Hacker News new | comments | show | ask | jobs | submit login
Apple Bloomberg Congressional Letter (documentcloud.org)
145 points by wglb 14 days ago | hide | past | web | favorite | 100 comments



At this point, it seems like Apple and Amazon have hard facts and Bloomberg has more tales of "he said"/"she said" and didn't cross check. The journalists halved Supermicro stock value, they have a responsibility to prove this actually happened.


https://appleinsider.com/articles/18/10/08/security-research...

One guy named as a source in the original article does not accept the story as written.


What the source actually said, according to that article:

When asked what, exactly, he found strange about Bloomberg's claims, Fitzpatrick said, "It was surprising to me that in a scenario where I would describe these things and then he would go and confirm these and 100% of what I described was confirmed by sources."

You could take that to mean "Bloomberg took a scary hypothetical and pretended it was real," but if they did have other sources telling them "There are these backdoor chips in servers" this is exactly what you'd expect Bloomberg to do: go to a security expert and ask "Hey, does this really work?"

It doesn't particularly read like evidence one way or another to me.


If you want evidence, you should ask BBG for it first, who has provided none at the moment, even the picture they used is likely for illustration only, and they didn't make any declaration about that.

Technically possible doesn't mean it happened. You could be punched by your wife, does that mean she did punch you? Sorry for the inappropriate analogy, but you get the idea.


One guy named as a source in the original article claims the backdoor sounds too complicated too him, not that he "doesn't accept the story as written".


This hack is suggested to be an almost 1:1 copy of the a didactic PoC attack the source security researcher devised. The implication being that the article is based on his story rather than on any real fact.

To this point Bloomberg has presented 0 evidence of any of this. You have to understand how the burden of proof works, you can't throw a rock in the pond and expect others to jump in and retrieve it. Bloomberg made the claim, Bloomberg has to support it. Until they do I will take everything they write/claim with a tablespoon of salt. From my perspective it may very well be an attempt to hit Supermicro and nothing more.

The fact that Apple or Amazon are expected to show evidence that a yet unsubstantiated claim from Bloomberg is not real shows how low people set the bar for what reliable information means.


I love your commanding tone, reminds me of my time with the military.

"You have to understand how the burden of proof works, [...]"

I don't HAVE to do anything you say, thank god.


And you’re doing a great job at that. I was giving you a hand when you obviously needed it, a thank tou would have sufficed.

But in all honesty not understanding how something works makes your opinion on the topic about as valuble as a turd in the rain.

Understanding how things work before attempting to pass judgement is “just” a matter of common sense and decency. But since no superior ordered them and you don’t have to have them, here we are.


Half of a worthless stock isn't much of a big deal. Supermicro isn't filing basic essential paperwork with the SEC, which is simultaneously extremely fishy and also a basic prerequisite for being a publically-traded company, and this problem predates Bloomberg's article by months.

I'm not a CFP, but you should probably sell your Supermicro holdings now; they aren't gonna recover.

https://www.businesswire.com/news/home/20180821005681/en/


That's not the point. Basic principles of integrity and accountability mandate that journalists be responsible for carefully weighing the consequences of their stories. They shouldn't just charge forward without significant due diligence and then put the onus on everyone else involved to prove the story isn't factual. That's specifically a component of their job when they're breaking the news.

That a company's share price is already bruised or disreputable has no material impact here. It doesn't matter if a company has pre-existing and systemic financial problems; that doesn't mean we can be cavalier about publishing news that will wipe out half its value in a day. This kind of cavalier approach to company valuation isn't suitable for considering the consequences of erroneous stories.

Moreover I think you'll find that regardless of how much you believe the stock is worthless, there is actually an objectively quantifiable loss that was suffered here. If you still believe the stock is worthless even after this reduction in share price then by all means short it. But you can't speak for the entire market, which clearly demonstrates that many parties disagree with you on Supermicro's valuation. Presumably some of those parties will be a little miffed if the Bloomberg story turns out to be largely incorrect - you can't just shrug and tell them, "Hey that stock is worthless, you shouldn't have owned any of it anyway."


It was delisted from NASDAQ. It's a pink sheet/OTC stock. That is the highest level of "buyer beware" caution flag you can give. They're not a foreign company like Nintendo that doesn't want to go through regulatory hurdles. They haven't been able to bring their accounting up to standard for over a year.

