Amazon Has Pulled Ads From Bloomberg Over Controversial 'Big Hack' Chinese Spy Story; Apple Has Not Invited Outlet's Reporters To a Product Event Next Week

Both Amazon and Apple are taking retributive measures against Bloomberg, which in a report earlier this month alleged that some motherboards used by these companies were hacked by China. From a report: Amazon pulled its fourth quarter advertisements on Bloomberg's website, a move some within the media giant think is retribution for its controversial story alleging that Chinese spies hacked into the online retailer's servers. According to a source in position to know, Amazon's digital media buyer, Initiative, informed Bloomberg's sales staff on October 16 that it would cancel its ad buys for the fourth quarter due to budget cuts. Internally, the source said, the staff received that decision, made only eight days after a previous communication with Initiative confirming that the ads would run, as a direct response to Amazon's displeasure over the October 4 story. (Amazon announced Thursday that its marketing expenses for Q3 2018 were 3.3 billion dollars, up more than 800 million dollars from the year before.) [...] According to multiple sources, Bloomberg was not invited to Apple's fall product event next week in Brooklyn. Further reading: In an Unprecedented Move, Apple CEO Tim Cook Calls For Bloomberg To Retract Its Chinese Spy Chip Story.

But no lawsuit....

They don't want to go through discovery, they just want to bury the news.

Re:But no lawsuit....

They don't want to go through discovery, they just want to bury the news.

You mean bullshit; because the entire article was bullshit.

It reeks of a hatchet job planted by Trump's camp followers going after "Leftist Apple" and the "Chinese".

Re:But no lawsuit....

[alvinrod]

It would be difficult to actually succeed with a lawsuit, as they would first have to demonstrate that they've suffered some material harm from this. Realistically, if anyone had a chance of doing that, it would be Super Micro as opposed to Apple or Amazon. Neither Apple or Amazon have seen their stock fluctuate wildly enough that it would be easy to point to this story as the only (or even primary) cause. Super Micro on the other hand had their price drop to about half of what it was prior to the announcement.

I think companies are also a little reluctant to sue mainstream press, even when they think they've been hit with a hatchet job. Like any group, the press don't like attacks against their own from outside. They might call each other left/right wing mouthpieces, but they'll put that aside if anyone starts going after the freedom of the press as a whole. A big company is better off just dragging the news agencies name through the mud. The competing news agencies won't mind too much (or might even join in) and a lawsuit is going to be difficult to win and cost the company more than they get.

Re:But no lawsuit....

[TheFakeTimCook]

It would be difficult to actually succeed with a lawsuit, as they would first have to demonstrate that they've suffered some material harm from this. Realistically, if anyone had a chance of doing that, it would be Super Micro as opposed to Apple or Amazon. Neither Apple or Amazon have seen their stock fluctuate wildly enough that it would be easy to point to this story as the only (or even primary) cause. Super Micro on the other hand had their price drop to about half of what it was prior to the announcement.

I think companies are also a little reluctant to sue mainstream press, even when they think they've been hit with a hatchet job. Like any group, the press don't like attacks against their own from outside. They might call each other left/right wing mouthpieces, but they'll put that aside if anyone starts going after the freedom of the press as a whole. A big company is better off just dragging the news agencies name through the mud. The competing news agencies won't mind too much (or might even join in) and a lawsuit is going to be difficult to win and cost the company more than they get.

That's a perfect, and reasonable, explanation.

Thanks!

Re:But no lawsuit....

ya a hatchet job and bloomberg is helping trump lol .... how warped is your mind?

Re: But no lawsuit....

Lol self delusion has taken over slash

Re:But no lawsuit....

You're accusing Bloomberg planting a pro-Trump hatchet job against Apple and "the Chinese"?
You're accusing a highly-reputable business news company of planting a political hatchet job that doesn't mention politics?
Most absurdly, you're accusing a magazine owned by Leftist politician Michael Bloomberg of running PRO-TRUMP stories?!

There's something wrong with you.

Re:But no lawsuit....

Prove it liar.

Re:But no lawsuit....

[RevDobbs]

Bloomberg helping Trump? Really? That is highly unlikely.

Re:But no lawsuit....

You're accusing Bloomberg planting a pro-Trump hatchet job against Apple and "the Chinese"?
You're accusing a highly-reputable business news company of planting a political hatchet job that doesn't mention politics?
Most absurdly, you're accusing a magazine owned by Leftist politician Michael Bloomberg of running PRO-TRUMP stories?!

There's something wrong with you.

Logical Fallacy: Appeal to absurdity.

Slapping a chip on a board won't do anything like what they claimed it would do; they would need to completely redo the board for the needed connections to get the desired effects and that would be obvious by visual inspection--not just a piece of dust on the board. (Even if the chip contained something small like BIOS tweaks to upload a malicious payload to the CPU. ) Then they would need to enable remote connections through the firewall and bypass the IDS for the chips to actually do something useful, like spying, for them.

