Slashdot Mirror

← Back to Stories (view on slashdot.org)

AWS CEO Andy Jassy Follows Apple In Calling For Retraction of Chinese Spy Chip Story (cnbc.com)

Posted by BeauHD on from the finger-pointing dept.

An anonymous reader quotes a report from CNBC: Andy Jassy, the CEO of Amazon Web Services, followed Apple's lead in calling the for the retraction of Bloomberg's story about spy chips being embedded in servers. "They offered no proof, story kept changing, and showed no interest in our answers unless we could validate their theories," Jassy wrote in a tweet on Monday. "Reporters got played or took liberties. Bloomberg should retract."

Apple CEO Tim Cook told Buzzfeed on Friday that the scenario Bloomberg reported never happened and that the October story in Bloomberg Businessweek should be retracted. Bloomberg alleged data center hardware used by Apple and AWS, and provided by server company Super Micro, was under surveillance by the Chinese government, even though almost all the companies named in the report denied Bloomberg's claim. Bloomberg published a denial from AWS alongside its own report, and AWS refuted the report in a more strongly worded six-paragraph blog post entitled "Setting the Record Straight on Bloomberg Businessweek's Erroneous Article." Further reading is available via The Washington Post.

"Sources tell the Erik Wemple Blog that the New York Times, the Wall Street Journal and The Post have each sunk resources into confirming the story, only to come up empty-handed," the Washington Post reports. "(The Post did run a story summarizing Bloomberg's findings, along with various denials and official skepticism.) It behooves such outlets to dispatch entire teams to search for corroboration: If, indeed, it's true that China has embarked on this sort of attack, there will be a long tail of implications. No self-respecting news organization will want to be left out of those stories. 'Unlike software, hardware leaves behind a good trail of evidence. If somebody decides to go down that path, it means that they don't care about the consequences,' Stathakopoulos says.'"

111 comments

  1. Well, duh... by Penguinisto · · Score: 1, Funny

    The very mention of SuperMicro in the story means it's crap. Damned company can barely get their legit mobo components running, let alone some astoundingly sophisticated spy chip.

    (/me gets his coat...)

    --
    Quo usque tandem abutere, Nimbus, patientia nostra?
    1. Re:Well, duh... by Anonymous Coward · · Score: 0

      Unless its the Chinese government adding these chips.

    2. Re:Well, duh... by Anonymous Coward · · Score: 1

      This is another thing that's got me confused. Everyone here on /. says that SuperMicro servers are crap. I have no personal experience with them. Yet, if they're so crap, how come Apple, Amazon, et. al. are buying thousands of these machines for their mission-critical data centres?

    3. Re:Well, duh... by Anonymous Coward · · Score: 0

      How do retractions work when my bot (and the rest of the market) has already made trades based on the news? LOL. Retraction.

    4. Re: Well, duh... by Anonymous Coward · · Score: 0

      No story is the full story, but I suspect there is more truth in the story than these selective partial denials would suggest.

       

    5. Re:Well, duh... by Anonymous Coward · · Score: 0

      Because they want a specific shape for a custom rack of some sort. Super micro does "low" quantity custom boards.
      A couple years back when some data centres got an overhaul, there was a glug of ddr3, a glut of xeon whatever cpus... but the boards that showed up wouldn't fit in anything, and couldn't be powered by anything standard.

    6. Re:Well, duh... by Anonymous Coward · · Score: 0

      1. Cost

      2. Cost

      3. Cost

      4. Oh and did I say cost?

      If you're willing to put up with the quirks of the hardware you can save significant amounts of money over buying equivalent systems from Dell/HP.

    7. Re:Well, duh... by Anonymous Coward · · Score: 0

      They're not "crap" as in poorly built. Relative to HP or Dell, they're hard to integrate with a HP or Dell data center rack, as you'll be needing different types of rails for them.

    8. Re:Well, duh... by natx808 · · Score: 1

      The cloud model typically uses lots of inexpensive servers and let software handle the load balancing and storage magic, as opposed to using few expensive name brand servers and SANs..

    9. Re:Well, duh... by rtb61 · · Score: 2

      Public company, short the stocks, spread a story voila big profits to be made. It's all part of the corporate wars, using various criminal methods and attack and destroy other corporations, spreading misinformation just a minor part, computer hacking of all kinds, corrupting staff in competing companies and you can expect targeted assassination to follow. American special services are no bragging about post employment for profit assassination program. So take out a critical executive, at a critical time, can cripple a corporation, done right there in GTAV or is that GTGV(grand theft gaming), that hacks certainly are and it is contractors hacking contracts because that is the way the fuckwit US government decided to go in all of its grand idiocracy.

      Follow the money.

      --
      Chaos - everything, everywhere, everywhen
    10. Re:Well, duh... by sjames · · Score: 1

      My experience is very different. I find that Supermicro is quite reliable, at least when running Linux.

      They don't seem to be too picky about environment or power. (within reason)

      Of course, I don't get the bargain basement model or run Windows, so that may be a different story.

    11. Re:Well, duh... by sjames · · Score: 1

      Personally, I've had more mysterious problems with HP than Supermicro.

    12. Re:Well, duh... by _merlin · · Score: 4, Informative

      My experience with them is a few years old, and it's from the finance industry, so not directly related to using them for cloud services. SuperMicro sells on price and density. SuperMicro have products that are two complete, fully independent servers in a 1U rack enclosure. They're also very cheap. Now to achieve this, something's got to give, so there are some compromises.

      SuperMicro servers aren't as feature-rich as something you'll get from Dell or HP. For example the out-of-band management isn't as sophisticated, the storage controllers aren't as configurable, and you don't have as many options for NIC modules. The build quality isn't spectacular either - they're definitely not as physically robust or convenient to work on as a Dell PowerEdge.

      In terms of performance, they weren't really competitive with Dell or IBM for single-CPU throughput or wire-to-wire latency. Whether this is important or not depends heavily on your application. If you're doing something like online transaction processing where latency isn't critical, you might get better overall performance by going with SuperMicro and making the most of the higher density and lower price. But that's not going to help you if your application depends on good wire-to-wire latency.