If you think there's a "fair market value" of a company that can't meet basic financial regulatory and accounting practices that is anywhere above the price of toilet paper, then I suggest you don't put any money in the stock market.


None of that detracts my point. The company's pre-existing financial standing is not a suitable defense for loosening the standards of due diligence in journalism. If you're in a store and you break an item that was already scratched, you don't get a pass.



SMCI has 84% institutional ownership and only 20% held by insiders.

Nobody really thinks it's worth anything but the large holders don't have to write down yet and probably are diversified across the industry. The market cap is like half a bil -- that's _tiny_ for a company as big as SuperMicro...even at the bil it was before the article.

The stock is garbage.


Again, that doesn't really have anything to do with my core point.


"At this point, it seems like Apple and Amazon have hard facts"

Hard facts? Which ones? An independent review of all server hardware by an external auditor? Call me stupid but I don't think companies can audit themselves if a lot of money is at stake. Not saying Apple is wrong, but for now we still have "This isn't the case because we say so, believe us." nothing more.

It will be interesting if Bloomberg has a followup or if they fold.


To be fair, the accuser (bloomberg) still has "this is the case because we say so, believe us."


Uhh, Apple and Amazon are providing very few hard facts... and have a HUGE amount to lose if the story is true.

I wouldn't take anything as certainty at this point, not even close.


> If any of the reported details cited above were true, we would have every interest—economic, regulatory, and ethical—to be forthcoming about it.

That's the key argument.

This isn't just a "your word against mine" type of thing. Were this issue true, then it could represent a significant legal risk to Apple.

Categorically denying something that can easily be proven by an external audit (a scenario that they cannot rule out might happen), as strongly worded as they did (excerpt below), would open them up to a huge legal liability in addition to the security issue itself, and for no real upside.

> In the end, our internal investigations directly contradict every consequential assertion made in the article—some of which, we note, were based on a single anonymous source. Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server.


They're already on the hook for an enormous liability if it's true, so lying about it isn't really the worst option if there's even a small chance it avoids the issue.

After seeing what VW did with emissions, I wouldn't say any huge corporate cover-up is out of the question. Especially considering this situation would be very bad even if did happen and they were 100% truthful about it (it would create huge problems with China for them and their supply chain).

We just can't reasonably make conclusions either way yet.


Not even the same. The VW coverup was to coverup a specific, fraudulent behavior by the company in an attempt to commit fraud.

The Apple situation is basically a reporter with no named sources saying that Apple itself was fooled by outside sources. There's a HUGE difference between willful fraud (VW) and corporate embarrassment (Apple IF it was true).


Well my point is that it could be corporate embarrassment AND willful fraud to cover up the corporate embarrassment. They have a huge incentive to lie, because even if they were truthful from the beginning and this did happen... it would be very bad for them.

I also think this goes far beyond "embarrassment" — this is something that could potentially destroy Apple's supply chain.


> They're already on the hook for an enormous liability if it's true

Correct, but this liability would (most probably) be based on showing some kind of negligence.

> so lying about it isn't really the worst option if there's even a small chance it avoids the issue

Deliberately lying about it would be fraud. Getting caught with that would dramatically increase the liability.

Since you used the VW example: do you really think it would have cost VW something around the order of $30bn if some foreign power had manipulated their emissions test without their knowledge? Or that executives would have been arrested?

> After seeing what VW did with emissions, I wouldn't say any huge corporate cover-up

This isn't a cover-up, though. This is Apple expressly addressing the issue, and categorically denying every part of it. To everyone, up to and including Congress, no less.


Let's assume it's true: Does Apple have a choice other than cover-up?

Let's say this was the first they're hearing about it, and it turns out to be true.

Can they publicly state the truth, point the finger at China in the process, and risk having to immediately uproot their entire supply chain?

Is there a course of action that's better than outright public denial?


> Is there a course of action that's better than outright public denial?

Sure. "We are currently investigating this issue and cannot comment until the investigation has concluded and we have determined the attackers, their motives, and possible mitigations".

> Can they publicly state the truth, point the finger at China in the process, and risk having to immediately uproot their entire supply chain?

