And then, the source retracted the statement and said the photos were from different equipment, and that they didn't find hardware backdoors on Supermicro equipment.
This page on the Risky Business site explains their correction in more detail.
Generally Risky Business is pretty good (they had some great inside info on the "hack" of the 2016 Australian Census), so I find this an intriguing and interesting extra datapoint. If Risky Business can be misled this way, maybe this is how Bloomberg could be misled too.
That said - listening to the podcast, where he interviews someone (who is not the source) and asks them near the end "Have you heard anything about this over the last few years? Have you heard any rumours or anything to suggest China is behaving in this way?" It is a really awkward silence and very nervous laugh, with a vague reply about having seen news reports. That bit is around 22:07 in the podcast if you want to skip ahead. Then maybe go research a bit about who the interviewee is.
Am I the only one? I don't take my recollection on this as fact, but I remember a story from a year or two ago that a large company (like Apple, Google, or Amazon) would take photographs of the boards they ordered before they were shipped (likely from China) and compare it to what was delivered. The way it was described was more like that was their security protocol because of suspicions/risks of it being tampered with in transit.
Look like I may have been wrong--perhaps this was a false story planted by certain US officials to slander China. Did Bloomberg get played?
Guys, you are worse than the ZeroHedge and similar conspiracy forums...
So the secret is so important that congress is under a gag order. The two highly valued companies in the US ( Apple and AMZN ) has a gag order. But litle old bloomberg doesn't have a gag order. Isn't that a bit unbelievable?
> Guys, you are worse than the ZeroHedge and similar conspiracy forums...
Doesn't this apply to bloomberg and the media as well? The entire country is immersed in conspiracy. Not sure why you are attacking HN and zerohedge in particular. What's with the sudden attack on social media with attacks like "conspiracy"?
What do you expect of us? The discussion has to involve conspiracies because the story deals with conspiracy. Either bloomberg is right and the chinese ( or possibly other actors ) are involved in a conspiracy to spy on us in ingenious ways. Or bloomberg is wrong and they are involved in a conspiracy ( knowingly or not ) to spread disinformation. Or it could be a misunderstanding.
* They never found mailicious chips planted on any server
* They never found a vulnerability planted on any server
* They were never contacted by the FBI about malicious chips or vulnerabilities
* They are willing to state this before congress
In my opinion, this disagrees with the biggest pieces of the Bloomberg piece. Does the word "purposefully" really negate Apple's statement? It could be a matter of opinion, my opinion is that it does not.
That they are willing to talk to Congress, to my mind, speaks to how far they are willing to go on this. IMHO, if they were under some kind of gag order they wouldn't be pushing this hard.
According to Bloomberg, Supermicro has 4 contract factories for motherboards production in China. But Supermicro itself assemble in US/Taiwan only.
Do you think Apple will start producing iPhones in Apple Park's basement?
Right, they likely have already gotten everything they wanted from the article, there's no reason for them to damage their reputation by 'losing confidence' in it, and providing more evidence to support the article won't net them as much publicity/clicks/whatevers as working on the Next Big Article will.
The percentage of revenue that comes from advertising for Bloomberg is vanishingly small. Companies follow incentives, and in this case, I think we can reasonably conclude that Bloomberg thought the article was 100% accurate (not saying it is though, I think it's too soon to tell).
So nor Apple executives, nor PR department honestly know about the bug. They deny it because from their perspective there was no breach.
This might be one of the simpler explanations - Russia planted the data / evidence / sources to Bloomberg, with the sole objective being to sow chaos in the world. This, to me, is the only explanation where it makes sense that both sides think they're right - Bloomberg really did have those sources and Apple et al really didn't find any evidence of this tampering.
(Rewind to the hours after the presidential election - those who were blaming Russia already were labeled as kooks, right?)
The problem with this theory is that Bloomberg says that many of it's sources are US officials.
This is a very common pattern. American media publishes outlandish stories and the only evidence is "anonymous sources" and highly partisan agents. Iraqi soldiers killed babies in incubators. Iraq has 10_000 aluminum tubes. Iran is arresting all its Jews. China has camps with millions of people imprisoned.
The only thing insane about the whole affair is that no matter how many times it happens, virtually every time, Americans are quick to believe these reports and display virtually no skepticism. The problem isn't Bloomberg by any stretch of the imagination.
This appears to be actually true in Xinyang?