      Failure rates weren't much worse than HP really. After-sales support from SuperMicro isn't great, but remember you're paying a lot less. If you're prepared to do more of your service/support in-house rather than dealing with the manufacturer or a value-added reseller, SuperMicro might be better value.

      TL;DR SuperMicro's offerings aren't as good in terms of performance, build-quality and vendor support, but they try to make up for it with low cost and high density. Depending on your application, it may be a win.

    13. Re:Well, duh... by Megol · · Score: 1

      Because they aren't crap.

    14. Re:Well, duh... by Megol · · Score: 1

      ++
      Maybe not the best there is - but not crap.

  2. There's no There There by SuperKendall · · Score: 5, Insightful

    If it were just Apple, or Amazon claiming the story was false I'd be dubious.

    But it's both companies. And the NSA, and every other news organization that has gone looking. All are coming up blank on this.

    At some point you have to go with the "simplest answer is correct", which means that Bloomberg is wrong in this case. The real question to my mind is, how did they go so badly wrong.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:There's no There There by Actually,+I+do+RTFA · · Score: 4, Insightful

      how did they go so badly wrong.

      IIRC, they had a single source who claimed it, and showed pictures of the mobo to the reporters. The reporters then showed the photos to a computer expert who agreed that that chip looked suspicious and could be a spy chip. Further, that he couldn't identify another good reason for the chip.

      The original source may have had other documentation, but that's all I've seen so far.

      --
      Your ad here. Ask me how!
    2. Re:There's no There There by ffkom · · Score: 3, Insightful

      Bloomberg being wrong might be one aspect of the story, but it is not an answer to the most interesting open questions: Who placed the (false?) story and provided fake-evidence? And what was the motive for this action? Stock price manipulation? Political agenda to hurt Chinese manufacturers?

    3. Re: There's no There There by sg_oneill · · Score: 1

      I think it's one of those things that got by because it was plausible enough in the light of the Snowden revelations that governments do this kind of guff that a manufacture might deploy a hacked version of Intel management engine or something like that. Like sure it's possible.....

      But possible isn't the same as actual, and the editors really ought to have demanded some evidence , not because it was dubious but because it's a big story with big implications

      --
      Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
    4. Re:There's no There There by thegarbz · · Score: 3, Insightful

      Single source, photo not hard evidence, expert using words like "could".

      You'd want to have more than that when you make an accusation affecting the worlds biggest companies.

    5. Re: There's no There There by Anonymous Coward · · Score: 1

      This is a reasonable conclusion. The other interesting angle which was mentioned from one of the prior threads on this was, alternatively, they didnt uncover a Chinese op, but an internal US op, and thereby disclosing it, opened up another can of worms there.... That might explain the reaction by politicians then...

      This would also explain the major push to get everything and everyones data cloud based, because cloud is goodz..... Over the last 5 years.... The propoganda or forced adoption to cloud very heavy during this time...

    6. Re:There's no There There by Actually,+I+do+RTFA · · Score: 1

      You'd want to have more than that when you make an accusation affecting the worlds biggest companies.

      I'm not sure... I mean, it seems to be the minimum to be non-reckless, so you're safe from libel concerns. And if you thought it was true (e.g. if the source was your brother), you might think it would shke other sources free...

      I certainly think the fact that they are the world's biggest companies means you have less of a requirement of care - they can fight back. If they said things about you personally, you'd never dig yourself out from the reporting.

      --
      Your ad here. Ask me how!
    7. Re:There's no There There by Tablizer · · Score: 2

      At some point you have to go with the "simplest answer is correct", which means that Bloomberg is wrong in this case.

      I wouldn't go that far. It's more reasonable to say the simplest answer shall be considered "the default assumption" or "the most likely". (See Occam's razor.)

      --
      Table-ized A.I.
    8. Re:There's no There There by Anubis+IV · · Score: 3, Insightful

      Every organization involved has a strong, strong motive to deny this

      That isn't even remotely true. Were the story true in part or whole, they'd have plenty of reasons to make couched denials or to keep their mouths shut, but they wouldn't have any reason to make the categorical denials they've been making. Categorical denials can come back to bite them.

      If it later came out that Bloomberg was right, but that Apple and Amazon had chosen to make categorical denials despite knowing better, we'd lose count at the number of lawsuits and criminal charges filed against them. They'd have knowingly misled their shareholders, repeatedly engaged in fraud in public statements, and lied to Congress, among other crimes and illicit activities. And both companies have had C-level executives signing their names to these statements, including those being made to Congress, meaning that real people are putting themselves on the hook for what these companies are claiming. There would be jail time.

      Had they come out with couched, non-denial denials that made it clear that they were merely denying certain facts of the story, that'd be one thing, but they're all outright saying that Bloomberg got the story wrong, and not just in part, but in full inasmuch as it relates to each of them. Apple says that they have no awareness of the things they're supposedly aware of. Amazon says the same. The FBI says the same. Other newspapers have been unable to come up with any corroborating evidence. Bloomberg has failed to produce a single person with firsthand knowledge who is willing to speak on the record, let alone produce the chip itself, which would be the smoking gun that could silence all criticism.

      Also, it's clear you don't even know what the implications are of the alleged chips. Amazon allegedly picked up these boards when it acquired Elemental. They weren't a part of AWS. Hell, they weren't even connected to the Internet. And Apple allegedly had these boards in their data centers (side note: Apple never even had the number of SuperMicro boards that Bloomberg claimed were affected), so we're not talking about a phone compromise.

      Moreover, Apple and Amazon allegedly knew about these boards back in 2015, yet Apple didn't dump SuperMicro until 2016, and Amazon was still using SuperMicro boards as of just a few months ago. Are you telling me that they kept using boards from SuperMicro for a year or three after finding out about this issue?

      Come on.