The behavior and design of those boards is known well in advance because they have to fit in a certain cabinet and model the thermodynamics and power use of the boards to keep them from overheating once they're in place. It's not just picking a bunch of components, slapping them on a board, then watching them work. But thats apparently what Bloomberg and it's readers think.

Re:But no lawsuit....

[DarkOx]

Well personally I don't see legitimate libel or slander suits against press organizations as limiting press freedoms; at least not in the US - where proving the statement is true is a sufficient defense of either of those civil actions.

I also think the media gets a pass on using weasel words like "alleged", and "claims" etc. I am fine with it as long as they name their sources - tell me who claims or who alleges blah blah put a spy chip on the motherboards or he sexually assaulted her or whatever. We can than hold that person responsible for making defamatory statements in public. However if the media does this with anonymous sources than THEY should bear the responsibility for defamation if they can't prove it was true. They are the press its their F'ING JOB to corroborate they things they are reporting after all.

 

Re:But no lawsuit....

Absolutely, they also did these mailed packages to dems recently, shot the senators at the ball field, checked with Putin often, put forth Blasey-Ford, and actually set up Hillary's server for her. Trump is very interested in your bowel movements too.
You forgot to mention the gay angle regarding Apple, c'mon, you are not trying hard enough.

Re: But no lawsuit....

Oops

Re:But no lawsuit....

[farble1670]

There's something wrong with you.

Nothing wrong with him at all. He's paid by his Russian overlords to spew FUD on western websites. The man's gotta eat right?

Re:But no lawsuit....

Bloomberg helping Trump? Really? That is highly unlikely.

Read the article, then learn how computers work and re-read the article and you'll see it's nothing but bullshit crapping on organizations that Trump sees as enemies. (Not to mention the xenophobic bullshit about meetings conducted in Mandarin. )

Re:But no lawsuit....

[93+Escort+Wagon]

That's a perfect, and reasonable, explanation.

I agree - there's no place for that sort of thing on Slashdot.

Re:But no lawsuit....

and now you see how far their hate and vile goes trying to blame Trump in any way possible. Next they will blame him for the holocaust.... oh wait... they tried.

Re: But no lawsuit....

Really....Trump. eeee gads, you anti Trump at any cost folks are nuts

Re:But no lawsuit....

[TheFakeTimCook]

That's a perfect, and reasonable, explanation.

I agree - there's no place for that sort of thing on Slashdot.

;-)

Re:But no lawsuit....

[gweihir]

Which is interesting. Other buried bodies they want to keep hidden or is there actually some truth to the story? Technologically, the attack would be possible. I could do this myself, except for the miniaturization and hiding in a signal-filter. (A signal-filter has no business being in an SPI-connection, BTW.)

The only thing that did not make sense to me was the claim that the attack-devices in later cases were hidden inside the PCB. That makes no sense at all as it is easier to detect (X-Rays, maybe even simple light), and is immediately hugely suspicious if found. It is also very difficult as it would need to be done before PCB lamination, a time where the process does expect that no components are present. At the same time, if somebody checks whether what comes out the FLASH arrives the same at the CPU (again, not difficult to do), it does not matter where the manipulation device is hidden, the changes would be extremely obvious.

Re:But no lawsuit....

The man's gotta eat right?

Dicks... big ol bags of dicks.

Re:But no lawsuit....

[Aighearach]

Demanding reporters name anonymous sources so that they can have their lives ruined is about the stupidest thing you could possibly come up with to say about the situation, regardless of what you think really happened.

Re:But no lawsuit....

[Aighearach]

Hidden inside the motherboard, or inside an ethernet socket on the motherboard?

If really inside, yeah, that is not a big deal to achieve. Remember, without all the plastic and the leads most microcontrollers would fit on a pinhead. It would be no big deal to slap an unpackaged micro with only bond wires stuck between two comm pads. No need to worry about altering the flash or whatever, you're not fiddling with the CPU; you're just monitoring network data and sometimes inserting packets. If you also have the memory bus, you have whatever you want, whenever you want, as long as it is small. Like an encryption key.

You don't even need power or ground, you can just use the signal power, as is done with rfid tags. Minimum three total connections for two buses, which is the world.

It would be really hard to notice something like that, even on an xray, because you wouldn't even be looking at the traces in that detail with that tool.

I don't think it is normally done but that doesn't guarantee that it would be that hard to achieve if they hired crafty engineers and were able to embed even just a single technician in the factory. Especially if you're just trying to slip it into a few systems to harvest keys so you can get a foothold in networks.

Re:But no lawsuit....

I bet Apple is waiting for Amazon to sue and foot the bill, and Amazon is waiting for Apple to suit and foot the bill.

Neither wants to pay, and know that the other very well might, so they're playing chicken with each other.

Re:But no lawsuit....