> Iraq aluminium tubes
It appears that they did try to buy the tubes, and they could be used for nuclear weapons (that's why they were embargoed) - but the evidence did not support that interpretation of their purpose.
A deeper point: journalism considers accurate reporting to be reporting that "X said Y" if X did, in fact, say Y. It does not consider itself bound to independently investigate the truth of that - indeed, attaching the reporters's assessment that the source is lying could be considered bias!
According to what evidence?
The entire story is based off remarks from an anonymous UN official on a random UN committee.  In classic style remarks from anonymous and highly partisan sources are repeated endlessly until they "become" true. There's absolutely zero concrete evidence that can be verified.
The deeper point is that Americans are trapped inside a propaganda bubble. Their outlandish understanding of the world is based on nothing more than gossip repeated over and over by their press. It's no better than Russia; the only difference is that most Russians know full well what's going on and are very skeptical of such claims.
On a deeper level I suspect Americans need to believe this nonsense, that there must be an external enemy to hate. It's not that they are deceived by the media, it's that they want to be deceived.
For a prior incident, see https://en.wikipedia.org/wiki/BadBIOS
They're a news agency. They claim to have 13 sources. If they found them to be credible, they wouldn't be lying by publishing this. Just wrong.
If Apple found no signs of hacking only tells us that their SIEM isn't good enough.
This spy stuff is Inception IRL.
 "Bloomberg News Pays Reporters More If Their Stories Move Markets" https://news.ycombinator.com/item?id=18162440
This story has been out less than 72 hours? Most of them over a weekend.
Let's let the researchers get back to work today and start actually looking for physical evidence.
Personally, I'm MORE worried with all the denials rather than less.
If there was nothing to the story, I would expect Apple to say "We don't know anything about this" and then simply ignore the ongoing kerfuffle--especially on a weekend.
The fact that they seem to be in full on PR mode at the highest levels on a weekend is somewhat worrying.
What else would you expect them to do ?
They compromised RSA, remember that?
They wiretapped everybody, remember that?
They stole internal corporate communications, remember that?
And, in all cases, the NSA was doing things far worse than the tech folks even imagined. And, in all cases, there were denials all around. Until there weren't.
So, one one side we have Bloomberg: a company who makes a living digging up market moving information. A company whose bottom line is going to be affected by this. A company who will be on the receiving end of no end of lawsuits if they are wrong.
On another side, we have the NSA, the PLA, the KGB, etc., all of whom are known to be malicious actors who would all do exactly what was described.
And, on another side, we have a whole bunch of rich companies that stand to lose quite a lot if it comes out that they were significantly compromised, or, worse, actually cooperated with any of the above entities.
I think my Bayesian priors are quite well calibrated, thanks.
After a few weeks, if we still don't have physical evidence in hand, I'll update my priors.
From what I've read such attack would be possible, and I think that if it happened no-one would acknowledge it. This allegedly happened 3 years ago so no-one is going to find physical evidence anyway.
They key is that it would be possible so the important thing here is for everyone to take appropriate defensive measures.
This is not a case of competing claims. Believing that publicly traded companies would vehemently lie instead of keeping silence or use weasel words is essentially preferring conspiracy theories.
Presenting such a case without hard, verifiable evidence is ludicrous and only works because many people are susceptible for a bad company/bad government conspiracy narrative.
This allegedly happened 3 years ago so there aren't going to be any physical evidence anyway and everyone knows it.
You know that shareholders can sue the company if they lie publicly? That is the reason why they usually keep silent or use weasel words.
Why would anyone sue Apple over this? If anything a lie would help the company as acknowledging a hack would hit the share price.
Nothing will happen, no-one is going to prove or disprove anything, and this will quietly be forgotten.
As I mentioned, the proof lies with the accuser. See
"Presenting such a case without hard, verifiable evidence is ludicrous and only works because many people are susceptible for a bad company/bad government conspiracy narrative."
If you think this is a he said/she said case, then you are deep into conspiracy territory.
Is telling partial truth lying?
By combining multiple truth as one fabricated piece, is it lying?
Are we in kindergarten? Off course it is lying.
And Luke says "we did and and it passed" knowing full well that Chewbacca marked some tests with #[ignore] annotation and one of those ignored tests covers the exact functionality that is now failing in production.
I call telling partial truth intellectual dishonesty and for all practical purposes it is indistinguishable from lying.
If I repeat a lie that I’m told, I’m merely being a dupe.