No, the boards would be selectively hacked.
And we know it happens because 'we' do it as well.
Surely there is evidence floating around but it's also unlikely that companies would want to admit the breach.
I kind of believe Apple and Amazon though, there's too much risk if they were to be caught lying.
This is a weird one ...
Have they seen any actual hard evidence? Noone is disputing that the described attack vector is possible, but if Bloomberg has not properly verified if it actually has happened, then their article becomes a lie; and if they have properly verified it (as opposed to blindly trusting unnamed sources), why are they seemingly unable to show any hard evidence or details to the public?
Ah, the Mockingbird sings...
> High Confidence:
> Iraq is continuing, and in some areas is expanding, its chemical, biological, nuclear and missile programs contrary to UN resolution.
> Iraq could make a nuclear weapons in months to a year if it acquired sufficient weapons-grade fissile material.
I'm not sure where this "the IC is this blameless group that only looks like they screw up because of those pesky politicians" meme came from, but it has no basis in reality.
Time and again, we see the CIA, and other of US' TLA-agencies, directly causing world turmoil - and yet a blind eye is turned, because "at least its our guys doing it", etc.
The world would be a much, much better place if American citizens paid more attention to what their spy masters are doing in the world. Secrecy is the lynchpin of all corruption: the fact that American's worship their secret-keeping institutions as beyond reproach, the reason we have so much turmoil in the world.
It doesn't work like that... "at least its our guys doing it" isn't some honest maxim we spout off in American fervor. It's akin to Winston knowing that when the 2-minutes-hate starts, whether you are into it or not, you stand up and blend in. Otherwise, those spy masters you mention make your life very uncomfortable, or take it away entirely. We just live here man, you don't think we actually are in charge and can make any difference...do you?
Is it a democracy or not? Are you a brave people, or are you really a nation of cowards?
The world burns while Americans do everything they can to not take responsibility for their government.
The talking heads you see on TV telling you "America thinks XYZ", or "America won't stand for <foo>!", are just that...talking heads. They aren't us, we don't know them, they don't come over and share meals...they are just a few elite that can't shut their mouth in front of a camera. It's just as shitty here as it is where you are from, most likely.
Now we have lots of propaganda. You know, like the USSR and North Korean propaganda... mantras that say we are the bravest, most "free", most prestigious people on the planet. It's just propaganda though, no one that lives here believes that nonsense. If they do, they just got off the boat...give them a year and their tune will change.
disclaimer: I'm an unhappy veteran.
As the draft NIE went up the intelligence chain of command, the conclusions were treated increasingly definitively. Only the summary of the NIE was partially declassified, and it omitted most of the reservations and nonconforming evidence. The fact that the NIE concluded that there was no operational tie between Saddam and al Qaeda did not offset
this alarming assessment."
I wouldn't call the IC or even the CIA "blameless" for Iraq either and I don't appreciate you putting the word in my mouth (we also probably share a generally sour view of the CIA - they have done too many godawful destabilizing things around the world). The IC weren't the ones ordering the troops to invade any country on flimsy politically-massaged evidence though.
What? The allegations are against super micro boards produced in China.
One of the allegations was that special purpose video encoder boards from a hardware startup that Amazon acquired (Elemental) were targeted. These aren't off the shelf boards that anyone can buy.
What details and evidence about these boards have these sources provided to Bloomberg? Are there any details or evidence?
How about no.
There's next to no way that Bloomberg's sources would still have access to the boards, and that should be considered given all of the calls here to see them.
The informant may have perfectly accurate information but be completely unable to provide physical evidence. For instance: they could have been briefed on the matter, but still have no physical access to the datacenter or to the location where the compromised servers were taken to.
A lot of the demands for physical proof make the false assumption that someone who knew about the spy chips and talked to Bloomberg would have had physical access to an example. That's simply not the case. How many of us work as software engineers in Fortune 500 companies, and how many of us could walk into one of our employer's datacenters and take a photo of the motherboard of a particular machine that we frequently work with? Not many, I'd imagine.
See: Joseph Nacchio and Qwest
What if it's the Chinese government that's putting pressure on Apple and Amazon? What would Tim Cook do if he was told on no uncertain terms that Apple would be kicked out of China and its iPhone production lines shuttered if it confirmed this story? Even if the chance they'd go through with their threats is small, it's an enormous risk to Apple and taking it would be hard to justify to its shareholders. FAANG companies are clamoring for access to the Chinese market, and that gives the Chinese government a lot of leverage.