Note that there is no reason to point the finger at China yet, only suspicion, but even if this were the case: I think China would stand to lose more from any uprooting.

This would affect Apple short-term, but Apple has, for all practical purposes and intents, unlimited amounts of cash, and they could build up a new supply chain. Weren't they keen to move production back to the US anyway?

China, on the other hand, would permanently lose this production line, and access to all the IP that comes with it.


>Let's assume it's true: Does Apple have a choice other than cover-up?

Yes, they can state that they detected a hardware based security intrusion and have mitigated it.

Bear in mind according to the Bloomberg article the government and several other companies know all about this already as well. If the Bloomberg article is true there are thousands of these compromised motherboards out in the wild at multiple companies. There is no way on earth Apple could ever get away with a denial, so why do it?


>> Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server.

Then where are they buying their hardware? Every company that I've talked to who purchases electronics from China has had issues. Stuff isn't as ordered. Strange boards are added. You have to rigorously inspect everything. Nobody has told me about rice-sized stealth chips, but malware, old firmware (ie with known/public vulnerabilities) and under-spec parts are a norm in the industry.

What seems odd about this Bloomberg story is the difference in intent. Rather than a supplier trying to save a few bucks, or a wayward employee inserting something to harvest CC details, they ascribe this to government conspiracy, to a cold war battle between secret squirrels.


The reason I'm skeptical of the story is that the people inspecting hardware at Apple are at least as smart as I am. If I would do a certain thing to inspect hardware and firmware, then that means Apple would do at least that thing.

Those are brilliant hardware guys. I'm having a hard time seeing how you sneak something by them. I think maybe in the firmware? (But probably not. They've also got the most brilliant firmware security guys on the planet.)

And on the off chance that this thing did slip by, a picture was provided of the purported part. It would have been a simple matter to go back through all of your audits looking for that part. Because if I'm smart enough to catalog and record my hardware audits, that means that Apple was doing so a looong time before I was.

I don't know man?

I'm getting more and more skeptical of this story by the day.


That chip picture is apparently a 'coupler' example photograph provided by Fitzpatrick, the security consultant. In the podcast mentioned below, he apparently was very astonished to find it as it means Bloomberg never saw the chip itself


I’d assume it’s a sampling problem. Do they fully inspect every board? If they ship three modified boards for an entire data warehouse could that be sufficient?


>> I'm having a hard time seeing how you sneak something by them.

Apple orders in bulk. They aren't x-raying every server bound for their latest datacenter. I've worked with companies that do examine for every tiny imperfection. It costs thousands per-server and means significant and often random delays (defense industry). If apple, a publicly-traded company, were so rigorous they wouldn't be able to hide the costs. So we know they aren't.

I'm sure that apple does inspect systems that it deems vital to its internal systems, but servers meant for customer use are too numerous.


I don't understand why you are confused. It's the difference in intent that you mention in your last paragraph that Apple is referring to when they say 'purposefully planted'. That's they key allegation by Bloomberg, that these are demonstrably purposeful malicious hardware features.


There's something fishy going on here. I don't really think that Bloomberg would fabricate the story out of whole cloth, so there has to be something there somewhere. It's possible that they were duped, but if they didn't make some efforts to corroborate the story, that would be shockingly poor journalism, the kind of thing you expect from the National Enquirer, not a major financial paper.

On the other side, it doesn't take much of a lapse in QA to let a single bad part through, when you are dealing with billions of components like Apple is.


My understanding is that while the sources were left anonymous, they were definitely confirmed as intelligence agents by Bloomberg... so if they were duped, it's a pretty serious (propaganda-level?) duping.


This is where Bloomberg is already caught playing little loose with the truth. They are saying they have 17 sources, some of which are intelligence officials, but that doesn't mean they have 17 people confirming the specifics of these incidents. Apple's response notes that the accusation is reliant on a /single/ anonymous source. Intelligence officials may have simply confirmed that China is interested and tried to do this kind of thing.


As Greenwald pointed out years ago, it's sensible for readers to ask why sources are anonymous.

If they're saying something inconvenient to their government or employer, that's neutral or even positive for their credibility. If they're saying something convenient but classified or otherwise not-for-release, that's generally neutral; 'authorized leaking' is an established practice. But if they're saying something that won't cause them problems and isn't a secret, then it's strange. It raises the possibility that they're anonymous because the claim isn't true and they don't want to be embarrassed, or even that the story writer encouraged anonymity to hide the weakness of the source.