... most microcontrollers would fit on a pinhead. It would be no big deal to slap an unpackaged micro with only bond wires stuck between two comm pads. No need to worry about altering the flash or whatever, you're not fiddling with the CPU; you're just monitoring network data and sometimes inserting packets. If you also have the memory bus, you have whatever you want, whenever you want, as long as it is small. Like an encryption key.

You don't even need power or ground, you can just use the signal power, as is done with rfid tags. Minimum three total connections for two buses, which is the world.

It would be really hard to notice something like that, even on an xray, because you wouldn't even be looking at the traces in that detail with that tool.

Since you are such a PRO (you sure tried very hard to sound like one) why don't you provide us with a SCHEMATIC to prove whatever you've uttered is even remotely achievable?

This is Slashdot, where people believe in proofs, not bullshit .

Re:But no lawsuit....

[mysidia]

a lawsuit is going to be difficult to win and cost the company more than they get.

Uhm... Apple/Amazon don't care about that. Their brand is everything to them, and if they have/had acase: I'm sure their lawyers would be all over it.

Bloomberg's story might not be 100% accurate, but there's probably some truth to it that these companies NEED to hide that would come out in the lawsuit which would could damage their bottom line ---- better to keep it quiet and cast as much doubt as possible.

Also; I'm sure they're aware of the Streisand effect. Best to retaliate and continue pressuring the offending party quietly.....

Re:But no lawsuit....

[gweihir]

The claim was inside the PCB. The Ethernet socket lacks the connections for this attack. You can do others via the Ethernet socket though, especially if the ever-vulnerable Intel remote management engine is present. Still can be found easily via industrial x-ray. Nobody has that at home, but students, for example, may be able to access one at their university.

Re:But no lawsuit....

[gweihir]

This is pretty easy to do with the right resources. If you cannot see that, then you have no place in this discussion. You basically need an SOC with integrated Ethernet PHY. Of course, you need the naked chip and you need to program it in that form, and you need to be able to bond it. Still within reach of a university chip lab with some industry connections for example.

Re:But no lawsuit....

[DarkOx]

No I am not saying they have to name their anonymous sources. I am saying they either take responsibility for the information being factual or don't report it. Named sources are responsible for their statements antonymous sources; are not news worthy unless the can be corroborated.

An anonymous source says such and such and da da duh happened -> NOT NEWS

This reporter learned from an anonymous source that blah blah may have happened, after investigating the matter $NEWSORG found the following evidence to support the claim -> NEWS

100% of their hardware is compromised.

You must be a complete cretin to still not realize this. 100% of all consumer-available computers are fully backdoored. Get it through your thick skulls already.

Re:100% of their hardware is compromised.

Not 100% of all backdoors are utilized by 100% of possible uses or groups. If China has backdoors into US server farms touching major networks, that's a lot different than NSA having similar access. A lot different. Stop being dumb.

Re:100% of their hardware is compromised.

[king+neckbeard]

Yeah, I'd be a lot more concerned about NSA backdoors. The Chinese government is much less likely to have a beef with me.

Re:100% of their hardware is compromised.

[Luckyo]

With you personally? Probably not. With company employing you? Almost certainly.

Re:100% of their hardware is compromised.

[farble1670]

With you personally? Probably not. With company employing you? Almost certainly.

Also, they might have a beef with the government that protects you. You know, the one that keeps them from driving a tank over your house?

Re:100% of their hardware is compromised.

Better than driving tanks over students I suppose.

Re:100% of their hardware is compromised.

[Harinezumi]

[citation needed]

Re:100% of their hardware is compromised.

> The Chinese government is much less likely to have a beef with me.

You don't understand China the slightest. They are brutal, uncivilized and crazy serious about total control. E.g. the past weekend their riot police beat up 14-16 y.o. kids at a Beijing venue for the heinous crime of daring to stand up and clap during the official "live" concert of Hatsune Miku, that japanese anime hologram pop idol.

Strangely, the incident story and video weren't even published on the Mikufan.com news hubsite, but only on Reddit. Turns out chinese officials warned Mikufan's admin he would be censored from receiving further chinese-related Vocaloid news should he dare to mention the incident and may not even enter the country for the Sanghai concert. (Note: Vocaloid is the singing software which powers Miku and several other virtual idols.)

Now consider how absolutely minor and niche the fully computer synthesized idol singer genre is, compared to say K-pop or even eurodisco. Yet the chinese still want total control of people's behaviour and information dissemination even in such a marginal subculture.

On a totally different level, China, just like Russia loves to get rid of people they find no longer useful or threatening to those in power. It's always suicide even if the victims last cry was: Comrades, don't shoot! Most recently the governor of Macau province "jumped" from the roof and the ethnic chinese head of the Interpol agency simply disappeared. Such 1984-ish things just don't happen in the western civilization. China learned brutality from both Stalin's communists and the pre-1945 japanese occupiers.

