AWS CEO Andy Jassy Follows Apple In Calling For Retraction of Chinese Spy Chip Story

An anonymous reader quotes a report from CNBC: Andy Jassy, the CEO of Amazon Web Services, followed Apple's lead in calling the for the retraction of Bloomberg's story about spy chips being embedded in servers. "They offered no proof, story kept changing, and showed no interest in our answers unless we could validate their theories," Jassy wrote in a tweet on Monday. "Reporters got played or took liberties. Bloomberg should retract."

Apple CEO Tim Cook told Buzzfeed on Friday that the scenario Bloomberg reported never happened and that the October story in Bloomberg Businessweek should be retracted. Bloomberg alleged data center hardware used by Apple and AWS, and provided by server company Super Micro, was under surveillance by the Chinese government, even though almost all the companies named in the report denied Bloomberg's claim. Bloomberg published a denial from AWS alongside its own report, and AWS refuted the report in a more strongly worded six-paragraph blog post entitled "Setting the Record Straight on Bloomberg Businessweek's Erroneous Article." Further reading is available via The Washington Post.

"Sources tell the Erik Wemple Blog that the New York Times, the Wall Street Journal and The Post have each sunk resources into confirming the story, only to come up empty-handed," the Washington Post reports. "(The Post did run a story summarizing Bloomberg's findings, along with various denials and official skepticism.) It behooves such outlets to dispatch entire teams to search for corroboration: If, indeed, it's true that China has embarked on this sort of attack, there will be a long tail of implications. No self-respecting news organization will want to be left out of those stories. 'Unlike software, hardware leaves behind a good trail of evidence. If somebody decides to go down that path, it means that they don't care about the consequences,' Stathakopoulos says.'"

There's no There There

[SuperKendall]

If it were just Apple, or Amazon claiming the story was false I'd be dubious.

But it's both companies. And the NSA, and every other news organization that has gone looking. All are coming up blank on this.

At some point you have to go with the "simplest answer is correct", which means that Bloomberg is wrong in this case. The real question to my mind is, how did they go so badly wrong.

Re:There's no There There

[Actually,+I+do+RTFA]

how did they go so badly wrong.

IIRC, they had a single source who claimed it, and showed pictures of the mobo to the reporters. The reporters then showed the photos to a computer expert who agreed that that chip looked suspicious and could be a spy chip. Further, that he couldn't identify another good reason for the chip.

The original source may have had other documentation, but that's all I've seen so far.

Re:There's no There There

[ffkom]

Bloomberg being wrong might be one aspect of the story, but it is not an answer to the most interesting open questions: Who placed the (false?) story and provided fake-evidence? And what was the motive for this action? Stock price manipulation? Political agenda to hurt Chinese manufacturers?

Re:There's no There There

[thegarbz]

Single source, photo not hard evidence, expert using words like "could".

You'd want to have more than that when you make an accusation affecting the worlds biggest companies.

Re:There's no There There

[Tablizer]

At some point you have to go with the "simplest answer is correct", which means that Bloomberg is wrong in this case.

I wouldn't go that far. It's more reasonable to say the simplest answer shall be considered "the default assumption" or "the most likely". (See Occam's razor.)

Re:There's no There There

[Anubis+IV]

Every organization involved has a strong, strong motive to deny this

That isn't even remotely true. Were the story true in part or whole, they'd have plenty of reasons to make couched denials or to keep their mouths shut, but they wouldn't have any reason to make the categorical denials they've been making. Categorical denials can come back to bite them.

If it later came out that Bloomberg was right, but that Apple and Amazon had chosen to make categorical denials despite knowing better, we'd lose count at the number of lawsuits and criminal charges filed against them. They'd have knowingly misled their shareholders, repeatedly engaged in fraud in public statements, and lied to Congress, among other crimes and illicit activities. And both companies have had C-level executives signing their names to these statements, including those being made to Congress, meaning that real people are putting themselves on the hook for what these companies are claiming. There would be jail time.

Had they come out with couched, non-denial denials that made it clear that they were merely denying certain facts of the story, that'd be one thing, but they're all outright saying that Bloomberg got the story wrong, and not just in part, but in full inasmuch as it relates to each of them. Apple says that they have no awareness of the things they're supposedly aware of. Amazon says the same. The FBI says the same. Other newspapers have been unable to come up with any corroborating evidence. Bloomberg has failed to produce a single person with firsthand knowledge who is willing to speak on the record, let alone produce the chip itself, which would be the smoking gun that could silence all criticism.

Also, it's clear you don't even know what the implications are of the alleged chips. Amazon allegedly picked up these boards when it acquired Elemental. They weren't a part of AWS. Hell, they weren't even connected to the Internet. And Apple allegedly had these boards in their data centers (side note: Apple never even had the number of SuperMicro boards that Bloomberg claimed were affected), so we're not talking about a phone compromise.

