It seems like the writer has a personal stake in the idea that Apple can do no wrong, therefor Bloomberg must be lying.<p>As an example they claim 10 reasons not to believe Bloomberg and cite two other pieces they have wrote, both proclaiming apples innocence.<p>They literally give the same reason multiple times, and the reason is little more than "Apple wouldn't lie!". Apple has been caught lying in the past about other things like battery life.<p><a href="https://9to5mac.com/2018/10/05/chinese-spy-chip/" rel="nofollow">https://9to5mac.com/2018/10/05/chinese-spy-chip/</a>
This is just re reporting Pat Gray's podcast.<p><a href="https://risky.biz/RB517_feature/" rel="nofollow">https://risky.biz/RB517_feature/</a><p>Also worth mentioning here is the background on the credibility of these journo's that Robert Lee provides:<p><a href="https://twitter.com/RobertMLee/status/1049617855396933632?s=19" rel="nofollow">https://twitter.com/RobertMLee/status/1049617855396933632?s=...</a><p>The most interesting tweet in that thread:<p>"They claimed anonymous US intelligence community sources as well. Except I led the ICS threat discovery mission at the time at the NSA. And I had never heard of this attack being a cyber attack. The NSA doesn’t see everything but if the US IC is your source we would have."<p>He is referring to the BTC pipeline piece that these guys wrote. It claims the pipeline explosion was a cyber attack, which has never been substantiated.
Sounds like Bloomberg was creating a bit of fiction about how something like this could happen and backing it into validation by sources.<p>Particularly damning part, to me: "I sent him a link to Mouser, a catalog where you can buy a 0.006 x 0.003 inch coupler. Turns out that’s the exact coupler in all the images in the story." Clearly they didn't have an original hacked part like some have claimed/hoped.
I found the attempted humorous article "Here are the subjects our [science] reporters enjoy covering the least" to be very revealing of typical reporter attitudes<p>> How could [discovering exoplanet] not be dramatic? If you're an actual f$@!%%# astronomer, that's how. Because then you'd feel compelled to drone on for page after page of details on the different telescopes you used, and the software pipelines the data went through, and how everything was normalized to... Exoplanets, which are BRAND NEW WORLDS UNKNOWN TO US get announced with excessive details on Monte Carlo sampling and Markov chains. I would not have thought it possible to suck the life out of stories like these, but the people who have chosen to make this their life's work manage.<p><a href="https://arstechnica.com/science/2018/09/here-are-the-subjects-our-reporters-enjoy-covering-the-least/" rel="nofollow">https://arstechnica.com/science/2018/09/here-are-the-subject...</a><p>In other words: "Why do these eggheads spend so much time worrying about whether the things they think they know are actually true when they could be talking about how it makes them feel?"
"But what really struck me is that like all the details that were even remotely technical, seemed like they had been lifted from from the conversations I had about theoretically how hardware implants work"<p>Yeah that doesn't sound promising for Bloomberg.
Reporters can't be this dumb.<p>><i>I sent him a link to Mouser, a catalog where you can buy a 0.006 x 0.003 inch coupler. Turns out that’s the exact coupler in all the images in the story...</i><p>I don't know much about technology journalism, but I would think that no one who is a technology reporter would make a miss like that. And even if he/she did make a miss like that, wouldn't an editor or someone higher up call that out pretty much right away?<p>I can't see why this story would have been put out as is without further investigation? Maybe some independent verification? I suppose there remains a <i>slim</i> possibility that the overarching theme of the story is true, and the reporters are simply spectacularly inept. There is also the possibility that the story is false and Bloomberg <i>itself</i> is spectacularly inept. Other possibilities are too terrible to contemplate. They run the gamut from simple propaganda, which is terrible, but would not be unexpected... all the way to out and out graft. ie - Some influential guy was short Apple.
Despite the comments here, there's more evidence that that story was not made up, with real names this time at least.<p><a href="https://www.bloomberg.com/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecom" rel="nofollow">https://www.bloomberg.com/news/articles/2018-10-09/new-evide...</a><p>I'm not saying it is true, but of course all parties involved will deny everything, imagine how much it would hurt them if they acknowledged they have been hacked.
Apple dumped supermicro in 2017 for security issues. But Bloomberg really needs to provide some information to back up their claims, this isn't a minor issue, this is a clam of spying from China.<p>>Super Micro Computer Inc. SMCI, -18.58% dropped 8% in late trading Thursday after a report said Apple Inc. AAPL, +0.93% ended its relationship with the company after finding "a potential security vulnerability" in a data center server provided by Super Micro.<p><a href="https://www.marketwatch.com/story/super-micro-plummets-after-report-apple-cut-ties-on-security-fears-2017-02-23" rel="nofollow">https://www.marketwatch.com/story/super-micro-plummets-after...</a>
Ironic that an article about how bloomberg may have misunderstood and jumbled their expert sources' info has some glaring mis-transcribed quotes!<p>"For example putting two pieces of silicone in a single package makes sense when one of them is flash storage and the other is a micro controller. But an experienced observer could easily jump to the conclusion that it’s a hardware implant."<p>yeah - silicone. but more importantly: he certainly meant IN-experienced.