Re:100% of their hardware is compromised.

[gweihir]

No, it is not. First, there is no sane reason to do it, as it is not needed for anything. You are not that important and what you do on your computer is not either. Second, the more hardware backdoors you deploy, the higher the risk somebody finds them. And third, actually using a backdoor always comes with a significant detection risk as well. And last, NOBUS backdoors are very, very hard to get right and anything else can be found and used by other attackers. That would be an extreme catastrophe and is just one more reason to only do small-volume, targeted backdoor deployment.

Re:100% of their hardware is compromised.

Better than driving tanks over students I suppose.

-1: false dichotomy

So it's a fact then?

Why would you pull these antics unless it's really a fact. Are the Chinese pulling the strings?

Re: So it's a fact then?

Why the excessive shilling today? Got something to be worried about have you bloomberg? Oh yes.

See, this isn't how you debunk a story.

If anything retaliating against the reporting agency makes the story look MORE TRUE, NOT LESS. Apple "doesn't want to sue" but does this piddly shit? Telling?

Re:See, this isn't how you debunk a story.

[Megol]

If you invite neighbors to your house to a party but one of them decides to take a shit on the living room floor you will not invite them again, especially when they blame a dog nobody have ever seen (chip) without even a single strand of hair (evidence).

Well you obviously would because not inviting that person somehow in your mind makes the lie true...

Amazon had Bloomburg ads?

[SuperKendall]

I knew they had featured products and the like, but I didn't remember Amazon having ad ads. Maybe that is for non-Prime members (not virtue signaling, I swear, though perhaps that would really be more vice-signaling).

It is their only recourse

[Kohath]

It's the only way to hold so-called news reporters to any sort of standard.

Why should Apple or Amazon continue to deal with Bloomberg when Apple and Amazon think they've been the victim of false reporting?

Re:It is their only recourse

[TheFakeTimCook]

It's the only way to hold so-called news reporters to any sort of standard.

Why should Apple or Amazon continue to deal with Bloomberg when Apple and Amazon think they've been the victim of false reporting?

I agree.

Plus, it's their ad money, and therefore totally their choice to spend it, or not, where they wish.

Re:It is their only recourse

Doing something you have the right to can be news or not.

I mean, you have the right to divorce your spouse. But your divorce can easily be news to anyone who knows either of you.

This one random guy totally said it was true....

...so we ran the story!

"#FakeNews" has truly gone mainstream.

Even corporations, ain't havin it anymore.

The days of "news" (read: propaganda) outlets are numbered.

The only problem is: What will replace it? ... The only sources one can actually trust, are one's senses and one's close friends. And even those can be tricked. ... Philosophy and physics always said reality is relative. i don't think we're ready to accept, how relative it is, and how little we can be sure of anything we seem to experience, though. I mean look at Wikipedia... They still can't put the concepts of 1. relative reality, and 2. not having every nutjob put his bullshit in there, under one hat. They think (1) requires (2).

For me... I will just call what I experience with my senses reality. And all the rest... all the "sources"... as mere stories. They might be right. But unless I have checked myself, and found them trustworthy in their predictions, they are useless.

Re:"#FakeNews" has truly gone mainstream.

[Bobrick]

Hate to break it to you, but your senses and your friends lie to you a lot more than the media.

Re:"#FakeNews" has truly gone mainstream.

Cite your sources or go fuck yourself.

Re:"#FakeNews" has truly gone mainstream.

go fuck yourself

How the hell did you know what I was doing right now?

Re:"#FakeNews" has truly gone mainstream.

"That shirt was actually kind of dumb." - Joe Brown

I don't know why that seemed tantrum-worthy to you.

This story was reported widely in Feb of 2017

[supercell]

This Supermicro server/security story was reported in 2017, although focused on Apple (said others were impacted, no specific mention of Amazon), since it was not highly profiled by Bloomberg Business News, it was not widely noticed.

Feb 2017
https://appleinsider.com/artic...
https://www.macrumors.com/2017...
https://arstechnica.com/civis/...

Their claims that they knew nothing of this security issue from Supermicro has all the appererances of a PR cover up

Re:This story was reported widely in Feb of 2017

Bad firmware != deliberately vulnerable hardware.

Re:This story was reported widely in Feb of 2017

Sufficiently bad firmware is indistinguishable from deliberately vulnerable hardware.

Re:This story was reported widely in Feb of 2017

[Junta]

No, *that* was a problem of failing to provide adequate protection of their servers and download site from fake firmware. From all reports, this was enough to scare Apple off as a customer, but didn't actually get anywhere to have a chance to actually infiltrate anything. This is a class of attack that can be mitigated, and it is correct to select a different vendor for having better security practices to prevent an external attacker that has no business relationship with the supplier from getting in.

Bloomberg's accusation is that there was a *hardware* attack where a chip was injected and that the attack actually landed and spent a significant time having compromised the datacenters.