I don't think it likely though because such a nuclear option from the CN government would have the effect of basically destroying their position in the global supply chain.
I could believe it if the denials so far felt incomplete or ambiguously worded as if they were tiptoeing around something that they were not allowed to disclose. I could believe it if all we had coming from Apple and Amazon was the usual lawyer-speak "I won't confirm of deny" bullshit. Instead we've had completely unambiguous "this is completely false and never happened". If it turns out to be a lie it's going to be devastating for the trust in Apple or Amazon.
I mean think about it, if for some reason the US or Chinese agencies wanted to downplay or shift the blame they had so many easier ways to do it that would put them in an awkward position if somebody manages to prove the existence of these backdoored mobos. If the best spin they could come up with was "just deny everything and make sure to do so at a regular interval so people are constantly aware of our denial" they really need better PR people.
Well, at this point everybody is watching for weasel words, so a categorical denial is the only thing the government can demand that wouldn't provoke suspicion.
> If it turns out to be a lie it's going to be devastating for the trust in Apple or Amazon.
Oh, please. Companies have had millions of credit card numbers stolen, and nothing happens.
Apple and Amazon would get a bit of bad press. The tech folks wouldn't trust them any less than they already do. And it would blow over in a couple weeks at worst.
At this point, my Bayesian priors are lowering on Bloomberg, but they are not necessarily going up on Amazon or Apple.
since when taking a photo of the claimed motherboard with a foreign spy chip on it is considered as "dismantle" company property?
> discredit your employer knowing that it's likely to damage them and ruin you
I thought those huge number AAPL and AMZN investors deserve some truth.
But it doesn't matter - this is happening 100% guaranteed.
'We' do it and China has become far more aggressive in these areas these days ... so if they could be doing it, they would be.
Someone should come up with a bit of proof though.
" this is happening 100% guaranteed."
I don't know what brave new world we have entered where journalists, or even online users for that matter, make confident claims about things for which there is no physical evidence.
I worked at a large high-tech firm with business in the middle east, including content-filtering solutions and we were basically 'required' to work with Western governmental entities of a 'security nature'.
The US has massive clandestine projects in this regard and some of them are not so secret - consider the recent Wikileaks: 
"The US intelligence agency has been involved in a concerted effort to write various kinds of malware to spy on just about every piece of electronic equipment that people use. That includes iPhones, Androids and computers running Windows, macOS and Linux."
All countries with active spy/clandestine agencies are spying on one another using malware, spyware, hardware hacking, phishing, social engineering, whatever. And many firms are complicit to one degree or another.
That Apple or AWS etc. may have been compromised with a specific attack makes for a really weird story - but that this is happening in general is a non-story - of course it is. It's not about this specific attack really.
What's the logic in this? This is like saying Saudis must be Christians because we are Christians as well
More specifically though, the Snowden docs showed how the usa does this kind of stuff on a one-off basis.
Also, I gave up hunting karma on HN a while back, i'd rather speak my mind honestly than be artificially censored by chasing a number.
I actually don't care what the truth [edit: truth of this specific BMRG story] is - the West needs a 'wake up call' on this one and any company installing hardware should be inspecting everything that comes in.
Too much lax security out there, sadly, the US gov I don't think is competent enough in this area to provide guidelines.
I wish there was a CIO right in the White House cabinet, who could work with the Valley + Security experts to provide minimum guidelines for everyone, and to make everyone aware of certain things.
I'm glad the internet was designed to be 'open first' but not glad it was designed to be almost inherently insecure as well. 'Open but Secure' by default would be nice :)
Why are you in this thread at all then?
I think what parent touches on in their "tangent" is indeed the most important thing to come out of this story.
What you said is not a conspiracy theory.
Of course this event is a conspiracy.
The phone companies all denied providing metadata to the NSA when the story first came out. I couldn't find the WaPo article from the same week, which I remembering reading in hardcopy, but here's a cite for the same from NPR: https://www.npr.org/templates/story/story.php?storyId=540913.... Did the SEC sue Verizon here?
Compare that with Apple's statement, which is forcefully blunt and has no wiggle room:
On this we can be very clear: Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.
All of that said, the BMC on supermicro boxes is running a super old unpatched Linux and is absolutely chock full of exploits:
I had to root one several years ago to fix a broken server we couldn't take out of service for $reasons.
I'm waiting for the libel lawsuit. The absence of one is something I can't reconcile and leads me to thinking perhaps Apple doesn't want to through the discovery process for such a lawsuit which leads me to wonder why they wouldn't...