If Bloomberg is saying "we used 17 sources including intelligence officials and an anonymous source who confirmed the hack", well, easy money says the key anonymous source doesn't measure up to the other 16.


Well, the Smith-Mundt Act[0] was repealed in an NDAA passed a few years ago under Obama...

[0] https://en.wikipedia.org/wiki/Smith%E2%80%93Mundt_Act


Didn't one of Bloomberg's own technical sources do an interview on Risky.biz yesterday about how flawed the story was, and release letters they sent to Bloomberg after reading the story complaining about it?


yes, tldl he’s an expert in hardware backdoors who spent several months emailing explainers about how a hypothetical implant could work to an author of the piece and it turned out to be nearly verbatim the same as the one in the article, which he found suspicious

https://risky.biz/RB517_feature/


Maybe it doesn’t take much of a lapse in QA to let a single bad article through, when you’re dealing with hundreds of articles like Businessweek is...


It was the cover of last weeks issue, they had to have a known-good story for it to make it that far.


They wouldn’t intentionally, but they employ a lot of shady, targeted journalism to get their technoscare stories. As far as I know, they don’t have and have never seen an actual physical one of these chinese pins. Why they still ran the story based on just interviews is nuts, they had to know they’d get called out and (probably)sued for hundreds of millions of dollars. Seems like a bad idea, when your only evidence is the anonymous testimony of less than 20 people.


Putting my paranoid hat on, this is eerily similar to the Iraq buildup. From the anonymous govt intel sources to the pictures in a mainstream publication to the throaty denials. What really drives the point home in my mind is that FAANGs have no way of completely exonerating themselves in the Court of Public Opinion, much like Iraq, without caving into several of the demands.

To put my tin foil hat on, will we be seeing increased pressure for physical inspections of FAANG hardware?


While you’re wearing that hat consider that a future legislation on trade restriction with China might benefit from this story, even if the story proves false.


That story either caused or was coincidentally timed with a multi-day nasdaq futures crash. The story broke, and within minutes the NQ was in free-fall. DJI and squawks all attributed the sell off in-progress to the breaking story. Any possible fine levvied against bloomberg would be absolutely insignificant against the profits that crash created. Whether that was intentional is pure speculation...but it's sure interesting.


It was kind of explained in another HN story earlier today. https://news.ycombinator.com/item?id=18174930

Basically one expert described how a hack could be done and the journalist re-wrote it as here's how China tried to hack.

>In September when he asked me like, “Okay, hey, we think it looks like a signal amplifier or a coupler. What’s a coupler? What does it look like?” […] I sent him a link to Mouser, a catalog where you can buy a 0.006 x 0.003 inch coupler. Turns out that’s the exact coupler in all the images in the story.


Maybe relevant: Here is a podcast with Joe Fitzpatrick, one of the sources named in the Bloomberg article, who expresses doubts about the "Big Hack" story:

https://risky.biz/RB517_feature/


Until someone produces some actual compromised hardware, I'm leaning towards Apple on this one. I don't know what is going on, and I fully trust that Bloomberg was very confident in the story, but for Apple to deny this so strongly, repeatedly and vehemently indicates to me that they are telling what they believe to be the truth as well.


This is what I am thinking as well. The initial denial could be due to a gag order if the investigation is ongoing or if the information was simply deemed classified. However, to go to these lengths to deny the story makes me feel that Bloomberg may not have gotten all the facts straight.


Perhaps someone created a disinformation campaign against Bloomberg? That would fit the facts we observe - Bloomberg is adamant in their story and Apple/Google are adamant it’s entirely false.


This is the best solution I’ve heard yet. On the one hand I can’t believe apple would make such a strong categorical denial of it wasn’t a false story. At the same time, a Bloomberg reporter is not going to risk a career unless they had strong conviction with their sources and Bloomberg is not going to risk their reputation unless they felt the sources were solid and fully vetted.


Once again, this is easy for Bloomberg to prove: X-Ray or it didn't happen. Fake news. Surely the factory produced more than a few of these mobos. All the world needs is an X-Ray of one board with the magical chip.