This is a whole different implication:
-An entity with a business relationship vetted by the supplier would have been the one to execute, suggesting the supplier is at best inadequate in vetting their partners and at worst (and the bloomberg *heavily* hints it this in mildly racist ways) complicit in the attack.
-Such an attack landed successfully for a significant duration.

As a few have pointed out, the far safer bet would be a firmware attack, as with the alleged approach it would be far more expensive, less likely to hit, and upon detection has no plausible deniability. The artcile smells fishy, and no other investigation can find a hint of anything to corroborate the claims.

Re:This story was reported widely in Feb of 2017

[Anubis+IV]

The issue you're talking about is an unrelated incident dealing with firmware, NOT the hardware issue that Bloomberg is reporting.

The firmware incident from 2016 that you're talking about is indeed what led Apple to dump SuperMicro. That said, Apple has been open about that incident and even mentioned it explicitly in their initial response to Bloomberg's article, suggesting that—as you just did—Bloomberg confused the 2016 situation with the hardware incident alleged by Bloomberg. I would have hoped you'd have known better, since I already told you all of this just a few weeks ago.

As for what the firmware incident involved, in short, SuperMicro let a board get by them that had malware on it. As far as Apple could tell, it was an incidental infection that wasn't targeted at them in any way, but it pointed to such a lapse in SuperMicro's QA process that SuperMicro could no longer be trusted as a supplier. Again, that's a separate issue from Bloomberg's claims that there were malicious chips physically placed on boards back in 2015.

Kohath you're a fucking moron lol.

No moron Kohath, it's NOT the only recourse you idiot. If a story that is printed is false on the merits, YOU SUE FOR LIBEL. It's simple. You don't play passive aggressive footsie you moron. https://en.wikipedia.org/wiki/Apple_Inc._litigation

Entire publications have been shuttered over a single suit like that, pay attention stupid.

Re:Kohath you're a fucking moron lol.

[Kohath]

Winning a libel suit requires proving intentional falsehood motivated by malice.

Re:Kohath you're a fucking moron lol.

[JackieBrown]

If they sue, they get accused of the same "you are trying to bury the truth" cries.

This way, they get to make their point and save money

Re:Kohath you're a fucking moron lol.

And if you're correct in saying it's 100% false, that's easily provable. They would have zero evidence to back up their claim that boards are backdoored, and be forced either to retract or fight the suit and risk everything.

You stupidly asserted that this half-measure is "their only recourse" and that's simply not the case obviously, the ONLY actual recourse is a libel suit. Apple does them all the time, but not in this case. Ask why, or be a moron forever.

Re:Kohath you're a fucking moron lol.

[Kohath]

It's almost certainly not intentionally false and provably motivated by malice. If the story is merely false, it isn't (legally) libel.

Re:Kohath you're a fucking moron lol.

Wrong. If it causes damage and has no basis in fact, proving malice is relatively easy. It happens all the time. Or did you think Gawker media was trying to ruin Hulk Hogan's life by publishing what they did? You're being dumb.

Re:Kohath you're a fucking moron lol.

[Kohath]

Hulk Hogan lawsuit wasn't a libel suit.

Re:Kohath you're a fucking moron lol.

And your mother isn't a virgin, but they both started out that way.

Re:Kohath you're a fucking moron lol.

[gnasher719]

Winning a libel suit requires proving intentional falsehood motivated by malice.

True, but Apple or Amazon wouldn't have to win. If a judge decided "Apple, you lose.The whole story was total nonsense, but you cannot prove it was motivated by malice.", that's all that Apple would want.

Re:Kohath you're a fucking moron lol.

[Kohath]

Nope

Re:Kohath you're a fucking moron lol.

*... in the US.

There are many countries that malice, even armed with truth, will get you in trouble.

Re:Kohath you're a fucking moron lol.

[DRJlaw]

And your mother isn't a virgin, but they both started out that way.

No. The lawsuit never included a defamation claim.

Happens all the time

[mschuyler]

Neither Apple nor Amazon owe Bloomberg or anyone else ads. When an advertiser pulls ads from someone like Sean Hannity or Rosie in a blatant attempt to hurt those outlets, everyone here cheers. But Apple pulls ads from Bloomberg and the cries of unfairness are loud. Some people here will "never buy Apple" because, you know, Chinese slave labor and all that. You get to do that. You have that right. You get to make a political decision about where you spend your money. So do Apple and Amazon. It's nothing more complicated than that.

Re:Happens all the time

[squiggleslash]

But Apple pulls ads from Bloomberg and the cries of unfairness are loud.

Let me guess, you saw this article, and quickly hit the Post Comment button hoping to get first post, not realizing that lots of people had already responded, none of whom argued it was "Unfair" for Amazon to pull ads from Bloomberg?

Re: Happens all the time

Rely Rae's detected. Please ignore.

