Bloomberg isn’t backing down, sticks by its Chinese microchip hacking story, despite claims
Let’s hope the truth comes out sooner rather than later.
On Thursday, Bloomberg Businessweek published an industry-jarring story that said Chinese hackers were able to compromise up to 30 U.S. companies by infiltrating computer supply chains. Soon after, some of the companies involved took the unusual step of publicly criticizing the report and calling its key points inaccurate. Not surprisingly, Bloomberg is sticking by the story.
In a late Thursday appearance on Bloomberg TV, Jordan Robertson, one of the co-writers of the original story, said he talked to 17 anonymous sources. Robertson said these included U.S. intelligent agencies and individuals at the affected companies.
What exactly did (or didn’t) happen?
Businessweek claims Chinese spies inserted microchips into servers used by some of the biggest companies in the United States, including Amazon and Apple. It said the state-sponsored operation involved forcing Chinese manufacturers to insert chips the size of the tip of a pencil into parts that were supplied to Supermicro, one the world’s biggest sellers of server motherboards.
From there, the sabotaged servers made their way inside data centers operated by dozens of U.S. companies. When the servers were activated, the microchip could alter the operating system’s core so it could accept modifications.
What Amazon and Apple had to say
In dueling statements published by Bloomberg, Amazon and Apple denied that anything happened.
Amazon explained, “It’s untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications.”
Apple, meanwhile, said “Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.”
Later the iPhone maker went even further, saying that Bloomberg reporters had contacted the company numerous times in recent years about the “alleged security incident.”
Further, “Each time, we have conducted rigorous internal investigations based on their inquiries and each time we have found absolutely no evidence to support any of them. We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg’s story relating to Apple.”
It’s only a matter of time before the truth comes out
Ars Technica is correct in concluding that “someone isn’t telling the truth, but it’s hard to tell what the real story is.”
Originally, I thought perhaps national security concerns were the reason behind the denials from Amazon and Apple. However, Apple made it clear that they are not under any kind of gag order or other confidentiality obligations.” Now I’m not so sure what’s going on.
We’ll continue to follow this story. In the meantime, what do you think happened? Let us know below.
- Facebook doesn’t care about you and is using your security phone number for ad targeting
- Everyone can now purchase Google’s Titan Security Key to protect their accounts
- We need to talk about security at gaming events