    9. Re: There's no There There by Anonymous Coward · · Score: 0

      And why should we expect any of those entities to be truthful in this at all? Apple? Aws? Agencies?

      Bloomberg makes a living on trying to deliver news and reliable information that gets syndicated to all major global financial players in the world who make major decisions, analaysis, strategy on this. They also have to hold up their reputation...

    10. Re:There's no There There by Anonymous Coward · · Score: 0

      The picture in the Bloomberg article of the "chip" looked like: a resistor, a diode, or a capacitor.
      For a "chip" to be a "chip", you need its support infrastructure in place - a power supply, input
      and output. The picture (even though it's only 1 view) only show three leads. It's more believable
      if they piggybacked stealth tech on an existing chipset (say an Ethernet controller, duh), but I got
      the impression it was just that chip on the guys finger.

      Does that mean I trust China? No way, Jose! They've been stealing U.S. tech (like India has) for
      close to two decades.

      CAP === 'kinetic'

    11. Re: There's no There There by SuperKendall · · Score: 1

      And why should we expect any of those entities to be truthful in this at all? Apple? Aws? Agencies?

      Apple and AWS because they denials they have issued would mean big fines if they are false.

      NSA, maybe, I'm like 50/50 on that as I can't see a good angle for why they would lie about it one way or the other.

      However as I said multiple other news agencies also cannot find anything, and they very much have motive to get to the truth as well. They have nothing.

      --
      "There is more worth loving than we have strength to love." - Brian Jay Stanley
    12. Re:There's no There There by rahvin112 · · Score: 4, Insightful

      If this spy chip had been implanted into that many motherboards there would be copies of it all over the place for people to study. This is why the NSA doesn't modify actual hardware, everything is in software where they have plausible deniability.

      Spy chips create physical evidence and I doubt even China is dumb enough to go that route.

    13. Re:There's no There There by Cmdln+Daco · · Score: 1

      I bet the Chinese were the first to deny the story.

    14. Re:There's no There There by ShanghaiBill · · Score: 1

      Every organization involved has a strong, strong motive to deny this, and no motive to admit it.

      You have a strong, strong motive to deny you are a child molester, and no motive to admit it.

    15. Re: There's no There There by ShanghaiBill · · Score: 1

      And why should we expect any of those entities to be truthful in this at all? Apple? Aws?

      The companies are subject to serious civil and criminal penalties for lying about material facts that could affect their stock price.

      Agencies?

      The agencies would get major budget boosts if they can show that the Chinese infiltrated all of these companies. They have a strong vested interest in making China look like a powerful and dangerous boogeyman.

    16. Re:There's no There There by Aighearach · · Score: 1

      You seem confused. Bloomberg has 17 anonymous sources, not 1.

    17. Re: There's no There There by Anonymous Coward · · Score: 0

      Umm... classified?

    18. Re:There's no There There by Aighearach · · Score: 0

      They have 17 sources, so that's one heck of a conspiracy theory once you fit that in. ;)

      What surprises me is how many people, even here at slashdot, hear a few executives making strong statements and they forget all about which is provable, positive statements, or negative statements?

      If it happened, and not everybody knew about it, do people who tried to find out about it but found nothing have evidence that nothing happened? Or do they only have no information?

      The way I see it, Bloomberg is making statements they haven't shown the proof to. But they claim they do have that proof. As these things normally go, the details would get dribbled out later. But the deniers, they're saying they don't have any proof at all. So they're claiming that they are ignorant of if it is true. And yet, they're also claiming that their ignorance means it didn't happen, which is clearly specious.

      Even the NSA, who doesn't make public statements even in situations where the country is known to have been attacked, is claiming that they're ignorant and their ignorance means something. Wowsers, people. Just wowsers. If that's what it takes to convince people you can prove a negative, they've been naive to be so quiet about so many important things for so long!

    19. Re: There's no There There by Anonymous Coward · · Score: 0

      This whole thing is real fishy.

    20. Re:There's no There There by Aighearach · · Score: 1

      Uh, where did the words "that many" come from? Maybe it wasn't "that many," maybe it was only a few out of millions?

      News flash: We have no idea if the NSA modifies actual hardware. As far as we know, they do, and they were the ones who modified the hardware in this story. Or they weren't, but they want people to think that they do. Or they don't, but they're worried somebody will leak that they don't, so they leaked a fake story that they did. Or they do, and they were worried about a leak, so they leaked that they don't. Or they do, and they were worried about a leak, so they leaked that they do, so that they can control the story. Like the Air Force did with the "weather balloon" when their experimental aircraft crashed off-base.

      Spy chips create no physical evidence that is knowable over the internet. Same as every other story about everything. The physical evidence is not mailed out to all Earthlings. The most you'll get access to is picture from a news source that purports to be evidence of whatever conclusion is published nearby. Information itself is difficult to "prove," but information about what secretive government agencies are doing is clearly not trustable, no matter what it says. It could always be misinformation from the very agency you think you learned something about! There is no way to trust anybody, after all.

      As for "plausible deniability," I can understand the theory when it is a cop pretending to use a "confidential informant," or when it is a carefully prepared public statement that somebody's lawyer wrote. But why would the NSA need that? The only people they "answer" to are sworn to secrecy! Even if we assume that they follow all the rules, then Senator Wyden knows the truth, but can't tell us. But he doesn't tell us to just trust them, either. The NSA doesn't even have to confirm or deny anything, and you can't sue them to make them talk. If they don't even have a need for deniability, why would they need it to be plausible?!?

    21. Re:There's no There There by bloodhawk · · Score: 2

      Its quite easy for them to get it so badly wrong. As the information gets passed from one person to the next, usually with those that don't understand what they are looking at it morphs (like Chinese whispers), alternatively you get the problem of reporters paying for valuable stories which encourage sources to "embellish" their information to make it more sellable, combined with reporters not making the effort to cross check and validate the information.

    22. Re: There's no There There by Aighearach · · Score: 1

      NSA, maybe, I'm like 50/50 on that as I can't see a good angle for why they would lie about it one way or the other.

