If one country threatens the national security of another then government agencies step in and tell the exploited company (Apple) to SHUT UP! IT NEVER HAPPENED
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Tells Congress 'Nothing Was Ever Found' to Suggest Alleged Supply Chain-Based Hack
- Thread starter MacRumors
- Start date
- Sort by reaction score
You do realize you’re making accuracy comparisons for 24 hour TV news stations and lowest common denominator news websites?
This might not be the hill you want to die on for ‘truth’. Also may want to look into the agenda of anyone whose making credibility comparisons between these lazy, cheesy, partisan ad sellers. This glory you seek, will not be found there.
[doublepost=1538982295][/doublepost]
I’m not sure this would be the distinction that you think it is.
Apple is a publicly traded company, lying to shareholders about this (lawyer or not) would invoke immediately legal penalties (For reference: Elon Musk), not to mention the mother of all class action lawsuits.
I think the two biggest culprits here are Bloomberg stretching for an iPhone season gotcha story that gets above the election noise, and Finding Bigfoot style programming that’s made people desensitized to injesting stupid fantasies.
Which is your assumption of the process.
And together with another assumption that this actually was the case here, you‘re interpolating these into a straight line. That‘s a classic. If you just round enough, and often enough, you can equal any two numbers.
The question would be if US law allows forcing a person/company to lie (in contrast to not talk about something in public).
Other than that, everybody loves the plot at hand. Now, the question still remains whether it‘s just good fiction or if it‘s actually happened.
The problem is a technical English issue "Nothing was ever found" well it might be there but perhaps you didn't look hard enough?
I'm actually Security+ certified, so maybe I know a little more than you do.
Yeah. Being what you say you are, you probably know one thing or 2 more then he does.
More than these employed by tech giants? Highly doubt it.
I hope I'm not the only one who feels this way, but with every organization who should be in the know denying they've ever heard of this this starts to sound more and more like the Polybius hoax from the early 2000s.
Because like the Polybius hoax, every piece of this story sounds like something we've heard of over the last few years, thus making the story as a whole sound somewhat believable. Simple computers the size of a grain of rice, the NSA intercepting CISCO network gear to install hardware bugs, Apple getting rid of the SuperMicro gear due to buggy drivers, and the litany of cases from the last decade where American companies have come under attack by Chinese cyber espionage/warfare campaigns.
This and literally every one of the sources used in the article being anonymous should have you suspicious. If you get 17 separate independent sources for an article you'd expect at least one of them being willing to come out with their name and strengthen the article. However when they're still all anonymous this long after initial publication it makes you wonder if this is a repeat of that ex-MI6 agent's supposed Trump dossier that turned out to just be a couple 4chan pranksters stringing along a really gullible idiot with made up stories.
Oh and if you were wondering, this dossier was the source of the claim that the Kremlin had a spycam video of Trump being peed on by prostitutes in a Moscow hotel to use in blackmailing him.
Because like the Polybius hoax, every piece of this story sounds like something we've heard of over the last few years, thus making the story as a whole sound somewhat believable. Simple computers the size of a grain of rice, the NSA intercepting CISCO network gear to install hardware bugs, Apple getting rid of the SuperMicro gear due to buggy drivers, and the litany of cases from the last decade where American companies have come under attack by Chinese cyber espionage/warfare campaigns.
This and literally every one of the sources used in the article being anonymous should have you suspicious. If you get 17 separate independent sources for an article you'd expect at least one of them being willing to come out with their name and strengthen the article. However when they're still all anonymous this long after initial publication it makes you wonder if this is a repeat of that ex-MI6 agent's supposed Trump dossier that turned out to just be a couple 4chan pranksters stringing along a really gullible idiot with made up stories.
Oh and if you were wondering, this dossier was the source of the claim that the Kremlin had a spycam video of Trump being peed on by prostitutes in a Moscow hotel to use in blackmailing him.
Last edited:
Apple wouldn’t be lying "oh jeez we did a search nothing was found" that doesn't mean Apple did a through job and problems still persist
"Apple's proprietary security tools are continuously scanning for precisely this kind of outbound traffic, as it indicates the existence of malware or other malicious activity. Nothing was ever found,"
Doesn't mean it is not there, just that they have not found it yet....
Doesn't mean it is not there, just that they have not found it yet....
In this era the mantra is: Deny and Discredit the bearer.
Apple's top security chief told the U.S. Congress on Sunday that it had found no indication of suspicious transmissions or other evidence that its China supply chain was ever compromised (via Reuters).
In a letter to the Senate and House commerce committees, Apple Vice President for Information Security George Stathakopoulos wrote that the company had repeatedly investigated and found no evidence to support Bloomberg Businessweek's bombshell report that alleged tiny chips were discovered inside Apple servers which allowed for backdoor transmissions to Chinese spies.
Stathakopoulos repeated Apple's statements to the press that it had never found any such planted chips or been contacted by the FBI over the alleged matter. The letter follows a statement issued on Saturday by the U.S. Department of Homeland Security saying it had no reason to doubt the companies who denied that they had ever discovered the tiny chips.