> Once again, this is easy for Bloomberg to prove: X-Ray or it didn't happen. Fake news. Surely the factory produced more than a few of these mobos. All the world needs is an X-Ray of one board with the magical chip.

That's not true, and fundamentally misunderstands what journalists' job is. They're reporters not researchers: they report on information in testimony and documents they acquire, they don't do the research to to create that information themselves. They cross-check testimony and documents between multiple sources to verify the information, they don't replicate research.

Bloomberg doesn't have a bugged motherboard to X-ray. Per their story, all of those were owned by other entities. There's very little reason to expect that they have an example, since they weren't a target and the people they talked to were likely not authorized to hand over their employees property. Given that, it's unlikely they even asked for one since it would have been a foolish request.


If nothing else, this has to put to rest the "gag order" or "NSL" conspiracy theory.


OK so no material details are provided in this letter. I am not aware of a single f500 company that was not breached at some point so we have not found any servers because we have various security tools installed is not really meaningful. Scanning outbound connections is not a meaningful defense in this case there are legitimate outbound connections going to say China and given China's ability to capture any inbound traffic there are def. ways to ex-filtrate data without raising any flags.


...But as I understand it, the Bloomberg report states that specific pieces of hardware were found by Apple, and Apple states that they have found no such thing.


This all depends on what gag orders are in place if the Apple source was off on having precise information of who discovered what etc. To me the language of all Apple communications so far look to be very carefully worded same for DHS.


Gag orders can only force companies not to say the truth. They can't force them to lie.

They certainly can't compel them to make such clear, specific, long-winded, and persistent denials of claims like these. That kind of thing's the stuff of conspiracy theories and Hollywood plots.


Which part of all statements made so far would be a lie if an issue was discovered by some unit under DHS or a 3d party entity?


With regard to DHS, Apple's Congressional Letter states:

> On Saturday night, the U.S. Department of Homeland Security joined the U.K.'s National Cyber Security Centre in saying they have no reason to doubt the statements we've made.


If DHS has an active investigation how them saying they have no doubts about statements Apple made be a lie. Apple stated: 1) They have not found the chips 2) They are not aware of FBI investigation 3)They are not seeing any evidence of exfiltration, cc based on their security systems


I responded to your question:

> Which part of all statements made so far would be a lie if an issue was discovered by some unit under DHS or a 3d party entity?

If the DHS says "they have no reason to doubt the statements [Apple] have made", it means that no issue was discovered by a "unit under DHS". Otherwise, the DHS would have reason to doubt Apple's statements about being compromised.


I think you make a reasonable point here, but it doesn't change the facts about what reasonable attack surfaces are, made elsewhere.

For example, why place a detectable piece of hardware onto the MoBo, instead of just installing malicious firmware? The hardware piece is going to be limited in capabilities and much easier to detect. Given the level of access required for this "hack," it makes more sense to just write the bad firmware to do all the tricks. Especially since, as far as I understand, the malicious chip modifies the firmware anyway.

There are far too many reasons to be skeptical of the article, and the parties involved have motives that are very easy to trust.


> For example, why place a detectable piece of hardware onto the MoBo, instead of just installing malicious firmware?

Because the supply-chain may be verifying the integrity of the firmware? Firmware is "detectable" too. It's detection is probably easier because so much of computing is software focused nowadays.

Hardware implants have certain advantages: no one may be looking for them and they're extremely resistant to removal attempts.


I agree that would make way more sense in general but who knows maybe Apple is reflashing them with verified image or some other procedure that would make that not a workable approach.


What would it take to convince you that there are no rogue chips, malware or security compromise?

I don't personally know if the Bloomberg story is false. But I do know that, so far, it's essentially unsubstantiated. So let's assume for the sake of argument that the Bloomberg story is incorrect. What would you expect a company to do other than issue a strongly worded denial and explain their side of the story? What would you have them do, publish their entire network logs and supply chain security assessment notes just because an unsubstantiated story claims they were compromised?

In essence: it sounds to me like you're demanding evidence to disprove an accusation that doesn't have any evidence. That doesn't strike me as a fair or rational way to ascertain truth.

