouth shut, the story would have likely been little more than a distant memory come year's end. Demanding a retraction like this just means it will be back in the public eye again as everyone reports on the demand for the retraction and recaps the original story for context.
Of course these days, no matter where you go, someone is spying on you. There are loads of reports of secret rooms in telecom hubs that are accessible only to the NSA. It's well known China will steal your IP and pump out cheap knockoffs, or just extend the run of some product beyond the contract and sell the excess directly. Russia is basically well down the same path as China, and will just nationalize your Russian assets any time they feel like it. Australia wants to ban encryption entirely. England and the rest of Europe you can bet is monitoring everything the same way the NSA is in the US, and may as well lump Canada in there as well. So it's just a matter of who you want to spy on you.
Yes the story is specific, and Cooks response was general. "There's no truth to this." As per my first statement, that response does not mean, that Bloomberg got "A" detail wrong." There's no truth to this." His statement implies ALL of the details were wrong. He is not just saying that the particular components were not compromised. He is saying that none of Apples components were ever compromised. Which is the nonsensical part. His response is broader than the specific story.
"Husband to the press: Umm .. I don't know what you're talking about, but we've never called the police." The "never" is the problem. Given the size of their business it is impossible for them to never have had someone break in.
You are not a hacker. We can tell.
So if the New York Times reports that on October 12, 1994, David Hart, Slashdot User #1184661, fucked his neighbor's Great Dane while his mother serviced its owner, the burden of proof is on you to prove them wrong?
Too bad you are totally wrong. Apple has made no threat to sue.
Run your own company and leave running others to their owner. You got enough work at your hands as it is when I take a look at your more recent "success stories".
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Yep.. thats says everything I need to know.
Assuming it's false. And if it is false, why isn't Apple out there actually proving that it's false, rather than oh-so-gently asking for a retraction (pretty please)?
And how do you prove that something never happened? Bloomberg claims that at least three Apple employees informed them that compromised server were found. Both Bloomberg and Apple say that Bloomberg then informed Apple, Apple investigated, and found no evidence of any of this happening. They don't even know which employees, so they can't even ask them. So, there is a giant conspiracy to keep Apple upper management from finding out about this or there is a giant conspiracy keeping not just all Apple employees that know about this from speaking out publically, but also the other "almost 30 companies" that these chips were also found out according to Bloomberg, including Amazon, Elemental, and the US government. Plus the security company in Canada that supposedly found the chips in question when Amazon found strangeness and sent them to be checked out. Amazon has also stated they have found no evidence of this ever happening and have no idea what Bloomberg is talking about, right in the original article.
You're an idiot.
They already did issue press releases about it. Bloomberg didn't retract even in the face of denials and zero evidence. Apple stepped it up by asking for a retraction. Bloomberg is again stubborn. So why should it surprise you that Apple would eventually sue for libel?
There is no evidence, and everyone has denied anything happened or that there was even an investigation. So either everyone including Apple, Amazon, the FBI and DHS are lying, or it is one huge conspiracy. Which one has the potential to be true?
I would suggest the authors of that story are either being played, or just don't care if they make it all up. Considering the amount of baseless and false accusations against many public officials lately, it seems entirely likely the story has no legs.
"Email searches, datacenter records, financial records, shipment records."
Because those are the first things I look into when I'm told that my server room has been infiltrated by rogue *hardware* chips instead of, you know, turning off a few servers and looking at the physical hardware in my datacenter(s) just to make sure. And maybe get some details from Bloomberg too about what *specifically* to look for.
The response so far by affected companies has been incredibly fishy. I wouldn't be surprised to learn that the NSA is involved in getting the modifications installed and that both Amazon's and Apple's response are canned responses they are being forced to be put out there by a FISA court order.
You could aswell trust Breitbart, ... or The Daily Stormer, for that matter. ;)
Bloomberg is a neocon-fascist propaganda outlet, that a North Korean or Chinese propaganda source couldn't hold a candle to. ("Murica, No. 1, amirite?”
I'm not saying Chinese wouldn't try this. Everyone does. Every big state, big corporation, lobby group, etc.
I'm saying that Bloomberg and factual reality are entirely unrelated, and any commonalities are pure coincidence.
Blindly believing in them like you do, is on the same level as a time-cube-lizard-people-flat-eather.
1. Rent a virtual server or infect a PC in China, use that to hack whatever. The logs will show a China IP. (available for anyone)
2. Spoof the IP at the ISP level (available for the ISP of the server)
3. Mess with routing and make the traffic for the Chinese IP go to your device (available for ISP of the server, a transit ISP and/or national agencies).
