Slashdot Mirror
In an Unprecedented Move, Apple CEO Tim Cook Calls For Bloomberg To Retract Its Chinese Spy Chip Story (buzzfeednews.com)
John Paczkowski and Joseph Bernstein, reporting for BuzzFeed News: Apple CEO Tim Cook, in an interview with BuzzFeed News, went on the record for the first time to deny allegations that the company was the victim of a hardware-based attack carried out by the Chinese government. And, in an unprecedented move for the company, he called for a retraction of the story that made this claim. Earlier this month Bloomberg Businessweek published an investigation alleging Chinese spies had compromised some 30 US companies by implanting malicious chips into Silicon Valley bound servers during their manufacture in China. The chips, Bloomberg reported, allowed the attackers to create "a stealth doorway" into any network running on a server in which they were embedded. Apple was alleged to be among the companies attacked, and a focal point of the story. [...] "We turned the company upside down," Cook said. "Email searches, datacenter records, financial records, shipment records. We really forensically whipped through the company to dig very deep and each time we came back to the same conclusion: This did not happen. There's no truth to this." A Bloomberg spokesperson said, "We stand by our story and are confident in our reporting and sources."
... he would be suing, not asking for a retraction.
Lets be real here. China, Russia, Japan, Taiwan, and even the Grand ol USA are all trying to do the exact same thing. There is exactly ZERO chance that over the last decade Apple was not the target of one of the above listed nations trying to inject compromised hardware into their supply chain. That is not a riff on Apple, they are a major international company, they are a target. What is a nock on Apple is that Cook is a child like idiot who denies an obvious problem. Cook could have been believed if he said that Bloomberg had misidentified the vendor, or maybe timeline, or maybe response, or maybe the specific product. But to flat out deny that essentially any nation state had ever compromised their supply chain is pathetic.
This is more about owning a fleet of thousands of cars across states and continents and then someone says "Dude, your car's gas tank had a hole punched in it by a police officer before it shipped to you from China". Then you do indeed go through the financial records and say "dude, we never purchased a car directly from China, moreover, nobody ever noticed a leak and nobody even reported a puddle of gas in any of our parking lots"
Custom electronics and digital signage for your business: www.evcircuits.com
What is a nock on Apple is that Cook is a child like idiot who denies an obvious problem
And you have knowledge of this problem, and Tim Cook is an "idiot" because how? Because you are super sure that this must be the case? Because you see through the lies of Tim Cook to the truth of the incompetence of Apple Inc?
But to flat out deny that essentially any nation state had ever compromised their supply chain is pathetic.
Sure thing, internet dude. Whatever you say. You know the truth
You know I miss the days when stories like this would pop up and the first thing everyone would do is produce actual proof. The story literally says that China planted chips in their servers, but since the planted would have happened before the actual knowing where the board was going, they would have had to planted thousands of chips into boards in hopes of hitting a good target. So that said, finding one of these chips out in the wild shouldn't be that difficult and yet, zero people have produced an actual chip to show the story true. We literally have the Fermi paradox here. SMB would have had to produce tens of thousands of these boards that would have ended up everywhere from some CIA bunker to some NAS server in a rando University. At some point, someone, somewhere would have uncovered this and barring some complex and massive cover story conspiracy, would have seen this story and ran to side with Bloomberg to validate their claim. And yet that has not happened
So there is obviously something up here.
One, it isn't as widespread as Bloomberg paints and the Chinese got incredibly lucky with where their hacked boards went in that they're all sitting in Apple/Amazon/CIA places where no one in their right mind would come forward.
Two, it isn't as widespread as Bloomberg paints and there's maybe 1,000 - 100 boards out there and only one actually hit the target and the rest will be like finding a needle in a haystack.
Three, it is as widespread as Bloomberg paints it and everyone is a complete moron at finding these things.
Four, it is as widespread as Bloomberg paints it and the Chinese have invented a completely inconceivable clandestine process for hiding chips that far exceeds anything previously thought possible.
Five, China has somehow invaded every aspect of the reseller market for these boards and anything that's left their intended target has been brought back via these channels to China to prevent the boards from leaking out to other sources.
And hell there's likely more outcomes here than I'm covering but the point remains that given the massive claims that Bloomberg has made, some sort of hard proof should turn up and yet none has. That lack of hard proof makes me seriously question the accuracy of the story. It's an incredible claim, none the less, but count me as non-believer till I see some hard proof here. There's people who will see Cook's request as some sort of "proof" but that's just the deep down cynicism talking. This massive claim has been made, and Bloomberg really needs to back it up with something. And not that weak sauce story they printed about the researcher who found blah-blah-blah on the Ethernet port. Yeah, we all already knew about that trick. No I want to see this duplicitous capacitor or resistor looking chip that's somehow so well made that you can't tell the difference between it and an actual cap/resistor and somehow invades the board enough to leak useful info or make susceptible to an outside actor in a way that's undetectable. Because the engineering feat required to get that done isn't something I would normally attribute to Chinese scientist.
Yes, Apple and Amazon have both sued SMB before for crappy firmware. And if the story said, "They're putting super hidden firmware inside the board" I'll be honest with you, I'd be on the believer side having beers with the buds there. But this chip thing is a whole another level. Bloomberg needs to put up or shut up at this point. I'll be more than happy to eat my words if proof come across the table till then, I just don't buy this story.
The claim is that it happened in 2015, on servers that would be decommisioned by now.
Part of the claim was that Apple reported the discovery.
So it would be 'Ford says they had gas tanks with holes in them in their 2015 F150s" and Ford saying "We checked and show no documentation supporting this claim". They didn't have to start recalling all F150s to check gas tanks for whole because some random person claimed that *Ford* claimed it. There would be an expectation that the accusation would be supported by some sort of evidence.
Here, the one named source of the original story came forward to say that he was the one who provided an actual picture of a signal coupler, and that the tone of the interviewer was basically that some *other* expert had answered 'hmm.. maybe a signal coupler?' and hypothesis upon hypothesis added up to 'we have *confirmed* that this specific pictured chip is a chinese plant'.
The most likely theory was that in 2015 SuperMicro had some accindental infection on something, and that a security team said 'other vendors have better security practices'. These 'reporters' for bloomberg, however, weren't satisfied and went running vague idea through multiple sources divorced from the actual occurrence and each time asking 'well, hypothetically...' and then presenting the result as fact.
XML is like violence. If it doesn't solve the problem, use more.