More recent research

[SuperKendall]

The thing is, just recently LOTS of news orgs, and the government itself could find no evidence of what was reported - and both Apple and Amazon did not just give PR responses, but much stronger responses that would lead to large fines if they were lying.

Since everyone else on Earth is unable to verify the story, it's far more likely Bloomburg really screwed up.

Re:More recent research

[supercell]

There was no attempt at that time to refute the stories by Apple and others at that time. Only when it reached critical mass, (Bloomberg, ran a huge piece on it, did they react).

If they had reacted to a few blogs post/Tech articles in 2017 they would have had the Streisand Effect on the matter.

Supermico announced in early 2017 that it lost TWO large data-center customers in 2016 over security issues. Apple being one, Amazon probably being the other. Their stock took a huge hit in early 2017 when their CFO made this announcement on an earnings call.

Feb 2017 Marketwatch article

https://www.marketwatch.com/st...

There is a hell of a lot of smoke here.

Re:More recent research

[SuperKendall]

Those are totally separate issues though. One was companies leaving Supermicro because they sucked, which is a far different matter than Chinese spy-grains being embedded on motherboards (which again exactly ZERO people can produce physical evidence of).

Re:More recent research

[larryjoe]

The thing is, just recently LOTS of news orgs, and the government itself could find no evidence of what was reported - and both Apple and Amazon did not just give PR responses, but much stronger responses that would lead to large fines if they were lying.

Since everyone else on Earth is unable to verify the story, it's far more likely Bloomburg really screwed up.

Would Apple and Amazon be subjected to large fines if they were blatantly lying? Under what law? The SEC and stockholders/lawyers would only go after them if the stock price had been affected, and even in those cases, the fines are less than wrist-slaps. There is basically little real penalty for Apple and Amazon to vociferously deny everything. On the other hand, a less than full denial could result in a PR hit.

It's possible that Bloomberg reporters totally made up the story or substantially modified the facts. However, the barrage of corporate denials is just exactly what would be expected from these companies and doesn't provide much insight. What is much more surprising are the statements from government organizations. It's unclear what their motivations are, since there is nothing obvious to be gained by speaking up compared to saying nothing.

Re:More recent research

What would happen if Apple and/or Amazon came out and said they found evidence of a hack? Wouldn't the fallout from that be bad and very far reaching?

Likely it's in NOBODY'S best interests to admit to something like this. Apple and Amazon lose access to the Chinese market (which all the players in silicon valley seem to want a piece of). The US gov would likely do a rather thorough investigation of our infrastructure. This would be a wake-up call that China seriously does not want us to have. There would be major impacts on things like trade, foreign policy, and relations between countries. Nobody has put it on the table yet, but there are some who would say that what Bloomberg is describing is an act of war. (Could you imagine if something like this was even suggested during the cold war?)

It's in everybody's best interest to sweep this under the rug, guard their networks and their secrets, and publicly DENY, DENY, DENY (like they are doing right now). This buys time to consider with cool heads what the next steps should be. Avoiding war is likely on the top of everybody's list on both sides. Lets not forget that BOTH the US and China have nukes - lots of them. Things could get very ugly in a WW3 kinda way really quickly. Nobody with a sense of self preservation in ANY country wants to see the US and China go to war.

All that said, I do find it rather telling that no lawsuits have been filed despite the US being quite possibly the most litigious nation on earth. It's almost like a back handed admission. Tell me that, under normal circumstances, Apple with their VERY deep pockets, who have sued plenty of folks for a WHOLE LOT LESS, wouldn't sue Bloomberg "for the lulz" if they didn't have anything to hide.

Re:More recent research

[Anubis+IV]

There was no attempt at that time to refute the stories by Apple and others at that time.

You're confusing two different incidents. The reason there wasn't an attempt to refute the 2016 firmware incident you're talking about is because it actually happened. Apple has even talked about it publicly. From Apple's response to Bloomberg:

We are deeply disappointed that in their dealings with us, Bloomberg’s reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously-reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple.

The 2016 firmware incident in which a single SuperMicro server in a test environment received a malware update is real. The 2015 hardware incident alleged by Bloomberg—in which a malicious chip was physically placed on the boards—has zero factual basis as of yet and zero corroboration from outside sources.

Moreover, as I've already pointed out to you in previous comments, SuperMicro didn't lose Amazon as a customer in 2017 like you're claiming. From Amazon's response to Bloomberg (same link as above):

Additionally, in June 2018, researchers made public reports of vulnerabilities in SuperMicro firmware. As part of our standard operating procedure, we notified affected customers promptly, and recommended they upgrade the firmware in their appliances.

Amazon was still using SuperMicro as of earlier this year. SuperMicro did lose a big customer, but it apparently wasn't Amazon.