Apple, Amazon, and Supermicro all strongly rebutted the report, which alleged that Chinese intelligence planted microchips in Supermicro servers, which Apple and Amazon previously used in their data centers.
Despite the denials, which are also backed the UK's national cyber security agency, retired Apple general counsel Bruce Sewell, and other unnamed Apple senior executives, Bloomberg said it stood by its report as of Friday, but didn't immeditately respond to requests for comment on Sunday.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Article Link: Apple Tells Congress 'Nothing Was Ever Found' to Suggest Alleged Supply Chain-Based Hack
Methinks Apple doth protest too much....
Musk's lie (which was self-serving and undermines investor confidence - SEC is a whole different ball game) is very different to someone lying about a potential breach from China for national security reasons on the advice of the government.
That's what makes me suspect - so much unnecessary detail, so many potentially testable claims that, if the cat got out of the bag, the companies would be caught with their pants well and truly on fire. They don't sound as if they were trying for "plausible deniability".
As for how the chips work: they're clearly sending signals to a secret Chinese satellite disguised as a small china teapot...
Of course, that's exactly what they want you to think...
They could have found a way to get data traffic out without being detected. Security companies as well as hackers find backdoors into and out of systems all the time which later get patched. I'm not saying that the Bloomberg article is factual but I wouldn't expect these big tech companies to readily admit that they have had such a big breach.
Don't forget that the 'Meltdown & Spectre' flaws were around for years before they were discovered. Once discovered they were kept quiet until the tech companies had a patch. Again I'm not saying this is the same thing, all I'm saying is that just because we don't know about it doesn't mean something isn't possible.
This is not the same thing as magical unicorns or belief in a Supernatural Being which billions of people believe in despite any empirical evidence.
Don't forget that the 'Meltdown & Spectre' flaws were around for years before they were discovered. Once discovered they were kept quiet until the tech companies had a patch. Again I'm not saying this is the same thing, all I'm saying is that just because we don't know about it doesn't mean something isn't possible.
This is not the same thing as magical unicorns or belief in a Supernatural Being which billions of people believe in despite any empirical evidence.
Last edited:
The difficulty-level of Security+ is laughable. It gives you an insight in computer and network security, not much more than that.
Any exam where a normal question might be something in the lines of "In your company you have been experiencing problems with shoulder surfing, in what way can you minimize the risk of it happening again" and having a bunch of semi-retarded alternatives like "Look behind shoulder" and/or "Minimize windows" is only right to insult. At least when used in an "I know IT-security"-context.
Security+ is good for people new to the field to get an insight in the security world, but in no way means you've got any real knowledge worth bragging about.
I certified in EC-Councils Certified Ethical Hacker a few years back, it's on the same level as Security+ and...well. Yeah, it's laughably easy...
This is just Trump’s way of taking focus off of the Russians hacking the elections and blaming China. Gotta hand it to the Russians though — if they managed to hack the US elections .. imagine what they’re doing with other countries...
Arguments about checking outbound traffic are pointless. This is (if true) a hardware issue, and inserting a change into a design is going to change the hardware. Are we all supposed to believe that the engineers who designed these motherboards aren't able to compare their designs with the final product? Are we supposed to believe that they don't check and recheck as part of their final testing? And are we supposed to believe that having been notified that something got through, they still can't find it? Or maybe we're supposed to believe that all of those engineers are in on it?
How do you plant a 6pin chip of the size of something 0402 with THAT functionality on a seven or more layer motherboard crammed with other components without altering the pcb tracks of the original Layout without anyone noticing the differences?
If you have the answer to that then you can start talking about backdoors in software.
If you have the answer to that then you can start talking about backdoors in software.
No serious hacker enters through the front door. Thinking outside the box is all the fun. I mentioned the LZ4 frame format above, but even SSH, generally considered secure, also has the potential for abuse (although admittedly it is more difficult). The initial key exchange initialization (called a kexinit packet) contains some fields that are, in my experience, usually ignored, and also happens to be transmitted in cleartext (has to be). The potential is there for abuse as well. Generally, communication originating internally is a much more difficult thing to contain, but it certainly isn't impossible.
Interesting read, thanks for that!
Wait, you're saying maybe they didn't look hard enough so they didn't find the thing that they are reported as having found and are now covering up? Sure, maybe there was something there (I doubt it), but there's no technicality in English that allows both stories to be simultaneously correct.
[doublepost=1539006044][/doublepost]
Except that the story claims that Apple found the devices. Either Bloomberg is incorrect and none were found, or Apple is lying. There's really no room for interpretation, and no reason to believe Bloomberg in the face of a vehement denial without some more substantial evidence than anonymous sources.
[doublepost=1539006390][/doublepost]
I would add a second question (to the original poster): Why are you so convinced based on one report based on purely anonymous sources that this is true? Skepticism should start with the original claim, not just with the effort to refute the claim.