      ***ROFLCOPTER***

      Like, spy agencies need a special occasion to find benefit in the public having incorrect information about them?!

      I wouldn't trust them to take an office poll about everybody's favorite flavor of ice cream. They'd lie for sure, out of fear of accidentally leaking some aspect of their process.

      An organization that only recently started even admitting that it exists, and people already treat them like some do-goody nun who would never lie unless it was for a really good reason like protecting refugees hidden in the basement. I wonder though, what sort of thing would the NSA hide in the basement? Probably just some leftover one-time pads from WWII, or something like that. Right?!

    23. Re:There's no There There by Anonymous Coward · · Score: 0

      Bloomberg being wrong might be one aspect of the story, but it is not an answer to the most interesting open questions: Who placed the (false?) story and provided fake-evidence? And what was the motive for this action? Stock price manipulation? Political agenda to hurt Chinese manufacturers?

      The most likely scenario is simply greed, the story as written is something many news outlets would happily pay sources for as it attracts readers and clicks. when financial incentives are involved a reporter might not thorough vet the source before rushing to publish what they think is a scoop.

    24. Re: There's no There There by Anonymous Coward · · Score: 1

      No, they had one source who supposedly provide hard evidence in the form of a couple pictures. And 16 people who supposedly confirmed the 1st guy, but who could just as easily been confirming rumors they heard around the watercooler.

    25. Re: There's no There There by Anonymous Coward · · Score: 0

      Supermicro was first to market with a new HCI server that has a Petabyte of on board flash and some impressive CpU.
      Follow the money.

    26. Re:There's no There There by Cmdln+Daco · · Score: 1

      Here is a picture of a complete self-contained microcontroller. The picture only shows one side, it has six pins in an SOT-23-6 package. That means the plastic package is about the size of a grain of rice. It's six pins are four general purpose I/O pins, plus power and ground.

      It's not an exotic chip or even an expensive one. It's got programmable flash memory and costs less than 20 cents in medium quantities. It's commercial off-the-shelf stuff you can buy from DigiKey and have delivered in a few days.

      It's not a likely candidate for the chip that Bloomburg is crowing about, but it demonstrates the level of tech even available to the most casual off-the-street hacker to 'bug' existing hardware.

    27. Re:There's no There There by Cmdln+Daco · · Score: 1

      Whoops, my pricing is wrong. It's 40 cents in quantity 3000. Better up the budget, spooks.

    28. Re:There's no There There by Anonymous Coward · · Score: 1

      correction, "they say" they have 17 sources, all of which may be from the same group of people or may not exist at all as no other paper or news outlet has been able to find anyone able to corroborate the story.

    29. Re:There's no There There by sjames · · Score: 1

      But mysteriously, they haven't shown the photos to their readers.

    30. Re:There's no There There by AHuxley · · Score: 1

      Was the same with PRISM...

      --
      Domestic spying is now "Benign Information Gathering"
    31. Re:There's no There There by sjames · · Score: 2

      They SAY they have 17 sources, but all are conveniently anonymous. The only expert that was named says he was mis-quoted.

      Given the amount of doubt and multiple publioc challenges, you'd think that if they have anything to prove any of this, even to a preponderance of the evidence, they'd cough it up.

      Homo Sapiens were planted here by grey aliens from Sirius. I have proof but God told me not to publish that yet. Care for a nice refreshing cup of Cool Aid?

    32. Re: There's no There There by MachineShedFred · · Score: 1

      And yet they can't produce even one of thousands of server boards that were allegedly removed from the data centers after the denied discovery of alleged hardware.

      Where is the hardware if this is real?

      --
      Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
    33. Re: There's no There There by MachineShedFred · · Score: 3, Insightful

      Why is it on multiple companies to prove a negative, instead of Bloomberg showing the proof of their accusations?

      You have it completely backwards. If I say that that someone buggers goats and I have evidence I'd better be able to produce that evidence - it's not on the alleged goat-buggerer to somehow prove he hasn't buggered a goat.

      --
      Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
    34. Re: There's no There There by MachineShedFred · · Score: 1

      News organizations get taken on stories. It happens, even with rigorous attempts to confirm. The New York Times has been taken on some false stories not too far in the past due to over-zealous reporters that think they are on something big, and lose objectivity. It happens. And it's also why some news organizations don't run shit until they have two named sources on the record, so if it's horse shit they can point to where they got the bad information.

      Bloomberg won't name their sources, and they won't produce photos or the actual hardware to prove any of this. Until they do, it's horse shit that they shouldn't have run. This could end up being their Jayson Blair moment.

      --
      Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
    35. Re: There's no There There by Anonymous Coward · · Score: 0

      Chinese whispers

      That's just a racist version of Telephone.

    36. Re:There's no There There by Anonymous Coward · · Score: 0

      Bloomberg being wrong might be one aspect of the story, but it is not an answer to the most interesting open questions: Who placed the (false?) story and provided fake-evidence? And what was the motive for this action? Stock price manipulation? Political agenda to hurt Chinese manufacturers?

      Mere days before Bloomberg's publication on that Chinese Spy Chip story, which appeared on October 4th, 2018, Donald J. Trump ratcheting up his rhetoric against China, in almost every front --- trade, military, meddling in US election, and so on ...

      This is not a coincidence --- the Bloommberg's story was one of the many anti-China diatribes that had aired, and will continue to be aired.

    37. Re:There's no There There by The+Cynical+Critic · · Score: 1

      My suspicion is that it's probably not too dissimilar to the Polybius arcade game hoax, where a surprisingly convincing story was created by weaving together from real world events like MK Ultra program, urban legends and mythology that got quite famous in the early 2000s. In this case it's a number of news stories that when combined also make up a pretty convincing story, but most importantly one that is very hard to conclusively disprove.