Re:More recent research

[SuperKendall]

What would happen if Apple and/or Amazon came out and said they found evidence of a hack? Wouldn't the fallout from that be bad and very far reaching

In what way? It hasn't been far reaching so far for many companies leaking tens of millions of customer records with a lot more sensitive data than Apple or Amazon even have. The companies carry on after a small fine. The SEC fine would be far worse and further reaching if they were lying (just ask Musk). Would Apple be worse off with a small fine or Tim Cook being ejected as CEO?

Nothing new for apple

they have been blacklisting the media outlets that don't praise them for years now.

The left consumes itself again

Like the snake that ate itself alive...

Show me the data

If SuperMicro is guilty of this, then all Bloomberg has to do is go online, but some boards and pay MIT or some other school with the facilities to find the malicious chips. That seems pretty logical right?

If the chips actually exist, they should be pretty easy to identify. Just cross reference the chips and the drivers and verify what is OEM, Chinese or otherwise and then reverse engineer them and simulate the hack.

This is not a difficult thing to do.

I know of a NATO government organization that has pulled the power from a stack of Nutanix servers because of this article. I asked them to prove to me that the story had any merit other than FUD and they explained that they pulled the plug because they need proof there is no merit not the other way around.

I think SuperMicro should sue the shit out of Bloomberg over this. So should Nutanix and every other company financially effected by this article. Then Bloomberg will be forced to either prove their claims ... at which point we can all apologize and thank them or they can suffer the hundreds of millions in losses over publishing this rubbish.

Re:Show me the data

>all Bloomberg has to do is go online, buy some boards
After time traveling back a-ways and spoofing the markers (eg purchase batch) that were chosen as indicators of high-value targets.

If you assume every board of every batch for every Supermicro client was targeted and laboriously doctored (to this day, even) you're beneath my time.

Re:Show me the data

[gweihir]

Lets assume the story is true. It is quite possible Bloomberg does not have the hardware and the witnesses may not be able to get to any either at this time. Of course, the story could also be false, but this is not the way to show that.

Re:Show me the data

[Aighearach]

Why do it now? When they've got the affected companies going apeshit and making these kinds of insanely-strong statements about how they insist on the right of rich assholes to magically prove a negative through command voice, they might as well wait until it dies down a little, then dump the evidence on them. Right now it is still churning under its own power, why would they possibly want to shorten the time frame that it plays out over?!

Nobody is suing anybody, because discovery. They all know supermicro got p0wned and nobody is going to hand over their evidence after making Magical Command Lies.

Conspiracy theory time?

[GameboyRMH]

I'd guess that the story is true and the affected megacorps are trying to cover it up. I'd guess that these megacorps are cooperating with the TLAs investigating the issue, and don't want the story made public because they'd rather not go public about a data breach (at least not individually and earlier than necessary), which the TLAs would also prefer in this case. So the media would be both compromising the investigation and bringing bad PR to the victims by reporting on this.

In a couple years we'll probably hear that it was all true and the affected companies will jointly disclose the data breach.

Re:Conspiracy theory time?

it's illegal to coverup a hack in California. The only way they can legally not disclose it is if the NSA/FBI invoked the Patriot Act.

Re:Conspiracy theory time?

[GameboyRMH]

Which could be a very real possibility...

Re:Conspiracy theory time?

[gweihir]

Possibly. There would be very strong economic incentives to lie, as such a backdoor would basically compromise anything "cloud", and may cost them hundreds of billions. That is not small money and may pose an existential risk. Of course, it is also possible the story is false.

I fear that at this time there is no way to really find out. If true, the compromised hardware will already have been removed and destroyed very quietly. If false, how do you prove that?

The one thing I can say is that the attack would be technologically possible. Besides the miniaturization and hiding in the signal-filter (and creating the new BIOS code), I could probably do this myself with a few weeks of work. Intercepting and manipulating an SPI connection is not hard.

Re:Conspiracy theory time?

[Aighearach]

If the NSA intervened, you wouldn't know. If they already did intervene, you don't know, I don't know.

If in the future some truth about the NSA is revealed in public, we won't even have a way to distinguish it from an air force weather balloon. There is no way to know that stuff.

What is weird, really weird, is that they already made a statement in this case.

Re:Conspiracy theory time?

The shareholder lawsuits would destroy them.

No way are they lying about this.

Re:Conspiracy theory time?

[gnasher719]

I'd guess that the story is true and the affected megacorps are trying to cover it up.

It seems that Apple learned about the story from the newspaper, then asked the relevant employees "did you find anything and contact the FBI", then asked the FBI "did any of our employees contact you", and the FBI knew nothing, and the employees knew nothing. "Trying to cover it up" is a bit ridiculous when Bloomberg could just release the evidence (which they probably don't have).

Re:Conspiracy theory time?

[gnasher719]

If the NSA intervened, you wouldn't know. If they already did intervene, you don't know, I don't know.

