
Apple tells Congress that it has found no sign of microchip tampering - nwrk
https://www.theverge.com/2018/10/7/17948924/apple-cybersecurity-microchip-george-stathakopoulos-denial-congress
======
King-Aaron
I can definitely entertain the possibility that Bloomberg was lying in their
reporting, as like all media reports what's written should be taken with a
reasonable grain of salt.

But to intentionally publish such an inflammatory article, knowing to be
false, which implicates two of America's most influential corporates just
seems like absolute professional suicide to me.

~~~
neonate
The story can be false or misleading without the reporters lying. They may
simply have believed their sources and chosen not to question them too
closely. That's more common than reporters making things up.

~~~
r00fus
There's the story about how Bloomberg pays its reporters if they "move
markets".

Would that create the appropriate incentive to explain this behavior?

~~~
wyattpeak
People are having a bit of a field day with that, but how is it any different
from any other paper which gives bonuses for stories which move subscriptions?
Or simply the fact that a journalist's career progress is basically pegged to
the importance of their stories?

It's a niche-specific metric for rewarding the same thing every publication
does - reader interest. If a reader is interested in a financial article,
pretty much by definition it will alter their market behaviour.

I actually agree, as with all journalism, that there is some incentive to
write exaggerated articles. But it rarely causes respectable journalists to
fabricate stories, and I can't see how this would be any different.

~~~
raws
Also the ones calling no fouls are the primary targets and would be most
affected by this as one of their selling points is their security levels.

Independent 3rd party review is needed.

------
mehrdadn
I'm probably wrong, but for the life of me I can't help but wonder if there's
weasel-wording going on.

Bloomberg:

> Three senior insiders at Apple say that in the summer of 2015, it, too,
> found malicious chips on Supermicro motherboards.

Apple:

> Apple has never found malicious chips, “hardware manipulations” or
> vulnerabilities purposely planted in any server.

Why did they say "purposely planted" here? Were they trying to exclude the
possibility of malicious chips being _accidentally_ planted in any server? Is
that even a thing? If so, why? If not, then why include those qualifiers if
they are unnecessary?

~~~
asperous
Saying "vulnerabilities purposely planted" just means that their servers may
have had bugs like heartbleed in the past.

~~~
mehrdadn
Thanks, that makes sense for vulnerabilities. But what about "malicious
chips"? I have such a hard time ignoring the fact that it modifies that phrase
too. Should I be?

~~~
Senderman
I don't think "malicious chips" was a quote from Apple - Apple's letter
mentioned "the existence of malware or other malicious activity." adding
"Nothing was ever found." \- which is pretty broad.

Every webstory is quoting that same excerpt - if the entire letter was printed
somewhere, I can't find it.

~~~
sanxiyn
Apple statement is available here:
[https://www.apple.com/newsroom/2018/10/what-businessweek-
got...](https://www.apple.com/newsroom/2018/10/what-businessweek-got-wrong-
about-apple/)

------
jakeogh
Oct 4th 2018:
[https://www.youtube.com/watch?v=mYAHPPXmcts](https://www.youtube.com/watch?v=mYAHPPXmcts)

Not sure what to make of the current hardware backdoor story, anon sources are
practically useless, but I study this stuff and the VP is being charitable on
the real subjects.

------
obtino
It appears that Bloomberg News pays reporters more if their stories move
markets:
[https://news.ycombinator.com/item?id=18162440](https://news.ycombinator.com/item?id=18162440)

One can only wonder if this story is due to the other.

~~~
timlod
A commenter there said that Bloomberg abolished this practice several years
ago.

------
svilen_dobrev
"before the congress"... pff how that is any kind of truth-detector?

Not that long time ago the bosses of tobacco industry sweared that smoking
have nothing todo with cancer..

words come and go.. and noone listens. or remembers.

btw there's no bad advertisement, only a missing one..

------
jumelles
This entire situation is really bizarre.

------
Paraesthetic
"it' found no signs of hardware tampering. What about an outside party, or
someone who isn't covered as being 'it'.

Sounds like some weasel wording to me, and of course they can't admit it
because of their huge push to be seen as a 'secure' company to store your data
with.

~~~
behringer
I wouldn't want to be the lawyer at apple found guilty of contempt of
congress.

Weasel wording is what a bad salesman does. It doesn't fly in court or in
congress.

~~~
9db2nPZp
What flies in any court is claiming ignorance while having any possible
evidence of the contrary destroyed or not documented at all in the first
place.

I think this was a warning to some companies to return their fab processes to
the USA or at least vouch to better the anti-tampering verification methods to
protect from foreign state actors.

If the breaches are confirmed there will be a lot more damage to the stock
market, but it all depends on __how __that would happen. I really hope they
don 't throw the baby out along with the bathwater.

~~~
Paraesthetic
If they are found to have lied to congress (Or to have feign ignorance at the
matter) there will probably be stock implication, but very little in the way
of punishment from the government.

~~~
behringer
If a lawyer knowingly lies to congress it's grounds for disbarment. I wouldn't
risk it for any company, tho IANAL