      In other words this story seems to be an amalgamation of the following things:
      1. The Snowden leaks showing that the NSA had developed tech and procedures to intercept CISCO network hardware so that they could open up the boxes, install very hard to detect bugs in the firmware and then re-seal the boxes using seals forged by the NSA. It is generally thought that the NSA is probably not the only one that has been doing this.
      2. Very severe firmware vulnerabilities found in SuperMicro motherboards around 2015. Not only were these and SuperMicro's inability to fully fix the vulnerabilities well publicized, so was the fact that may companies, Apple included, actually removed these machines from their systems because of the security threat they posed.
      3. Simple computers the size of a grain of rice being presented to the world around 2015 and gaining a lot of media attention, even going as far as making the cover of Popular Mechanics. While these systems were really just smart sensors with a heavy level of miniaturization, people have for years been talking about more devious uses for the same technology.
      4. Widespread and well documented cases of cyber attack and espionage activities aimed at many American companies and government agencies by both private and national level entities in China. It's less one specific attack and more a barrage of attacks and attempts at them over the last decade or so.

      Add all of these up and you probably don't even need any malicious intent to make up a story like this, thou it probably will speed up the process. Conspiracy theorists after all pull together stories way more intricate than this from way less concrete source material so it's not implausible that this is just incompetence rather than malice. However I don't fault anyone for leaning either way as to how this conspiracy theory or game of telephone came to happen.

      --
      "Why should I want to make anything up? Life's bad enough as it is without wanting to invent any more of it."
    38. Re:There's no There There by Megol · · Score: 1

      According to Apple this story have been researched by the writers for over a year. Well, "researched".

    39. Re:There's no There There by Megol · · Score: 1

      Actually Apple would have gained a lot by saying this was true and that they detected the chips early long before deploying the servers. They could include a blurb of how they are security conscious in this modern world and always there protecting their customers from every conceivable threat.
      If they wanted to protect the company producing the servers they could then include how they quickly helped locating the bug, wasted no effort validating every server, provided services far beyond the expected ... - the usual bull.

      This could have been painted as positive for both Apple and Supermicro. Shown the world that nothing escapes the watchful eyes of these responsible companies in an increasingly dangerous world. Shown that there are people willing to add hard to detect modifications to mass produced products to be able to attack them, and plant the thought that while the heroes did detect the attempt other companies may not be as vigilant.

      I can't see a reason for Apple to deny this if it were true.

    40. Re:There's no There There by Pinky's+Brain · · Score: 1

      I assume that if NSA really wants to lowjack hardware they simply make their own chip of something already on the board, using some materials which react with nitric acid and/or some pyrophorics to make sure anyone trying to decap them won't get any evidence. Much lower chance of detection.

      In this purported case the Chinese could easily have done the same, why put a chip in between flash and the BCM instead of just putting an extra die in a custom flash chip and replacing the entire chip?

    41. Re:There's no There There by Pinky's+Brain · · Score: 1

      The entire point of this story was corruption of the supply chain, a huge conspiracy involving the factory bosses being bullied by the communist party.

      If it's just a couple computers it makes far more sense to simply intercept the computer during shipping and then quickly modify it.

    42. Re: There's no There There by Pinky's+Brain · · Score: 1

      Apple in particular has 100's billions worth of reputational mindshare build partially on protecting privacy ... lying has a significant monetary risk for them since every lie has the chance of being found out, what would offset that cost for them?

    43. Re: There's no There There by Anonymous Coward · · Score: 0

      This. Show the hardware. Show the photograph of the part, under enough magnification you can see at least what it looks like. Show the xray pics of the board traces. Show the signals from the part under test; show the test leads attached to the part under test.

      I'm not saying it didn't happen, but where's the evidence? The real, solid (non-hearsay) evidence?

    44. Re:There's no There There by Anonymous Coward · · Score: 0

      Precisely. Which is why a "But I Didn't Do It" doesn't acquit someone thusly accused.

    45. Re:There's no There There by tlhIngan · · Score: 1

      They have 17 sources, so that's one heck of a conspiracy theory once you fit that in. ;)

      What surprises me is how many people, even here at slashdot, hear a few executives making strong statements and they forget all about which is provable, positive statements, or negative statements?

      If it happened, and not everybody knew about it, do people who tried to find out about it but found nothing have evidence that nothing happened? Or do they only have no information?

      The way I see it, Bloomberg is making statements they haven't shown the proof to. But they claim they do have that proof. As these things normally go, the details would get dribbled out later. But the deniers, they're saying they don't have any proof at all. So they're claiming that they are ignorant of if it is true. And yet, they're also claiming that their ignorance means it didn't happen, which is clearly specious.

      Even the NSA, who doesn't make public statements even in situations where the country is known to have been attacked, is claiming that they're ignorant and their ignorance means something. Wowsers, people. Just wowsers. If that's what it takes to convince people you can prove a negative, they've been naive to be so quiet about so many important things for so long!

      You can't prove a negative. That's a known fact. (Prove to me you aren't a murderer, for example).

      What likely happened here is a general mixup - there is enough sprinkling of truth to the whole story that none of the companies involved can sue for defamation (it likely happened, it was caught, and that's why both Amazon and Apple dropped SuperMicro as a supplier). Add to it a bit of "I heard that X heard form Y that got it from Z..." to get some embellishment, and now you end up with a story that basically started out as "A couple of years ago Apple and Amazon both dropped SuperMicro as a supplier for unknown reasons... we think we know why" to "The Chinese are spying on everything right now and they've infected a major US telecom provider!".

      Both Amazon and Apple figured out what happened when they got those infected boards, and dropped SuperMicro. Quite likely they were working with the FBI or something to figure out if others were affected (they probably were) and thus were asked to keep quiet while other vulnerable companies were quietly notified and could inspect their machines.

      And thus, everyone is telling a part of the truth

    46. Re:There's no There There by rahvin112 · · Score: 1

      One of the bloomberg articles (I dont' recall if it was the followup or the first article) indicated there was a AWS datacenter with 30K of these supermicro motherboards in it. The article directly implies that the entire production line sometime in 2014-2015 was compromised with every server leaving the factory containing a chip.