They're very careful to say that they never turned phone records over to the NSA - who's to say they didn't turn phone records over to the DoJ, FBI, or any other agency, which then bounced them over to the NSA? I think they do have an out here. Plus, I'm not certain the SEC would sue over a matter of national security, even if Verizon was directly lying.
That such a potentially damaging allegation has not been met with a more forceful (read: lawyerly) response is "weird". That this dropped in one publication with quite a bit of detail is "weird". The timing of the responses, the rumors of trouble at SuperMicro, the timeframe of the alleged compromised boards. It's all weird.
I'm waiting for the other shoe to drop on this one.
No comment is the proper action for no admission. However, Tim Cook and Andy Jassy put out public statements if they were willingly lying, they will be prosecuted by SEC
Just noting that anonymous sources aren't unknown sources — if Bloomberg says that these are people working in US Intelligence then they've very likely validated it, but are protecting their identities by request.
Also worth noting that Amazon and Apple have a tremendous amount to lose here. That doesn't mean they're lying, but based no what we know, they have more incentive to lie than Bloomberg does. Also possible that they're already working with the government and have been asked to lie about it due to national security.
Totally possible that Bloomberg was intentionally mislead or flat-out wrong either way. It just sounds like they've done the due diligence of checking with an abundance of sources, so it would be odd. They've made mistakes before, but I don't know that they've ever made one of this magnitude. The decision to publish or not publish a story like this isn't something that one person working at Bloomberg does on a whim, many people are involved.
All other things aside, I tend to trust journalists more than corporations. There's not a lot of room to jump to a conclusion either way. Very solid 'maybe' territory all around.
Bloomberg is wrong. Apple and Amazing have every incentive to strongly deny the story.
Bloomberg is right. Multiple employees up to executive level at 30 US companies and the government know about it and are actively leaking to Bloomberg about it. Numerous boards are out there at 30+ companies as physical evidence. There’s no way Apple and Amazon could risk denying this so strongly. It’s already being widely leaked - according to Bloomberg - the cat is well and truly out of the bag and wailing it’s ass off.
It just doesn’t make any sense for Apple and Amazon to put their reputations on the line in that second scenario.
(I just wanted to point out all options)
OTOH, no experienced intelligence professional would leak information they are not absolutely sure other people have.
If true, this is vastly different from the government requesting a backdoor or various warrant canaries, this would be an actual national security threat.
> governments have the right to mandate corporate speech “if the information in the disclosure is reasonably related to a substantial governmental interest and is purely factual.”
Since that would not be the case here, I do not believe it would be legally defensible for the government to compel false statements out of both Apple and Amazon.
(IANAL, so do take this with a grain of salt)
The government could say "look here, this is an actual national security issue" and Apple, Amazon, etc could say "oh shit, you're right - how can we help?"
If this were a real national security risk, what incentive would Apple, Amazon, etc have to tell divulge the truth rather than cooperating with the government? This is vastly different than saying no to a requested NSA backdoor.
The other way around. Apple and Amazon have very strong incentives to tell the truth. This has significant implications for their business (i.e. stock price) and if there is one thing that executives want to avoid, it's SEC filings based on false information given to the market.
Meanwhile, Bloomberg has the reputation of journalists with patchy histories of security news reporting. Perhaps they've been fed a line by government sources, but there is little financial incentive to fix any errors.
That didn't make the NSA afraid of targeted interception campaigns.
I believe that secret services are doing everything we normal people dream of already, including stuff such as the hardware injections either in the Supermicro case or in the stuff the NSA did, and a good bunch more which we don't even know of yet.
Cyber warfare is all too real now.
The stuff of dreams for security researchers.
What do you mean by the second part of this? Bloomberg should have received examples of comprised boards?
I don't know about you, but I certainly couldn't get a photo of the motherboard of a dev server I work with every day, let alone take a reporter to go take a look at it. That doesn't mean I don't have accurate information to base a story on, and it doesn't mean someone else can't corroborate that information.
Reporting isn't about gathering physical evidence, it's about gathering and cross-checking testimony and documents. If credible people in the government and an NGO testify that there was a poison gas attack at a certain location, a reporter can legitimately write an article about it. That reporter isn't going to sit on the story until they go to the attack site, collect samples, and sent them to a lab; nor should they.