Now I have a few responses to your specific points:

> I am not aware of a single f500 company that was not breached at some point

Most Fortune 500 companies have not suffered a breach. Every single company in the world has critical/high severity vulnerabilities in any given software product at any given time; this is the essential nature of software in 2018. A breach is something categorically different: it consists of a technical security vulnerability which has been demonstrably exploited to achieve tangible data compromise and exfiltration. Unless you have access to information I don't, no, most Fortune 500 companies have not experienced this. Consider that tech journalism has begun to conflate security vulnerabilities and actual data breaches in recent years.

> Scanning outbound connections is not a meaningful defense in this case there are legitimate outbound connections going to say China and given China's ability to capture any inbound traffic there are def. ways to ex-filtrate data without raising any flags.

This kind of claim borders on fantasy and conspiracy theory. Apple employs more security engineers than most companies in the world employ people period. If your threat model provides your adversary with vague omnipotence such that they can exfiltrate data undetected across countries under the nose of one of the most capable information security teams in the world for months at a time, then the entire discussion is moot. If you honestly believe that's a reasonable thing to believe then our disagreement is fundamentally insoluble.

Do you honestly believe it's reasonable to say no material details were provided in this letter when you're talking about data exfiltration from Apple with no material details of how China would do that? You can't just give fantastical powers of exploitation to an adversary because they're a country.

If we bring this down to reality we have the following observations:

1. The attributes and capabilities you're assuming of the adversary in this story are not only unproven, they're unfalsifiable. We can talk about what could be possible all day long, whether it's the NSA, China, Russia, chemtrails, 9/11, etc. I can also claim there's an invisible 0day that can compromise our entire electrical grid sitting on my desktop. Prove me wrong?

2. Bloomberg's story is essentially unsubstantiated. The sources are anonymous and several claims rely on a single source. At least one source has come forward to disagree with the story as written.

3. Every company involved in Bloomberg's story has issued vehement denials. If your response to a denial is, "But there could be a gag order!" then I'm frankly curious what level of evidence you think is required to refute an accusation that has no evidence.


"Most Fortune 500 companies have not suffered a breach." Yes I work in the industry specifically for entity that handles wast majority of IR for those breaches and from what I've seen the above holds true.

"This kind of claim borders on fantasy and conspiracy theory" this pretty far from my domain of expertise but you have to deal with multiple limitation 1st you are not scanning 100% of everything 2nd if you flag aggressively you will not have enough man power to investigate each flag Apple or not. By being able to install equipment and telecoms and exchange points China can easily devise an exfiltration scheme that would be practically impossible to detect (e.g. the only thing you see 1 in say 100K packets from a legit connection being dropped somewhere along the route ).

"Do you honestly believe it's reasonable to say no material details were provided in this letter" Yes


>"Do you honestly believe it's reasonable to say no material details were provided in this letter" Yes

Can specify what material details a company could provide, in theory, in face of such a claim, to prove the negative?


We have conducted a thorough physical review of a large sample of server population and have found no evidence of presence of blah chips coupled with DHS statement that would state that DHS or any of it's units has no evidence of the alleged issue.


how could they provide material details? xray every server they have?


That def. would be taken seriously. So far they are basically stating they believe there is no issue because they deployed advanced security systems and they see no evidence of basically cc or exfiltration. For unknown attack signature an ML engine would be used they are few % of 100% detection rate. A state level APT can easily have a lab that basically has samples of 10 leading sensors that would be basically covering 99% of the F500 market and they can test their tools against those sensors.



[flagged]


Saying this is as stupid as trusting any articles.

Yes, a lot of journalist do a very good job at providing crucial information that is vital to a democracy.

Journalism is an important counter-power. Without journalism you wouldn't be aware of corruption, abuse of power and many other things.

Yes there is tabloïd, yes there is bad reporting, bad journalism and yes, in the age of internet, even reputable journals spread unverified news. But dismissing an entire profession is amongst the most dangerous thing you can do.

If you have an issue with some journalist, you can go and pay for journals that do a good job at verifying sources and do real investigation jobs. They are here, they exist.


@cronz. Not all jurnalists are created equal

[meta] While the comment is very poor, lacks a deep consideration and can be considered stupid without a need for a deep analysis, WyTF is it dead? How not leaving it up to be downvoted into oblivion is a bad idea?


> Yes, a lot of journalist do a very good job at providing crucial information that is vital to a democracy.