      Did you read the article? If there was 30K in an AWS data center there were at least that many that didn't make it to AWS, the world would literally be flooded with these compromised boards, if they existed that is.

    47. Re:There's no There There by richi · · Score: 1

      the world would literally be flooded with these compromised boards

      Yeah, and all the land-based animals would literally be drowning...

    48. Re:There's no There There by Anonymous Coward · · Score: 0

      According to Apple this story have been researched by the writers for over a year. Well, "researched".

      And Trump has been whining about China ever since he still was a Democrat.

    49. Re:There's no There There by Anonymous Coward · · Score: 0

      Precisely. Which is why a "But I Didn't Do It" doesn't acquit someone thusly accused.

      Funny how you now actually claim that Apple is somehow the accused in the case of "China messed with Super Micro servers made in China".

    50. Re: There's no There There by Anonymous Coward · · Score: 0

      You are aware that if it was the NSA, the Bloomberg article is also wrong - remember that supposedly "Chine bugged those Super Micro servers". Or are you paranoid enough to believe that the NSA works together with China to spy on you.

    51. Re:There's no There There by Areyoukiddingme · · Score: 1

      Moreover, Apple and Amazon allegedly knew about these boards back in 2015, yet Apple didn't dump SuperMicro until 2016...

      There seems to be a persistent misunderstanding of the timeline. The initial detection wasn't, "Hey, I found a board with an amazing spy chip in it!" The initial detection was, " That's funny..."

      I could easily believe that it took a year of painstaking labor for the alleged Canadian security company to track down the source of the rogue packets on the boards they were sent. There are a lot more likely things in the system to be generating the traffic than a chip that shouldn't be there. I'm sure it took quite a long time to verify all the various pieces of the system, from the apps to the OS to all the various firmwares.

      ...and Amazon was still using SuperMicro boards as of just a few months ago. Are you telling me that they kept using boards from SuperMicro for a year or three after finding out about this issue?

      First year accounted for. Longer, if there was less concern initially, or a less vigorous investigation. After that, somebody has to decide what to do about it. You know damn well that nobody shifts tens of millions of dollars in business from one vendor to another overnight. There will be endless meetings, arguments, complaints, and bickerings, especially if the vendor's customer rep is a hot chick with a low cut blouse who somehow always has court-side seats for "her favorite VP". (Sounds sexist? You know it fucking happens.) Then once the decision is made, another vendor must be found, timelines must be established, samples produced, and contracts signed. That could easily take a year. Hell, getting samples from a new vendor could take a year all by itself. Companies wish they were more agile than that, but once they reach a certain size they aren't, because "due diligence" always transitions to "ass covering" and that takes time.

      If it later came out that Bloomberg was right, but that Apple and Amazon had chosen to make categorical denials despite knowing better, we'd lose count at the number of lawsuits and criminal charges filed against them. They'd have knowingly misled their shareholders, repeatedly engaged in fraud in public statements, and lied to Congress, among other crimes and illicit activities.

      When it comes to matters of national security, prosecutorial discretion kicks in hard. You can bet that any executive with material knowledge of the matter who is issuing categorical denials has a signed get-out-of-jail-free card squirreled away in a safe, so even if prosecution materializes, they're in the clear. But it won't. When the FBI tells the US Attorney "thou shalt not prosecute, oh, and turn over all notes and other material", the US Attorney hands over the file box and washes their hands of the matter.

      Personally I expect the denials to stand unchallenged and the whole thing to go away, with a black eye for Bloomberg. Unless they got their hands on an actual chip or board with the chip and are sitting on it, plus a plausible chain of custody, they won't be able to prove it, regardless of how true the story is.

      Is the story true? I bet it is. Just read about all the things the USSR pulled with the US embassy in Moscow. Governments will go to any lengths, no matter how foolish or ultimately useless, in the pursuit of advantage over other governments.

    52. Re:There's no There There by Aighearach · · Score: 1

      OK, sjames, since you're a kid who was born yesterday, I'll just give out the spoiler:

      journalists protect their sources, that isn't information you ever have been receiving in your life when these things get reported on. Journalists sometimes even go to jail rather than tell you who their sources were. No, that isn't information you were reasonably expecting to get. And in this case, it would obvious endanger the actual physical lives of the sources.

      Now, are you really sure you didn't already know all that? Really?!

    53. Re: There's no There There by Aighearach · · Score: 1

      Why is it on multiple companies to prove a negative,

      I didn't say it is "on them" to prove a negative, I said they're claiming to have already proven the negative, that's their whole denial!

      The lie is on them, not the requirement to lie. ;)

    54. Re:There's no There There by Aighearach · · Score: 1

      You can't prove a negative. That's a known fact.

      If you stopped right there you'd be spot-on. But then you started equivocating about how in this case, they get to pretend they can prove a negative, because you proposed a hypothetical that sounds self-consistent to you. But actually, nobody has the level of detail that would be needed to prove anything, other than potentially Bloomberg.

      The parts of what you said that are factual could actually be part of a different event that happened concurrently. You don't even have enough detail to know that much.

      Just because it is psychologically unpleasant to not know answers, that doesn't mean that the least-bad answer you have the details to support is automatically true. It might just mean that the answers won't come out until some time in the future. It might even be we never get to know the truth. It would still be true, though; even in that state of complete failure to ever know, it would still be incorrect to claim that a negative can be proven. It's hard, I know.

    55. Re:There's no There There by Aighearach · · Score: 1

      Lack of detail in a story does not imply an absolute in a continuous tense. That would make every story in every newspaper false.

      Instead, lack of detail in the phrasing only implies a lack of detail in the knowledge.

    56. Re:There's no There There by sjames · · Score: 1

      Since I don't have a time machine to fix your being apparently raised by wolves, I'll just mention that they also mis-quoted the only named expert and they haven't even managed to show us a picture of an affected board (they did, however, show us utterly useless pictures of generic un-hacked boards and a harmless signal conditioner in order to leave the impression that they had presented photographic evidence).