... I am starting to believe that the most plausible explanation to this story is that Bloomberg did receive word from genuine agency members, which were following orders to spread a rumor damaging Chinese business and promoting the sales of devices that are back-doored by US agencies.
I would still assume also the Chinese use such tampering techniques, but not in the precise way described.
"the fact that they haven't sued Bloomberg for libel/defamation means that it's real and it happened"
It may not be libelous because a) it's true, but also because b) Bloomberg had reason to believe it was true, or c) Bloomberg thought it would not be damaging to Apple (for instance, because they had long since stopped using Supermicro products). In addition it may be libelous yet not a net gain to go to court because then Bloomberg gets to do discovery on why Apple severed their relationship with Supermicro in the first place. News organizations love to get libel suits because of the oportunity to use discover to research.
You can't have it both ways. Either it is "provably false" (according to parent there), or "you can't prove a negative". If it's the latter (as you claim it), then it's not "provably false."
Either way, I'm in the happy place of being correct, which is the best thing in the world (being right on the Internet, that is).
>Cook is a child like idiot
I think you meant so say childlike FAGGOT. Cook is a literal faggot, which is all one needs to know about the "man".
Retard APK is arguing with himself, he only thinks it is a different person because of his mental illness.
Mr. Impersonator of me: Still buttsore from an ASS-KICKING I gave you here https://tech.slashdot.org/comm... & https://tech.slashdot.org/comm... + https://tech.slashdot.org/comm... on hosts files?
YES, obviously - lol, your "effete revenge" was DOWNMODS I ran you DRY of as always!
After you tried VAINLY to "downmod" HIDE all of that here & UNDENIABLE https://tech.slashdot.org/comm... LITERALLY (I just reposted to NULLIFY your 'wannabe weapon' NEUTRALIZING it & EXPOSING YOU LOSING to me, lol!).
APK
P.S.=> I love it - especially seeing u REDUCED to TRYING to LIE about me (or LIBEL me) as you IMPERSONATE me (proving you WISH you were me, but you're INFERIOR imitation (& just plain INFERIOR on ALL levels))... apk
Mr. Impersonator of me: Still buttsore from an ASS-KICKING I gave you here https://tech.slashdot.org/comm... & https://tech.slashdot.org/comm... + https://tech.slashdot.org/comm... on hosts files?
YES, obviously - lol, your "effete revenge" was DOWNMODS I ran you DRY of as always!
After you tried VAINLY to "downmod" HIDE all of that here & UNDENIABLE https://tech.slashdot.org/comm... LITERALLY (I just reposted to NULLIFY your 'wannabe weapon' NEUTRALIZING it & EXPOSING YOU LOSING to me, lol!).
APK
P.S.=> I love it - especially seeing u REDUCED to TRYING to LIE about me (or LIBEL me) as you IMPERSONATE me (proving you WISH you were me, but you're INFERIOR imitation (& just plain INFERIOR on ALL levels))... apk
See subject: his FAKEname on a post impersonating me https://linux.slashdot.org/com... & altering /.er's words.
c6gunner tried to mock me 1st https://linux.slashdot.org/com...
So I challenge c6gunner to show he did better work than mine & he CAN'T!
YOU DEMAND PROOF of others here?
"I've yet to see you provide any evidence of that." by c6gunner on Monday March 15, 2010 @10:02PM (#31490942) ?
So now I DEMAND IT OF YOU & YOU FAIL!
c6gunner = "Run, Forrest: RUN!!!
* c6gunner's LYING saying I did a MacOS X one - I haven't yet & c6gunner's LYING impersonating me saying hosts work vs. Intel CPU issues (spectre/meltdown).
APK
P.S.=> You say hosts = shit here https://slashdot.org/comments.... ?
FACTS: /.ers & security pros + RESULTS say DIFFERENT:
1st: /.ers https://slashdot.org/comments.... https://slashdot.org/comments.... https://slashdot.org/comments.... https://slashdot.org/comments.... https://slashdot.org/comments.... https://slashdot.org/comments....
2nd: SECURITY PROS https://slashdot.org/comments....
3rd: REAL RESULTS w/ hosts vs. threats https://slashdot.org/comments....
EAT YOUR WORDS!
c6gunner there's no doubt your name's on a post impersonating me signing off APK in it https://linux.slashdot.org/com... & altering /.er's words. you loser https://linux.slashdot.org/com...
* You TRIED to mock me saying I'm not a good programmer in that last link? I ask you PROVE You can do better!
(YOU? CAN'T)
APK
P.S.=> You're a punk pussy DO-NOTHING "ne'er-do-well" JEALOUS "Lil' Jowie" & nothing more loser... apk