Journalism isn't vital to democracy. It didn't exist in the democracies of ancient world ( greece or roman empire ). It didn't exist during the founding of the US.

> Journalism is an important counter-power.

It can be a counter to power or it can be a servant to power.

> Without journalism you wouldn't be aware of corruption, abuse of power and many other things.

Of course we would. Do you really think people weren't aware of corruption before journalism?

Journalism, like all institutions, can be used for good and evil. And they can be corruptible. It can be used to shed light to corruption or it can be used to hide corruption. It can be used to hold the powerful accountable or it be used to spread propaganda for the powerful. In the US, journalism has primarily been for the latter. Feel free to read up the history of newspapers and who created them. It was wealthy( bankers or tycoons ) and politicians who created our prominent newspapers.

> They are here, they exist.

If they do exist, they must exist as independent journalists.

The problem with modern society is that journalists have duped everyone into thinking they are essential and they are objective/good/fair/etc. I don't think anyone paying attention believes this any more. The problem with journalism is that there are no checks and balances. Nobody holding journalists/journalism to account. A lot of it has to do with the fewer and fewer corporations owning so many media outlets and of course the ideological conformity enforced in almost all of the media.


> Journalism isn't vital to democracy. It didn't exist in the democracies of ancient world ( greece or roman empire ).

The Roman empire was (according to my limited research) a republic, not a democracy as you might imagine one today:

> Once free, the Romans established a republic, a government in which citizens elected representatives to rule on their behalf. A republic is quite different from a democracy, in which every citizen is expected to play an active role in governing the state. - http://www.ushistory.org/civ/6a.asp

Greek demporacy seems to have at some point come to an end,

> Around 460 B.C., under the rule of the general Pericles (generals were among the only public officials who were elected, not appointed) Athenian democracy began to evolve into something that we would call an aristocracy - https://www.history.com/topics/ancient-greece/ancient-greece...

> It didn't exist during the founding of the US.

I'm pretty sure it did:

> The History of American journalism began in 1690, when Benjamin Harris published the first edition of "Publick Occurrences, Both Foreign and Domestic" in Boston. - https://en.wikipedia.org/wiki/History_of_American_journalism...

Even so, journalism certainly developed over the years after that because we can see it happening now.

> It can be a counter to power or it can be a servant to power.

That much can be seen. There are egregious displays of bias on both sides of the political spectrum, and it is important (IMO) to hold journalists to account using critical thought and facts.

> Of course we would.

If it's so obvious, how do /you/ think people became aware of corruption?

> Do you really think people weren't aware of corruption before journalism?

Yes and no. I would guess that lots of news was spread via word of mouth which would have been unreliable and risky (dissent within earshot of someone with the wrong loyalty could get you punished).

> The problem with modern society is that journalists have duped everyone into thinking they are essential and they are objective/good/fair/etc.

The problem, that's a pretty big statement, please give some examples.

I would agree that A problem with modern society is the manipulation of the population by (some of) the press, but it's not the /only/, or necessarily biggest, problem.

> I don't think anyone paying attention believes this any more.

I don't think that it's really changed that much. People haven't (as far as I can tell) got more manipulative or biased, it's just that the tools have changed.

> The problem with journalism is that there are no checks and balances.

Something that's hard to do if you have a "free" press I suspect.

> Nobody holding journalists/journalism to account.

Other than perhaps the readers themselves.

> A lot of it has to do with the fewer and fewer corporations owning so many media outlets and of course the ideological conformity enforced in almost all of the media.

I think we can assume that "ideological conformity" is a synonym for "bias", as we're talking about two different ideologies, liberal and conservative and the media being biased towards one of the other. I was curious so I looked up some research:

- systematic research has found no consistent partisan or ideological favoritism in news content despite fre- quent complaints of biases. - http://eds.b.ebscohost.com/eds/pdfviewer/pdfviewer?vid=1&sid... (The Liberal Media Myth Revisited: An Examination of Factors Influencing Perceptions of Media Bias)

- "We did indeed find remarkable balance in candidate valence coverage" - https://www.researchgate.net/publication/238429795_Elite_Cue... (Elite Cues and Media Bias in Presidential Campaigns)

I'm paraphrasing this one because it's a PDF in image format and I can't copy/paste, but you can go and read it yourself:

- "People [conservatives, democrats not s much apparently] have been taking cues from political elites related to media bias and have started to believe media bias exists where none does" https://dshah.journalism.wisc.edu/files/2017/01/JOC1999.pdf

There's almost certainly more reseach on this issue, I encourage you to go and look some up https://scholar.google.com/


This is an interesting podcast[1] describing the phenomena you're experiencing. At a high level, you're inclined to believe anyone that aligns with your views regardless of intelligence, logic, expertise or facts. It goes into how people cognitavely consume and intercept news.