As you say, reporting is about cross-checking documents. In this case, the relevant documents would be the technical details of that malware - photos of the motherboard with the inserted hardware, schematics and analysis of where and how the inserted chip connects to the "real" parts, dumps of the firmware alterations, microscopy analysis of the extra chip after decapping it. Instead, Bloomberg provided "this is where it could have been" CGI illustration and "this is how the mechanism might have been" description of the process. All details about the attack seem to be made up by Bloomberg, they're not based on any real hard data from their sources.
This implies that none of their sources had (or provided to Bloomberg) sufficient detail to assume that this is what happened - if the sources say "well, there was a major supply-chain attack but we're not giving the details" then that's not sufficient to report what the Bloomberg article did, making up the details without knowing them. If the sources provided enough detail to Bloomberg, then this is the point where Bloomberg should release those details to the public.
I disagree. What if you have a the text of a government report describing the reactions to its discovery in detail (e.g. "an implant was found attached to the BMC of some Supermicro boards, here's our plan for securing the supply chain against implants as small as 1x1mm...")? What if they were shown a report but not given a copy? What if you have consistent testimony from five credible people whose backgrounds check out who read the only copy of the report in a secure reading room? What if all that is verbally confirmed by other insiders?
> In this case, the relevant documents would be the technical details of that malware - photos of the motherboard with the inserted hardware, schematics and analysis of where and how the inserted chip connects to the "real" parts, dumps of the firmware alterations, microscopy analysis of the extra chip after decapping it.
The Bloomberg reporters aren't security researchers. All of the stuff you describe is well outside their areas of expertise or what they can be reasonable expected to do. They're doing their job if they report what they learn from others, it's not their job to perform research or replicate research themselves.
Journalism is more like history than archeology, but a lot of people seem to want it to be the other way around.
Where are they? Where is their presentation of finding nothing?
It's so strange to see people continue running with "they wouldn't have doubled down unless they were really certain, so it must be true".
As the attack is said to have been discovered 3 years ago it is also not surprising that housekeeping has already been done a long time ago.
Wells Fargo committed millions of counts of bank fraud, yet they still exist and people buy their services.
BP destroyed a large part of the economy and ecosystem in the Gulf of Mexico, yet they still exist and people buy their products. One of their top lawyers just became Assistant Attorney General for the Department of Justice’s Environment and Natural Resources Division.
VW built millions of cars with hardware designed to fake emissions testing data, yet they still exist and people buy their services.
Obviously no-one would have publicised this, so if you weren't involved you would have had no idea.
The story does report that Amazon completely dropped Supermicro as a supplier following this alleged hack (that should be verifiable even if the reason given would obviously be different).
If the tech world turns their back on Bloomberg, I'll give them more credibility; not less.
I know nothing specific about the issue per se, but I am convinced that Andy Jassy is speaking the truth here, for two reasons:
1) I've never seen a company as obsessed with security as AWS, and/or with such a big budget for security.
2) There's so many actors/employees involved in the audits, security, etc, that convincing some of them to "hide" a fact like this would be just too risky for a company that big. If that were really the case, I would rather work on a contingency plan, assuming that sooner or later the "leak" would come out.
There is a tiny chance that something bad happened, and that Amazon's magic PR twist managed to still provide a truthful statement (Steve Schmidt) while hiding that. "A chance", because of the various back and forth business between AWS and Chinese companies. "Tiny", because other scenarios are much more probable and plausible.
This looks like a very poor example of journalism, on Bloomberg's side.
On a different note, I still believe that weird/illegal stuff keeps going on between companies and governments worldwide, for the simple reason that these things keep coming up when there's a new leak, or when secrecy on certain classified documents gets lifted or expires.
Here's an example - AWS VPC connections only supports IKEv1. (https://forums.aws.amazon.com/thread.jspa?threadID=252723)
IKEv1 vs. IKEv2: https://en.wikipedia.org/wiki/Internet_Key_Exchange#Improvem...
also want to know who are "we" here? please stop representing other people without their explicit consent.
There is going to be "don't tip your security hand" reticence to share so I doubt we'll get any straight answers.
Any move like this would start with the CEO. We have no idea if it’s a “hack” or a hush-hush back door provided by the feds. Let Bezos the pentagon lapdog give official statements instead.
Jordan Robertson was on TV saying companies have no "advantage" in "confirming" his reporting because "no consumer data [was] stolen." He seems to take very casually the distinction between "not disclosing" something and outright lying and engaging in an industry-wide conspiracy about it. He later tried to walk back that line but it's an interesting window into their mindset. It doesn't strike me as particularly strong journalistic reasoning.