Remember: The government can or could compel a company to stay silent. They cannot compel a company to lie. If Apple says anything, then you know they haven't been ordered by the government to keep quiet, and what they say is what Apple wants you to hear, not what the government wants you to hear.

Re:Conspiracy theory time?

[GameboyRMH]

Would shareholders be able to sue if the megacorps were legally compelled to keep quiet by a Patriot act request?

Corporations HATE Freedom

They hate free people and free markets. Regulatory capture & slavery just pays soooo much better!

Re: Taiwan is the only place getting nuked..

..and the Chinks will do it themselves after their million men gay army have invaded. Poohbear is gonna turn those fags into national heros by nuking them, creating a myth that America nuked Taiwan rather than see China possess it plus he gets rid of all those queers he hates. Win win.

Re: You Think Lying Has Consequences

Jesus youre fucking ignorant Kendall.

Re: Chinks Piss Everywhere

And shit in their streets. I think you mixed up your metaphor ESL Chinese Agent!

Age of paranoia

[Headw1nd]

So while reading the "comments" where it seems everyone is accusing everyone else of being a shill, I couldn't help but thinking any number of them could actually be from Chinese or Russians, working against each other to either discredit the story or hype it up. As an American it seems strange to live in a world where everything around you has the potential to be tainted by foreign psyops, I imagine this must be a little bit like the third world felt during the cold war.

Re:Age of paranoia

You begin to understand why so many less powerful countries put serious restrictions on free speech. Free speech in a world of malicious foreign actors is a serious threat to sovereignty.

Re:Age of paranoia

Pro-American Citizen shill! Get out of our propaganda pushing comment section!

Re:Age of paranoia

[Aighearach]

I'm not sure, your account is pretty new, you might be a furren infill traitor, here to insert manimal propaganda.

Re:Age of paranoia

[SEE]

Don't trust anyone over a four-digit ID.

Re:Age of paranoia

[DNS-and-BIND]

It all started after the election, they had to delegitimize Trump somehow. Easy, accuse him of being a dirty foreigner. McCarthyism. It worked shockingly well, people were grabbing at straws to find a reason why he won. The idea that the they had deliberately fucked over the American working class and that this was a reaction to that was too painful to acknowledge. What, admit the deplorables had a point? Entire political systems have fallen rather than admit less.

Re:Age of paranoia

You don't need foreign psyops. Domestic media is the prime driver of this paranoia with their hysteria about "Russian bots".

Sounds like blowback

[Sqreater]

Capitalist contact with the vast Chinese market leads to sensitivity to communist Chinese government pressures. I believe these actions are the result of pressure directly or indirectly by the Chinese government. We can expect to see more and more of this shaping of our system by the Chinese and amoral/immoral bussiness leaders greedy for Chinese business.

This feels like

[kaatochacha]

If it wasn't true, they wouldn't be overreacting so much.

Re:This feels like

not true. a claim like this damages their reputation. Amazon and Apple are two very large organizations that sell billions to enterprises and government. This story, if true, could damage their reputations as good stewards of that business. So yes they are reacting with the exact amount of vigor necessary to rebuke the claims. If you had billions in sales at stake, wouldn't you get upset?

Oh well, they're not missing much!

"According to multiple sources, Bloomberg was not invited to Apple's fall product event next week in Brooklyn." Given that anyone with a Mac or Apple TV can just watch the event online for free and get the same information that everyone else gets at the same time, there's no need to send valuable journalists to the actual venue.

A good review of the technology

[davecb]

https://www.lightbluetouchpaper.org/2018/10/05/making-sense-of-the-supermicro-motherboard-attack/

"Perhaps the animation is an artist’s concept only, but this is just the right place to compromise the BMC.

That's the Security Group at the University of Cambridge Computer Laboratory, and they take no prisoners (;-))

Of all the lies they pick this one?

Let that set in. The ONLY reason Amazon or anyone else gives a damn about this story is the perceived tie to Trump. Period. The media otherwise lies like a 4 year old (and acts like one), yet never face any kind of reprecutions... Brace yourselves, it's only going to get worse as the US election cycle kicks in again.

Regarding Bloomberg divulging their sources, let me remind you of the slope that would create... Their sources are protected for a reason. It's also quite possible doing so would reveal leaks within the NSA/CIA/*.Government Agency. For what?

You'd have no argument against it from me if MSM suddenly decided that publishing unfounded, poorly researched stories were criminal. That isn't how they operate.

I can't believe I'm actually agreeing with Trump more out of pure spite for the bloody left.

can't believe the denial

When i know for sure that many agencys do the same thing,
They plant spy hardware in other hardware whenever it suits them for spying on others.
Foreign companys that buy hardware from the usa get their stuff infested with the same kind of hardware.
This denial just makes it all worse. As if it is never done.
Lol, when something can be done, you can be sure that someone will be doing it.

Hell no

[AndyKron]

Sounds like pissy little babies run those companies. Is this the world we want?