Moreover, Apple and Amazon allegedly knew about these boards back in 2015, yet Apple didn't dump SuperMicro until 2016, and Amazon was still using SuperMicro boards as of just a few months ago. Are you telling me that they kept using boards from SuperMicro for a year or three after finding out about this issue?

Come on.

Re:There's no There There

[rahvin112]

If this spy chip had been implanted into that many motherboards there would be copies of it all over the place for people to study. This is why the NSA doesn't modify actual hardware, everything is in software where they have plausible deniability.

Spy chips create physical evidence and I doubt even China is dumb enough to go that route.

Re:There's no There There

[bloodhawk]

Its quite easy for them to get it so badly wrong. As the information gets passed from one person to the next, usually with those that don't understand what they are looking at it morphs (like Chinese whispers), alternatively you get the problem of reporters paying for valuable stories which encourage sources to "embellish" their information to make it more sellable, combined with reporters not making the effort to cross check and validate the information.

Re:There's no There There

[sjames]

They SAY they have 17 sources, but all are conveniently anonymous. The only expert that was named says he was mis-quoted.

Given the amount of doubt and multiple publioc challenges, you'd think that if they have anything to prove any of this, even to a preponderance of the evidence, they'd cough it up.

Homo Sapiens were planted here by grey aliens from Sirius. I have proof but God told me not to publish that yet. Care for a nice refreshing cup of Cool Aid?

Re: There's no There There

[MachineShedFred]

Why is it on multiple companies to prove a negative, instead of Bloomberg showing the proof of their accusations?

You have it completely backwards. If I say that that someone buggers goats and I have evidence I'd better be able to produce that evidence - it's not on the alleged goat-buggerer to somehow prove he hasn't buggered a goat.

It depends on what the meaning of "SEC" is

[raymorris]

They denied it, then denied it more fully, then followed up with a more clear and forceful denial. If it turns out to be true, the SEC will decide which executives they want to put in prison for material false statements.

The amount and type of denials aren't necessary and wouldn't be appropriate if the story was actually true. The executives have no reason put themselves at risk denying it in the *manner* that they have. If it were true, they'd very much want to use more Clintonian statements like "we have no knowledge of China installing a surveillance chip". That statement is technically true if they know *someone* installed a surveillance chip, but don't know that China did it. That denial would be true if they know that China installed a rogue chip, but don't know that it's necessarily a surveillance chip.

If it were true, I'd expect a detail like ""we have no knowledge of China installing a surveillance chip", something that is technically true so they'd at least have some negotiating room when the SEC comes after them for material false statements.

Re:Well, duh...

[rtb61]

Public company, short the stocks, spread a story voila big profits to be made. It's all part of the corporate wars, using various criminal methods and attack and destroy other corporations, spreading misinformation just a minor part, computer hacking of all kinds, corrupting staff in competing companies and you can expect targeted assassination to follow. American special services are no bragging about post employment for profit assassination program. So take out a critical executive, at a critical time, can cripple a corporation, done right there in GTAV or is that GTGV(grand theft gaming), that hacks certainly are and it is contractors hacking contracts because that is the way the fuckwit US government decided to go in all of its grand idiocracy.

Follow the money.

Re:Well, duh...

[_merlin]

My experience with them is a few years old, and it's from the finance industry, so not directly related to using them for cloud services. SuperMicro sells on price and density. SuperMicro have products that are two complete, fully independent servers in a 1U rack enclosure. They're also very cheap. Now to achieve this, something's got to give, so there are some compromises.

SuperMicro servers aren't as feature-rich as something you'll get from Dell or HP. For example the out-of-band management isn't as sophisticated, the storage controllers aren't as configurable, and you don't have as many options for NIC modules. The build quality isn't spectacular either - they're definitely not as physically robust or convenient to work on as a Dell PowerEdge.

In terms of performance, they weren't really competitive with Dell or IBM for single-CPU throughput or wire-to-wire latency. Whether this is important or not depends heavily on your application. If you're doing something like online transaction processing where latency isn't critical, you might get better overall performance by going with SuperMicro and making the most of the higher density and lower price. But that's not going to help you if your application depends on good wire-to-wire latency.

Failure rates weren't much worse than HP really. After-sales support from SuperMicro isn't great, but remember you're paying a lot less. If you're prepared to do more of your service/support in-house rather than dealing with the manufacturer or a value-added reseller, SuperMicro might be better value.

TL;DR SuperMicro's offerings aren't as good in terms of performance, build-quality and vendor support, but they try to make up for it with low cost and high density. Depending on your application, it may be a win.