Regardless of the truthfulness of the report, the damage is done and the hack story fits in well for the protectionist trajectory the US is taking.
Moreover, what would the Pentagon gain by running a UFO psy-op?
I've always wondered whether the magnitude of UFO sighting reports make it more difficult to glean intelligence about US aircraft/reconnaissance research. If, for example, Area 51 was responsible for cutting edge stealth aircraft research, it would be much more difficult to spy on the program through the civilian population if real sightings are indistinguishable from the flood of alien UFO sightings.
I don't have the citation on hand but the declassified PBB files are available on the Internet Archive.
You'd mused on how bad the PR disaster would prove, of Google's YouTube/G+ integration, back in November of 2013.
Five years later, that integration has been reversed, and Google are in the process of killing off G+.
Trust in Silicon Valley as a whole is low, Apple's CEO has just called for a national data privacy law in the US, and the idea of adopting a new Google product doomed to be killed shortly after is now a cheap punch line.
Google itself doesn't appear to be financially damaged, but that can take a long time to set in.
Of course, if it turns out they deliberately mislead, then that makes it worse, and it was very imprudent thinking that they wouldn't be caught.
> Joe FitzPatrick was not one of these 17 individual primary sources that included company insiders and government officials,
What you're suggesting involves both violating the trust of the source and creating the impression the news organization needs its competitors to establish its credibility. I can't imagine this is anything short of a complete non-starter for Bloomberg, an actual serious news organization.
I agree that it seems tricky for them to go to their sources and ask them to talk to some other news org however.
2017 followup by ARS Technica: https://arstechnica.com/information-technology/2017/02/apple...
So the story is 2 years old from a reporting standpoint.
"Building its own servers with motherboards it designed would be the most surefire way for Apple to prevent unauthorized snooping via extra chips.
As we've previously reported, the National Security Agency is known to intercept and modify equipment before it reaches the hands of its intended customers."
"The report comes as Apple fights the US government over whether it should have to write new software to help investigators unlock an iPhone used by a terrorist."
> Apple made its discovery of suspicious chips inside Supermicro servers around May 2015, after detecting odd network activity and firmware problems, according to a person familiar with the timeline. Two of the senior Apple insiders say the company reported the incident to the FBI but kept details about what it had detected tightly held, even internally. Government investigators were still chasing clues on their own when Amazon made its discovery and gave them access to sabotaged hardware, according to one U.S. official. This created an invaluable opportunity for intelligence agencies and the FBI—by then running a full investigation led by its cyber- and counterintelligence teams—to see what the chips looked like and how they worked.
If this was true, the public denials wouldn't surprise me at all.
Not saying that was necessarily a motivation here, but it's worth pointing out.
1. If people buy the narrative, it works as anti-China talking points and we continue to villanize China and look for US to step up manufacturing of tech.
2. If it blows up and backfires, we get to villanize journalism as a profession and push for government takeover of media to ensure honest and integrity above profit (eg fakenews).
By planted story, I mean insiders or impostors feeding lies to journalists- tho I would hope Bloomberg would know how to vet a source?
"Won't anybody think of the poor economy! These unfounded stories are doing direct damage. Disclose your sources to the government or lose your Real News License."
It's not like there aren't false stories about what happens at Apple or Amazon regularly, not that they're usually about hacking but the public calls for retraction seem somewhat as unique as the story.
You would be sure to see a denial in that case.
> They offered no proof, story kept changing, and showed no interest in our answers unless we could validate their theories
If that's really the case then it seems likely that their source may have indeed deceived them. But don't they have multiple sources?
> The article also claims ... we conducted a network-wide audit of SuperMicro motherboards and discovered the malicious chips in a Beijing data center.
Bloomberg's source for this claim must be distinct from the Israeli security researcher, right?
Perhaps, if this was a Russian HUMINT attack, it's another glorious success for GRU.
A lot of things are “plausible” but accusing people of having done the thing versus, it would be possible doesn’t rise to the standards necessary to maintain journalistic integrity.
Enough with printing anonymously sourced speculation as fact! Good journalists get sources on the record and, if they use anonymous sources, use them for background and not as primary sources. See Woodward and Berstein’s work on Watergate on how to use anonymous sources correctly.
If this article were true it would have been the first public volley in WWIII.
Spy work happens all the time; it's a normal state of affairs. One country or company stealing secrets from another country or company happened today, whether or not the Bloomberg report holds water.
It's only the first volley in WWIII if world militaries choose to escalate in response.
We live in too much of a scientific/fact driven period of time to allow this to be taken seriously in my opinion.
Wrt. the subj of the Bloomberg story - back in 90ies Russian FSB would comb through the internals of every PCs they bought for their use. That though was before Intel ME :)
The issue with trust in journalism is a real one, and as "deepfakes" and the current problems with the perceptions of "fake news" and "anything I don't like to hear is probably made up", the question of faith/trust in journalism and reporting is huge.
I don't think trust in journalism should go down. I think that when journalists and publications are caught with misleading or inaccurate stories, it should be in their interest to catch the problems and self-correct. The name of an institution is its integrity: It is built over time, and can lose its value quicker than it gains it.
There are correct ways to do journalism.
“Journalistic integrity” is quickly on its way to becoming a pejorative term, if it’s not already there.
"we don't build anything, the Chinese build it for us".
Time to pay the piper.
I have to imagine Bloomberg is also trying to find out why their story has not matched statements by the companies alleged to be involved so starkly. There is a story here, but what that story actually is is definitely in question.
The least weird conclusion is that Bloomberg connected too many dots the wrong way around and are embarrassed to admit it.
In both cases, it seemed to me that the reporters involved crafted a story in their heads about what happened, and then only sought information that confirmed their story while ignoring information that contradicted it. The Duke Lacrosse case is an example of the same thing happening in a criminal prosecution:
Another theme that I've seen is experts giving an interview about some very specific/narrow topic, which is then spun, taken out of context, or generally misquoted by reporters and presented as something different. This happened with document verification in the Killian controversy, and also seems to have happened with this Bloomberg story, according to another comment in the thread: https://news.ycombinator.com/item?id=18278023 . In the Killian case, document examiners explicitly told CBS that they were relying on poor material that could not be authenticated (see Wikipedia section "Response of the document examiners"), but CBS went ahead and characterized the documents as having been authenticated by experts.
China has only itself to blame for this.
If you threaten the nuclear option over an airline listing Taiwan as a country on their US website, what will people expect from you over an issue that could cost you billions in business?
It opens them up to exactly this kind of story, because it gives people reason to expect coerced speech. The price of censorship and coercion is a complete loss of credibility. Which means the debate continues over a story where the denials could otherwise have put the matter to rest already.
You do ask some good questions, but if apple can dropship my one macbook pro from China when I order it, I suspect they could dropship 1 (or many) of these boards to Apple, Amazon, etc when ordered. In other words, they wouldn't have to produce all of them with this special chip. Hell, they might only need to send one to each customer to infiltrate their network. If Apple ordered thousands of these, I doubt they would xray each one (assuming they're multi-layered boards).
No, I do not think that. I assume they hand modify a few boards at a time, just like the NSA.
Modifying every single board would violate one of the tenants of spying... it would make it much more likely for the implant to be detected.
I don't know why it's so implausible that Chinese intelligence is using the Chinese tech industry to carry out their operations when American intelligence uses the American tech industry to carry out their operations. Nobody said PRISM was fake news because why would Apple and Google and Facebook invest in it; the actual investment came from NSA and the cooperation of these companies is via top secret FISA warrants. China doesn't even need to maintain the pretense of legality that the NSA does.
Again, I don't think the Bloomberg story by itself is credible anymore, but I also don't think it's as implausible as you are making it sound.
How does anybody think Apple and AWS would calculate they could get away with lying like this, when Bloomberg says it’s already widely known and widely being leaked? So where are all these insiders that are blabbing? How come they’re not talking to any other journalists? What about the security experts Bloomberg says are also in on it and willing to talk?
If Bloomberg is right, this story should be wide open by now. Instead ....nothing. Not a single scrap of corroborating evidence for this supposedly widely known and broadly leaked issue.
If it were false the case would fall under libel and slander.
Someone is obfuscating truths here
Many dubious articles go unchallenged because it's often not worth pursuing legal action.
And a story with this many moving pieces, you’ve got a lot of ground to cover. It’s so very hard to prove the absence of something.
I don't really buy it, if they really wanted to gaslight Bloomberg they could do it more subtly and without putting themselves in such an awkward position if strong contradicting evidence came to light.
The magnitude matters. Meaning journalists have an incentive to stretch the truth in either direction, as long as it'll get a reaction. A journalist now has to weigh this monetary incentive against their other incentives for being non-hyperbolic, truthful journalists.
Think about articles that don't move the market: did they contain novel, important information? If so, why didn't the market move?
It seems like this incentive encourages prioritizing stories which are unreported and meaningful.