
Ask HN: What's the latest on that “Big Hack” story by Bloomberg? - kaycebasques
The Big Hack [1] caused quite a stir. Apple and Amazon completely denied it. And then the whole thing seemed to fizzle out. Did Bloomberg, Apple, Amazon, et al. just decide to drop the whole thing?<p>[1] https:&#x2F;&#x2F;www.bloomberg.com&#x2F;news&#x2F;features&#x2F;2018-10-04&#x2F;the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
======
doctorsher
It depends what you mean by "drop the whole thing." The latest reporting I saw
with fresh conclusions is from the Washington Post in late November [0].
Essentially, Bloomberg sent out a reporter completely independent of the Big
Hack article to ascertain whether or not it was accurate. Additionally, Apple
did a secondary investigation to see if their senior director of information
security had written any internal documents about the Big Hack -- no such
documents existed, corroborating their initial denial. So both Apple and
Bloomberg have taken additional steps since the original article was
published. However, in terms of public statements, it does seem that they have
dropped it.

Pertinent quotes from the article [0]: "The goal of this effort, Elgin told
the potential source, was to get to 'ground truth'; if Elgin heard from 10 or
so sources that 'The Big Hack' was itself a piece of hackery, he would send
that message up his chain of command. The potential source told Elgin that the
denials of 'The Big Hack' were '100 percent right.'"

"According to the potential source, Elgin also asked about the possibility
that Peter Ziatek, senior director of information security at Apple, had
written a report regarding a hardware hack affecting Apple. In an interview
with the Erik Wemple Blog, Ziatek says that he’d never written that report,
nor is he aware of such a document. Following the publication of Bloomberg’s
story, Apple conducted what it calls a 'secondary' investigation surrounding
its awareness of events along the lines of what was alleged in 'The Big Hack.'
That investigation included a full pat-down of Ziatek’s own electronic
communications. It found nothing to corroborate the claims in the Bloomberg
story, according to Ziatek."

[0] [https://www.washingtonpost.com/blogs/erik-
wemple/wp/2018/11/...](https://www.washingtonpost.com/blogs/erik-
wemple/wp/2018/11/27/bloomberg-is-still-reporting-on-challenged-story-
regarding-china-hardware-hack/)

------
MrEldritch
There really hasn't been anything - everyone involved outside Bloomberg who
could be in a position to back up the story categorically denied it, and any
evidence whatsoever in favor of Bloomberg failed to surface.

------
Spooky23
I thought it was pretty much refuted.

Given my limited experience with Supermicro, I’d look towards gross
incompetence vs. spies.

Frankly, it would seem a waste of resources to place some nefarious chip — the
facilities provided by the vendor are pretty trivial to compromise.

~~~
wahern
If you look at the Huawei controversy the intelligence community _appears_
utterly convinced that these hacks are occurring. But the current trade war
with China makes one wonder whether the threats are exaggerated or outright
fabricated. OTOH, the negotiations also mean the U.S. has an interest in not
disclosing details of actual incidents, to help China save face and also to
preserve U.S. domestic markets as gambling chips--i.e. if it disclosed serious
and pervasive attacks then nobody would buy Huawei, so China would have less
of an interest in making concessions so sellers like Huawei can grow in the
U.S. market. (Similarly, SuperMicro, Apple, and Amazon are American companies
so U.S. officials have an interest in limiting the fallout to any actual
attacks as long as the immediate threats are removed, which doesn't
necessarily require the knowing cooperation of those companies.)

The last public statement from Bloomberg was that they were going to perform
an in-house review. I'm just going to wait things out.

That said, the evidence for the viability and practicality of the alleged
attacks has only grown. The alleged technique has already been demonstrated.
See
[https://www.youtube.com/watch?v=C7H3V7tkxeA](https://www.youtube.com/watch?v=C7H3V7tkxeA)
Nobody seriously doubts that China is motivated to perform such hacks, and we
_know_ that the NSA has performed similarly complex hacks (the cost+benefit
calculus isn't always intuitive to outsiders). So whether it has or has not
happened is really only consequential for the credibility of Bloomberg.

~~~
Spooky23
Huawei is more complex IMO. There’s the spy angle plus the control of global
standards and new markets.

------
nameless912
I can tell you exactly what happened-my shares in SuperMicro have gone up 40%
since the publishing of that story. I'm going to guess that the whole thing
was dropped because it was mostly, or even possibly totally, untrue.