  3. OMG! It's not true?? by Anonymous Coward · · Score: 0

    If we can't trust Bloomberg, then who can we trust? It's almost as if the media companies are making shit up to fit their story narrative!

    1. Re: OMG! It's not true?? by Anonymous Coward · · Score: 0

      Most of the Democratic Party aligned press couldn't carr less unless Stormy Daniels or Vladimir Putin were involved...

    2. Re: OMG! It's not true?? by Anonymous Coward · · Score: 0

      Or Apple and the US are worried about disripting the supply chain with China and are willing to bend the truth beyond recognition to prevent further supply disruptions.

      The denials wouldn't seemingly apply to a firmare hack. Really the denials only seem to apply if the chips themselves were replaced with different hardware.

  4. Re:where is the FTC ? by Anonymous Coward · · Score: 0

    I so want to mod this Funny

  5. Re:OMG! It's not true?? by The+Original+CDR · · Score: 1

    Bloomberg violated the first principal of good journalism: if it bleeds, it leads. Motherboards don't bleed.

  6. "'gina" by Anonymous Coward · · Score: 0

    China calls for AWS and Apple to call for retraction of spy story.

  7. Sure buddy... by Anonymous Coward · · Score: 0

    " If somebody decides to go down that path, it means that they don't care about the consequences,' Stathakopoulos says.'"

    Yeah, like China cares.

    In case you missed it, China recently "disappeared" the head of INTERPOL, if they can do that without repercussions, they can do anything.

    1. Re: Sure buddy... by Anonymous Coward · · Score: 0

      Did that guy ever surface again, the media, as is typical, dropped their coverage...

      And begs the question, why the hell did interpol have a communist party former minister running their shit... Quite dodgy indeed..

  8. I've heard this before... by grasshoppa · · Score: 1

    They offered no proof, story kept changing, and showed no interest in our answers unless we could validate their theories," Jassy wrote in a tweet on Monday.

    Wait, that sounds familiar.

    --
    Mod me down with all of your hatred and your journey towards the dark side will be complete!
  9. It depends on what the meaning of "SEC" is by raymorris · · Score: 2

    They denied it, then denied it more fully, then followed up with a more clear and forceful denial. If it turns out to be true, the SEC will decide which executives they want to put in prison for material false statements.

    The amount and type of denials aren't necessary and wouldn't be appropriate if the story was actually true. The executives have no reason put themselves at risk denying it in the *manner* that they have. If it were true, they'd very much want to use more Clintonian statements like "we have no knowledge of China installing a surveillance chip". That statement is technically true if they know *someone* installed a surveillance chip, but don't know that China did it. That denial would be true if they know that China installed a rogue chip, but don't know that it's necessarily a surveillance chip.

    If it were true, I'd expect a detail like ""we have no knowledge of China installing a surveillance chip", something that is technically true so they'd at least have some negotiating room when the SEC comes after them for material false statements.

    1. Re:It depends on what the meaning of "SEC" is by Aighearach · · Score: 1

      Wow, even Ray Morris got confused by this story! He's not sure anymore which is provable, positive statements, or negative statements? If it happened and people who didn't know actually didn't know, does that mean they did know?!

      You have no idea if the executives would be in jeopardy or not, because there are no public facts about if they're being directed to make the statements by the government. It is quite obvious that any public knowledge of the necessary information will only come out at a much later stage.

      It doesn't matter how strong the denials are; making a negative statement using stronger language doesn't somehow make the negative statement provable; it doesn't somehow imply that if it didn't happen, they would know that.

      If it did happen, people with knowledge of it have knowledge of it. If it didn't happen, nobody has any knowledge of it! Their strong statements prove themselves to be lies, because if it didn't happen then they have no evidence one way or the other! They would only be able to make a very weak denial if they want to still be truthful. They're claiming to have absolute knowledge of something not even knowable.

    2. Re: It depends on what the meaning of "SEC" is by Anonymous Coward · · Score: 0

      No.
      They're making statements which, if false, lands people in jail. If they knew anything they'd be using language with "wiggle room" but which sound just as strong to people with poor comprehension skills, like you.

    3. Re:It depends on what the meaning of "SEC" is by jezwel · · Score: 1

      They denied it, then denied it more fully, then followed up with a more clear and forceful denial. If it turns out to be true, the SEC will decide which executives they want to put in prison for material false statements.

      Does national security (NSA) override the SEC? If so, it doesn't matter that the companies might be lying about these chips - they won't be prosecuted as that would expose what's going on.

    4. Re:It depends on what the meaning of "SEC" is by Daralantan · · Score: 1

      That depends on what your definition of is is.

  10. LOL fell for the "added chip" LOL! by Anonymous Coward · · Score: 0

    The "chip" is part of the CPU! Haven't you seen the video posted here of the Via root hack??!?

  11. Hardware security was punnetrated by Tablizer · · Score: 1

    So Amazon is chipping in.

    --
    Table-ized A.I.
    1. Re: Hardware security was punnetrated by Cmdln+Daco · · Score: 1

      I've bought microcontrollers on Amazon, so... yes.

  12. They don't understand mainstream journalism... by Anonymous Coward · · Score: 0

    retractions are only made if they are absolutely forced to. Even then the original article will be left nearly intact with and asterix at the bottom grudgingly admitting the whole article is a fraud.

  13. Re: OMG! It's not true?? by Anonymous Coward · · Score: 0

    Obvious Russian troll is obvious.

  14. Now I believe it even more by Anonymous Coward · · Score: 0

    The more people who push for a retraction, the more I believe it really happened. Maybe it's not the Chinese, though. Maybe it's the NSA or something. Either way, someone really got caught with their hand in the cookie jar, and they are trying very very hard to squash the story.

    1. Re: Now I believe it even more by Cmdln+Daco · · Score: 1

      There will inevitably be a bit of a Streisand effect.

