Slashdot Mirror

← Back to Stories (view on slashdot.org)

Amazon Has Pulled Ads From Bloomberg Over Controversial 'Big Hack' Chinese Spy Story; Apple Has Not Invited Outlet's Reporters To a Product Event Next Week (buzzfeednews.com)

Posted by msmash on from the no-hard-feelings dept.

Both Amazon and Apple are taking retributive measures against Bloomberg, which in a report earlier this month alleged that some motherboards used by these companies were hacked by China. From a report: Amazon pulled its fourth quarter advertisements on Bloomberg's website, a move some within the media giant think is retribution for its controversial story alleging that Chinese spies hacked into the online retailer's servers. According to a source in position to know, Amazon's digital media buyer, Initiative, informed Bloomberg's sales staff on October 16 that it would cancel its ad buys for the fourth quarter due to budget cuts. Internally, the source said, the staff received that decision, made only eight days after a previous communication with Initiative confirming that the ads would run, as a direct response to Amazon's displeasure over the October 4 story. (Amazon announced Thursday that its marketing expenses for Q3 2018 were 3.3 billion dollars, up more than 800 million dollars from the year before.) [...] According to multiple sources, Bloomberg was not invited to Apple's fall product event next week in Brooklyn. Further reading: In an Unprecedented Move, Apple CEO Tim Cook Calls For Bloomberg To Retract Its Chinese Spy Chip Story.

7 of 119 comments (clear)

  1. This story was reported widely in Feb of 2017 by supercell · · Score: 5, Informative
    This Supermicro server/security story was reported in 2017, although focused on Apple (said others were impacted, no specific mention of Amazon), since it was not highly profiled by Bloomberg Business News, it was not widely noticed.

    Feb 2017
    https://appleinsider.com/artic...
    https://www.macrumors.com/2017...
    https://arstechnica.com/civis/...

    Their claims that they knew nothing of this security issue from Supermicro has all the appererances of a PR cover up

    1. Re:This story was reported widely in Feb of 2017 by Anonymous Coward · · Score: 2, Informative

      Bad firmware != deliberately vulnerable hardware.

    2. Re:This story was reported widely in Feb of 2017 by Junta · · Score: 4, Informative

      No, *that* was a problem of failing to provide adequate protection of their servers and download site from fake firmware. From all reports, this was enough to scare Apple off as a customer, but didn't actually get anywhere to have a chance to actually infiltrate anything. This is a class of attack that can be mitigated, and it is correct to select a different vendor for having better security practices to prevent an external attacker that has no business relationship with the supplier from getting in.

      Bloomberg's accusation is that there was a *hardware* attack where a chip was injected and that the attack actually landed and spent a significant time having compromised the datacenters.

      This is a whole different implication:
      -An entity with a business relationship vetted by the supplier would have been the one to execute, suggesting the supplier is at best inadequate in vetting their partners and at worst (and the bloomberg *heavily* hints it this in mildly racist ways) complicit in the attack.
      -Such an attack landed successfully for a significant duration.

      As a few have pointed out, the far safer bet would be a firmware attack, as with the alleged approach it would be far more expensive, less likely to hit, and upon detection has no plausible deniability. The artcile smells fishy, and no other investigation can find a hint of anything to corroborate the claims.

      --
      XML is like violence. If it doesn't solve the problem, use more.
    3. Re:This story was reported widely in Feb of 2017 by Anubis+IV · · Score: 3, Informative

      The issue you're talking about is an unrelated incident dealing with firmware, NOT the hardware issue that Bloomberg is reporting.

      The firmware incident from 2016 that you're talking about is indeed what led Apple to dump SuperMicro. That said, Apple has been open about that incident and even mentioned it explicitly in their initial response to Bloomberg's article, suggesting that—as you just did—Bloomberg confused the 2016 situation with the hardware incident alleged by Bloomberg. I would have hoped you'd have known better, since I already told you all of this just a few weeks ago.

      As for what the firmware incident involved, in short, SuperMicro let a board get by them that had malware on it. As far as Apple could tell, it was an incidental infection that wasn't targeted at them in any way, but it pointed to such a lapse in SuperMicro's QA process that SuperMicro could no longer be trusted as a supplier. Again, that's a separate issue from Bloomberg's claims that there were malicious chips physically placed on boards back in 2015.

  2. More recent research by SuperKendall · · Score: 5, Informative

    The thing is, just recently LOTS of news orgs, and the government itself could find no evidence of what was reported - and both Apple and Amazon did not just give PR responses, but much stronger responses that would lead to large fines if they were lying.

    Since everyone else on Earth is unable to verify the story, it's far more likely Bloomburg really screwed up.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  3. Re:But no lawsuit.... by RevDobbs · · Score: 3, Informative

    Bloomberg helping Trump? Really? That is highly unlikely.

  4. Re:Kohath you're a fucking moron lol. by Kohath · · Score: 4, Informative

    It's almost certainly not intentionally false and provably motivated by malice. If the story is merely false, it isn't (legally) libel.