What's the outcome here if the expose turns out to be a farce?<p>Written apology from Bloomberg? Fire the reporters? SEC charges of security fraud related to stock manipulation?
I have been purposely misquoted several times in several California small town news agencies (their agenda almost diametrically opposed to my information), I am not particularly surprised this may be happening with Bloomberg. I have stopped responding to requests for interviews, as I am rarely informed ahead of time what the person's (or editor's) agenda may be, to decide if it aligns with what I wish to contribute ammunition/fodder towards.
What if the Chinese social engineered to get people to write this story. Meta.<p>In seriousness though this is starting to smell like the whole story is plain wrong. Which is fascinating, however it came to be.
In a way, this resembles a technique that is sometimes (but should not be) used in the interrogation of criminal suspects: raise hypothetical questions, and then write up the replies as if they were statements/confessions of what actually happened.
"putting two pieces of silicone in a single package"<p>Is it the expert or the journalist who doesn't know the difference between silicon and silicone?
Sounds like Bloomberg painted the theory they wanted to paint, and were not particularly subtle about covering there tracks. Assuming what this dude says is true, this is going to be very bad and very, very expensive for them.
>I sent him a link to Mouser, a catalog where you can buy a 0.006 x 0.003 inch coupler. Turns out that’s the exact coupler in all the images in the story.<p>I did a super quick search, and sure enough, yep- the images in the article are most likely a $0.38/each 0603 coupler.<p><a href="https://www.mouser.com/ProductDetail/TDK/HHM2510B1?qs=sGAEpiMZZMtMMXztyU6kdOGe15j15p2UXJNV928fndCH04b2xQBCoQ%3d%3d" rel="nofollow">https://www.mouser.com/ProductDetail/TDK/HHM2510B1?qs=sGAEpi...</a><p>I'd imagine it's mostly for illustrative purposes, but Gell-Mann Amnesia Effect in full force here.
Technical people like to talk about technical things and non-technical reporters are torn-up about it. Then some outlets have reasons to report one side not in totally good faith. Here is a prior case:<p>>For a journalist, the fear of getting it wrong is a mortal one. Experts loudly calling me wrongheaded were hard to shake. Many of their objections were highly technical—and I would never pass myself off as someone with an expert’s grasp of computer science. (Less than 24 hours after my piece went live, The Intercept published a very long, very detailed piece that suggested my piece was likely bunk.)…<p><a href="https://www.theatlantic.com/politics/archive/2018/10/trump-organizations-mystery-server/572485/" rel="nofollow">https://www.theatlantic.com/politics/archive/2018/10/trump-o...</a>
Can somebody hunt down one of those motherboards maybe on eBay or in their own data centers and track down this malicious device? Putting together a test circuit that throws the BMC firmware down it and see if anything different comes out the other end should be a simple enough task.
This is the first criticism of Bloomberg's story that made a decent point (along with several bad ones). I definitely believe Apple or Amazon would lie, I definitely believe they might get told to by the feds, I definitely believe the Chinese government has at least looked into the idea of using their hold on the supply chain to get intelligence. The idea that there are much easier ways to do this, however, is an important one.
Since the lead in this story is <i>maximally buried</i> -<p>"You put hardware in a device to help you persist the software, the malware. You don’t put hardware in a device to do the whole attack, you put hardware in the device to unlock the keys, to elevate the privileges on the shell, to open the network port and then you take a software or remote approach to do the rest of the work. And I think that’s the context of that quote."
Here's the source 9to5mac is quoting from. It's a podcast episode, so no text:<p>"Risky Business Feature: Named source in "The Big Hack" has doubts about the story": <a href="https://risky.biz/RB517_feature/" rel="nofollow">https://risky.biz/RB517_feature/</a>
I'd have to go back and read the Apple and GCHQ (and .. was it .. Google?) denials more closely, but...<p>I found it really interesting how pointed and specific the denials were, rather than blanket denials or refusals to say anything.<p>I wonder if the technical details that were wrong in the article ended up giving cover to the denials. Maybe the hack never was in hardware, and Bloomberg totally screwed that part up, due to a misunderstanding of what it means to "manufacture a board with vulnerabilities" and that ended up giving inadvertent cover to those parties wishing to deny that a <i>hardware hack</i> was found in products in their datacenters?<p>EDIT:<p>Okay, maybe my theory's not so great.<p>>On this we can be very clear: Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.
This is an old story, but I can't help but think it is somehow relevant:<p><a href="https://www.politico.com/blogs/media/2013/12/the-bloomberg-market-moving-bonus-179407" rel="nofollow">https://www.politico.com/blogs/media/2013/12/the-bloomberg-m...</a><p>In light of the above, something smells.