  15. THERE WILL BE CONSEQUENCES FOR YOUR LIES KEN DOLL by Anonymous Coward · · Score: 0

    THERE WILL BE CONSEQUENCES FOR YOUR LIES KEN DOLL FOR YOUR ENTIRE FAMILY.

    Filter error: Don't use so many caps. It's like YELLING.

    Filter error: Don't use so many caps. It's like YELLING.

    Filter error: Don't use so many caps. It's like YELLING.

    Filter error: Don't use so many caps. It's like YELLING.

  16. Re:OMG! It's not true?? by Anonymous Coward · · Score: 0

    You violated the first principle of being an author: know how to write.

  17. Re:OMG! It's not true?? by Anonymous Coward · · Score: 0

    To quote a Richard Bachman reviewer: "Thinner is the book that Stephen King could write if he knew how to write."

  18. Wouldn't one consult NSA first? by Anonymous Coward · · Score: 0

    If such a chip was found then the first thing a reporter would/should do is consult with the NSA in case it was one of their chips.

    But if they did that it would put the NSA in a difficult position. If they said it was their chip then they would surely prevent publication of the story. But they could never admit it was their chip. Therefore their response would always be denial. Instead they would need to find some other excuse to prevent publication of the story. And if they didn't prevent publication of the story then that could be construed as a tacit admission that it was not one of their chips. So I reckon the NSA would always deny it was one of theirs, and they would always prevent publication of such a story.

    Therefore it can be conclusively proved that either Bloomberg never contacted the NSA before publishing their story or that this story emanated as deliberate misinformation from the NSA itself.

  19. Re:OMG! It's not true?? by Anonymous Coward · · Score: 0

    Even he knew how to spell, you fucking weirdo.

    You're like this freak. They laughed at him too, Chris.

  20. Re: obvious source by Anonymous Coward · · Score: 0

    It's pretty obvious that the "source" for this story is Russia.

  21. the for the by Anonymous Coward · · Score: 0

    for the for the for the for the for the for the for the for the for the for the for the for the for the for the for the for the for the for the for the for the for the for the for the for the for the for the for the for the for the for the for the for the for the

    Your comment violated the "postercomment" compression filter. Try less whitespace and/or less repetition.

  22. Why retract? by Anonymous Coward · · Score: 0

    If thereâ(TM)s nothing behind Bloomberg story why big Aâ(TM)s donâ(TM)t sue ?

    1. Re: Why retract? by MachineShedFred · · Score: 1

      Using would require both discovery and proving damages. These companies really don't want the defense digging through their records and datacenters for reasons that should be obvious, and proving damages would be difficult if not impossible.

      --
      Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
  23. Re:OMG! It's not true?? by Anonymous Coward · · Score: 0

    Even he knew how to spell, you fucking weirdo.

    Using the wrong word is a grammar error and not a spelling error. One of Stephen King's greatest fear was that the publisher would publish his manuscript as is rather than be given editorial consideration. His errors tend to generate bags of fan mail back in the day.

    They laughed at him too, Chris.

    Does anyone care about what the peanut gallery have to say? It's easy to criticize creative people when you have nothing to offer society.

  24. Re:OMG! It's not true?? by Anonymous Coward · · Score: 0

    Please describe what grammar you wanted to achieve with "principal". A homophone is the definition of a spelling error, no matter how many italics you use.

    "One of Stephen King's greatest fear"

    See? I knew if you applied that "mind" of yours you could make real grammar errors! You wanted "fears". That's your crammar!

    "Does anyone care about what the peanut gallery have to say? "

    Um, you?

    " It's easy to criticize creative people when you have nothing to offer society."

    OK, I'll bite, which creative person are you referring to?

  25. Not exfiltrating data, but for killing datacenters by Anonymous Coward · · Score: 0

    This isn't about stealing data - it's about killing servers in case of a war (remember the gulf war, the US disabled remotely all the telecoms kit the iraqis used?)

    All you need is something tiny like, er, and ATTiny chip that's 1mm in size to do this, an MCU with a small receiver inbuilt

    Stick that on a reset line, or get it to pull a data line/address line high on a computer, and you've effectively stopped that kit from working. VCC (or another quieter track) can be your antenna which listens in for the magic 'kill thyself' signal/code

    War breaks out or you want to take over a country, simply send your signal out, and all of a sudden any infastructure using that motherboard/kit stops working causing maximum disruption (which is EXACTLY what you want when you're taking over the 'enemy')

    Those nice warships running windows and other stuff? Well, that'll be fucked warship time then won't it.

    No telecoms because call routing PCs won't boot up.

    No datacentres because servers or routers won't work.

    Power stations crapping out because, you know, cooling and safety systems stopped working.

    The threat of this shit is quite real. Especially when you don't need to exfiltrate data, just 'kill kit'. At least nobody has wondered if you could hide an attiny/etc on a bit of silicon in a larger chip (northbridge, pcie controllers, sata controllers, etc, etc, - again, all you need to do is jam a single data/address line high, or generate a metric fuck-ton of interrupts)

  26. Pictures? by Anonymous Coward · · Score: 0

    If this story is true, wouldn't there be pictures of the spy chips on the motherboards? Or even X-rays proving their existence (in case the chips were somehow hidden within the board)? I trust Bloomberg, but this story does seem to not hold up to scrutiny.

  27. Jail time? No way. by zerofoo · · Score: 1

    I don't really know if the Bloomberg article is true, but if you believe that guys like Jeff Bezos or Tim Cook will EVER see the inside of a jail cell, I have a bridge to see you.

  28. Re:OMG! It's not true?? by Anonymous Coward · · Score: 0

    It be great if chris was worry about his write as much as care about markup his crap posts. At least he didn't feel the need to to everything

  29. Fake news by Anonymous Coward · · Score: 0

    At some point you have to go with the "simplest answer is correct", which means that Bloomberg is wrong in this case. The real question to my mind is, how did they go so badly wrong.

    Bloomberg was intentionally being deceptive, of course. Fake news.