I would say that I'm personally still open, but I think Apple has done over the years to earn its reputation of trust than Bloomberg. I feel like Bloomberg is going to double down in the next few weeks, but we'll see what happens.

[1] - https://dataskeptic.com/blog/episodes/2018/cultural-cognitio...


Personally, I feel that Bloomberg is a generally trustworthy source and when it comes to security, Apple is a generally trustworthy company. So there's an interesting juxtaposition here.


I have asked myself (only half seriously) if what we are seeing here is not an attack on Bloomberg instead of Apple or Amazon.


Apparently this isn't even the first cybersecurity story these particular Bloomberg reporters have screwed up though: https://twitter.com/RobertMLee/status/1049617855396933632


Note that the author of the tweet you're linking also believes that these reporters were being honest about what sources were telling them.


Sure, don't believe journalists, believe online sockpuppets


You only believe what company pr says?


[flagged]


This seems like a callous thing to say.


what an awful looking letterhead design, I'm surprised


That’s funny, I sent it to a colleague saying how nice it was to see something so simple yet distinctive.


For me it seems that there are more coincidential elements here than what is apparent - for example the disappearance of the Interpol chief, etc. https://newcompendium.com/2018/10/the-chinese-chip-is-just-t...


Surely this Apple execs would be the first execs to ever lie.

I'm interested by the Bloomberg follow up or if they fold.


Let's say Bloomberg did its due-diligence is telling the truth. That doesn't mean Apple here can't also be telling the truth as they see it. Bloomberg could have spoken to a few select individuals who shared things only they knew. I don't see any reason they couldn't have kept this hidden from others, allowing the upper management plausible deniability. These people lower on the totem pole could report to the government, and upper management could deny all day long.

Couple this with my own personal experience with Apple sharing personal data it had no right to share, and the fact that only a single person signed this letter, and Bloomberg still not backing down, Apple has a way to go. They could start by having every person would would remotely be involved with something like this (from top to bottom) signing a legally binding letter attesting that Bloomberg's story is not true. Until you have this, it only takes one individual who hid something from Seniors to make this true.


Obviously people started to investigate this hack too much, so the US government forced Apple using a NSL to write a letter to Congress denying that any such hack occured. The Congress probably knows the truth, but they are also under NSL.

Expect letters to Congress from Amazon and the 30 other hacked companies.

It's the only way to kill this story, after they made the unbelivable mistake of forgetting to NSL Bloomberg despite having requests from them to comment on this story for months. Somebody is getting Guantanamoed over this slip.


NSL can not compel you to lie, it can only compel you to stay silent. There’s decently extensive case law to support that.


I’m not a lawyer, I’ve merely read news stories about how NSLs and associated court cases are overly-secret (https://en.m.wikipedia.org/wiki/Lavabit).

Given what was reported in the Lavabit case, how sure are you that there is no secret caselaw which does, in fact, require companies to lie?


Look up the case law surrounding “compelled speech” if you’d like more details.


This is the only possible explanation. Other than the other, much more plausible, one.


> This is the only possible explanation

There are a lot of possible explanations. As someone who finds both Bloomberg and Apple credible, this is potentially far more interesting than “one of them is totally lying.”


Zoom in a bit and forget about Bloomberg's credibility as a whole and look just at the journalists involved in this story. This isn't their first time hyping up garbage, but it's a lot more audacious:

https://twitter.com/RobertMLee/status/1049617855396933632


Congress reports to nobody but their constituents. They cannot be "under NSL".


No, but if members that have security clearances were clued in on it, they would not be able to divulge anything and would be compelled to say nothing.


Compelled by what?

Compelled by the lifetime NDA the government makes you sign.



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: