Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple CEO Tim Cook Calls on Bloomberg to Retract Supply Chain Hack Story: 'There's No Truth to This'
- Thread starter MacRumors
- Start date
- Sort by reaction score
Why would congress be involved? This is a story about a news organisation reporting on what they believe is happening to other US companies. Why should, or people want, the Government get involved?
I was responding to a dishonest comment. I don't think they should be involved in this, but at the same time, they're not trying to blame Putin for things he's not involved in. Unfortunately, they're also busy not blaming him for things he IS involved in because that would make the President look bad (worse, really).
If Bloomberg really "had it out for Apple", they should have:
1. Reported the story, omitting all mention of Apple at first.
2. Waited for the Apple community to respond to the story with "SuperMicro sucks", "Amazon sucks", "I will never shop on Amazon", etc.
3. Published a followup where they include their information about Apple.
4. Waited to see if the Apple community changes their response to the whole story now that Apple is involved, and call it out.
Last edited:
No.
Apple as someone said since my post (and which is correct, I went back and read the original story again) loaded a driver from Supermicro that was infected, thats been known since shortly after it happened. There is nothing different on the board, Supermicro was distributing a driver with a virus/backdoor or some sort, Apple (and others) downloaded, apple realized it (others realized it as well), they contacted Supermicro, eventually for that and possibly other reasons Supermicro was replaced on future orders of Servers for Apple (the official reason from Supermicro is price). Bloomberg says categorically that they are not talking about that board in their article. Bloomberg says boards were relaid out to add an additional part by the Chinese government and the chip takes over the machine and phones home to a computer and that 1000s of these Servers were shipped to and are sending data from 26+ companies in the US. They are quite sure its a hardware hack, it does everything, it doesn't care what software is loaded onto the system. They also say that Amazon and Apple both discovered these boards, that Apple replaced 7000 servers in a number of weeks to remove every Supermicro from their building and that Amazon did the same. They also say that both Amazon and Apple contacted the FBI and that the FBI has been running a huge investigation on the computers the data is being sent back to. Now both Apple and Amazon say it didn't with none of the usual, to the best of our knowledge, etc, we get from those who are parsing the answers, and also Bloomberg admits that during the entire investigation, both Apple and Amazon said that it wasn't true every time they called and Apple has had at least 4 internal investigations to find out how the story even got started, because nothing like it has happened at all according to both past and present Head Counsels.
So no, someone loading a virus infected driver on a Supermicro server in an Apple lab is not the same thing Bloomberg is saying, everyone who was reading Macrumors two years ago knows about the Supermicro driver issue, doesn't make the Bloomberg article factual or make Tim a liar for saying its not. Because we don't have a motherboard with a custom phone home chip on it, we don't have 7000 servers being replaced and literally we don't have the SEC giving Record fines to Tim and Jeff Bezos. As I said in an earlier post my company spent probably 50K because the new VP was worried we were one of the "almost 30 companies" with this problem several who don't know about it all because Bloomberg thinks the Windmill is an Giant.
-Tig
[doublepost=1540095646][/doublepost]
If you think Bloomberg is right and this did happen, then you should be DEMANDING that congress gets involved. According to the article, the chinese are still getting all the information they want from 20+ companies in the US, including a major bank, and the US Government is still buying Supermicro servers for the NSA and other government services, really think we should be paying good money for servers with backdoors that send all the data to China? Really don't think the US Congress shouldnt ban us from buying servers with a backdoor for the Chinese Government?
-Tig
Last edited:
The article states that the boards came from a factory located in China but that doesn't mean the Chinese are behind it.
If the story is true and there is Chinese state-sponsored hacking against two (or more) of the largest American companies then the government should be involved. Especially since the US Government uses both Apple and Amazon products and therefore would be affected by this.
And yes you can say "We don't know China is behind it", but that doesn't actually matter. It could be Phil in New Zeland that's behind it - if it's true then the hack compromises the American Government, and they should absolutely be involved, whether or not it's from China, Russia, Luxemburg or Steven in his basement in Canada.
Dunno, stuff like this starts to push me from former Apple customer toward solidly anti-Apple. So not all publicity is good.
I'm sorry please reread the article, the article says quite plainly that Chinese government officials bribed the managers of the factories to allow them to modify the boards and add the special parts in. Its right there in black and white.
-Tig
Saying that there's no truth to it is a bit too harsh even if it turns out that the story is bung, which I suspect is really the case here.
What I suspect happened was that there was just one big game of Broken Telephone where a bunch of separate stories came together to form one big story that sounded very believable because every piece was based on something real. This would explain the rather large number of individual sources listed in the article.
The list of stories that I'm referring to here is as follows:
- Tiny grain-of-rice sized computers, or rather smart sensors, being touted pretty heavily back in 2015, one making the cover of Popular Mechanics
- The Snowden leaks exposing how the NSA had started bugging CISCO network equipment by intercepting shipments, fitting them with hardware bugs and then re-sealing the packages with counterfeit seals
- Years of rampant Chinese cyberattacks and espionage efforts by both private and public actors against American government and private actors, including companies like Apple, Amazon, etc.
However most importantly:
- SuperMicro server boards found around 2015 to be suffering from rampant security vulnerabilities that allowed external parties to install infected firmware and thus infecting servers with very limited ways to protect them and even more limited ways to detect infected servers
The last part actually caused multiple big companies, including Apple, to get rid of their SuperMicro servers for very clear security-related reasons. I suspect this is probably what started the game of broken telephone that finally resulted in this story being published.
What I suspect happened was that there was just one big game of Broken Telephone where a bunch of separate stories came together to form one big story that sounded very believable because every piece was based on something real. This would explain the rather large number of individual sources listed in the article.
The list of stories that I'm referring to here is as follows:
- Tiny grain-of-rice sized computers, or rather smart sensors, being touted pretty heavily back in 2015, one making the cover of Popular Mechanics
- The Snowden leaks exposing how the NSA had started bugging CISCO network equipment by intercepting shipments, fitting them with hardware bugs and then re-sealing the packages with counterfeit seals
- Years of rampant Chinese cyberattacks and espionage efforts by both private and public actors against American government and private actors, including companies like Apple, Amazon, etc.
However most importantly:
- SuperMicro server boards found around 2015 to be suffering from rampant security vulnerabilities that allowed external parties to install infected firmware and thus infecting servers with very limited ways to protect them and even more limited ways to detect infected servers
The last part actually caused multiple big companies, including Apple, to get rid of their SuperMicro servers for very clear security-related reasons. I suspect this is probably what started the game of broken telephone that finally resulted in this story being published.
... or maybe it's to do with how the media as a whole will attack you if you sue them even if you have a legitimate case. We saw this demonstrated pretty clearly in the Hogan vs Gawker case and how the media still insists Gawker did nothing wrong despite losing the trial and pretty badly so.
How is it strange? Apple is the world’s richest company. Unimaginable amounts of money is at stake. Apple can and never will admit that this happened - they simply can’t ever admit it.
Bloomberg knows they’re right and so they won’t ever retract it. Seems pretty straightforward
Nope...Present evidence and witnesses. Otherwise that’s just a big bowl of steaming FUD.
If Apple asks openly for a retraction, I'd think that is the last step before suing.
[doublepost=1540158033][/doublepost]
It would be rather embarrassing if Apple made such a claim, and the NSA said "we have not asked Apple to stay quiet about this subject".
[doublepost=1540158283][/doublepost]
To sue Bloomberg, Apple has to do nothing. To win damages, yes, what you say is absolutely correct for that. But Apple could take Bloomberg to court, and the outcome might be "the story was completely false, but Apple cannot prove that Bloomberg published it with malice". And that might be good enough for Apple. And damaging enough for Bloomberg.
[doublepost=1540159718][/doublepost]
I saw you stealing bottles of alcohol at your convenience store yesterday. I talked to seventeen witnesses. No, I'm not telling you which convenience store. Or which kind of alcohol. And I'm not telling you which witnesses. But you are clearly a thief.
What, you are jumping up and down screaming "this did not happen, there isn't a drop of alcohol in my home"? This has a lot of stink to it. You are giving way too much detail, so you are clearly a liar. It's clear that you know more than you are letting on. You wouldn't have searched your home for alcohol if the story wasn't true.
Would you like me to go on?
[doublepost=1540160374][/doublepost]
You should have read more carefully. Bloomberg says that Apple employees found chips and notified the FBI. When Apple read this, they asked the employees who were in the right place to find these chips, and the employees say they found nothing. And Apple asked the FBI "did you get any complaints from Apple employees about secret spy chips", and the FBI told Apple "no, we definitely didn't get any complaints from Apple employees".
So who did or didn't put chips onto these servers or not is irrelevant: Bloomberg says Apple employees found chips and called the FBI, Apple says Apple employees found nothing, and Apple and FBI both say that nobody from Apple called the FBI. So one side is lying. No matter who did or didn't do it, one side is lying.
[doublepost=1540160561][/doublepost]
No, it took them 18 months.
[doublepost=1540161050][/doublepost]
Importantly, Apple would check all software on all servers is received. So they wouldn't necessarily have found that the driver was infected, but they would have found that the driver is _not_ the one that was supposed to be there. With 7,000 servers, you would have checked all the software on the first server to make sure it is clean, and then for the next 6,999 servers you just check if it is the exact same software.
So a server with an infected driver was delivered, but that driver had no chance to ever run, because it was found in regular tests performed on all servers before they are installed. A delivery of servers with infected drivers (or with an uninfected driver, but the wrong version), is just an inconvenience. No such driver can make it into production.
Last edited:
Bloomberg isnt right first of all. But your other comment is silly. If 7000 servers had to be replaced over a year ago, that is not even a big story, compared to Facebook letting hackers have 50 Million accounts last week or even the Apple issue last week. When the story was published everything that was going to happen stock wise happened, Apple and Amazon were affected a little bit and Supermicro lost over half its value. The only issue now would be if Tim and Apple and Amazon have lied about this since then, its a huge SEC issue, but before that, its just a hack that has been resolved even according to the article. So your options are that
1) technically impossible hack happened was investigated by the FBI and Apple and Amazon have decided to lie about it in order to get fined 100s of millions of dollars by the SEC and lose Tim and Jeff their jobs
or
2) Bloomberg's technically inaccurate and impossible story is not true.
I know which one I believe.
-Tig
“Professionals” you say? They seem to be liars mainly. Do they even know what “W5” means?
Evidence and proof and who what when where why are not needed in this post truth world.
Many other stories are fake too, and most people seem to eat it all up whatever the propaganda machine gives us!
I’m glad Tim Cook is fighting back in this example, but what about all the hundreds of other fake stories out there from the last few years?
Serious question for those that say Tim is lying because he has too much to lose. Won’t be lose more if he lies and gets caught?
Hacks and breaches are so common these days. If this was indeed true, all Tim had to say was yes and we have taken steps to resolve or it has been resolved.
The only possible explanation I have for both sides to be “true” is if the companies are required to deny due to national security. But the BB article should have been stopped due to National Security.
Hacks and breaches are so common these days. If this was indeed true, all Tim had to say was yes and we have taken steps to resolve or it has been resolved.
The only possible explanation I have for both sides to be “true” is if the companies are required to deny due to national security. But the BB article should have been stopped due to National Security.
Personally I don't believe Tim is lying, but I do feel like every time an issue is present that he addresses, he doesn't do anything but directly answer what he knows. Something could have found and came up, but the right questions just weren't asked or the exact details were just ever so wrong so the rebuttal can be extremely direct about what was stated being wrong because technically it is wrong. It's all a game of technicalities and it's been that way for years. Also not saying in general something happened more than being told regarding SuperMicro as much as I would like to believe it did but it wouldn't surprise me for internal tests to come up "inconclusive" and therefore the complaint goes unstained so their answer can be a firm "we did not find any evidence to support this" even if 1 event out of 100 did prove the complaint existed. They're not lying, but it doesn't mean they are telling the absolute facts. Apple and Tim specifically will never tell you more than they need to about anything.
Bloomberg isn’t a tabloid magazine. Most places verify their sources well. They are standing by their story.
Not a tabloid. But often very click-batey headlines and sensational reporting that often does not corroborate headline assertions.
"They are standing by their story."
That's cool if that's all you need and it works for you. For myself, being fussy, I'll wait for evidence and sources.