Investigation Into Supermicro's Server Motherboards Finds No Malicious Spy Hardware

[MacRumors]

In October, a report by Bloomberg claimed that spies working for the Chinese government had inserted microchips on Supermicro server motherboards to spy on customers, which Bloomberg reported as affecting Apple and nearly 30 companies in total. Today, the outside investigations firm hired by Supermicro reported its findings, confirming that there is no evidence of any malicious hardware in current or old Supermicro server motherboards, including those used by Apple for iCloud (via Reuters).

Supermicro denied the allegations made in the Bloomberg report when it came out, and in today's letter to its customers said it was not surprised by the new findings. The investigation was performed by global firm Nardello & Co., which tested samples of motherboards in current production, as well as versions that were specifically sold to Apple and Amazon since both of those companies were mentioned directly by Bloomberg.

Nardello & Co. also examined software and design files, and didn't find any unauthorized components or signals being sent out from Supermicro. Customers interested will be able to ask for more details about the investigation, and Supermicro as of now is still reviewing its legal options following the investigation.

The day that "The Big Hack" article came out, Apple quickly released a statement, denying all claims made about the microchips spying on customers. "On this we can be very clear: Apple has never found malicious chips, "hardware manipulations" or vulnerabilities purposely planted in any server," Apple said in its statement.

Eventually both Apple CEO Tim Cook and Supermicro CEO Charles Liang called on Bloomberg to retract the story. Talking to BuzzFeed News, Cook said there is "no truth" to Bloomberg's claims about Apple. As of today, the story remains online.

Article Link: Investigation Into Supermicro's Server Motherboards Finds No Malicious Spy Hardware

 

[Mansu944]

But there’s no such thing as fake news. I don’t expect reporters to be 100% right...but this just smells like sensationalism on the part of the news outlet.

 

[iPhysicist]

At least its not a main page story anymore

 

[QCassidy352]

I think it’s time for Bloomberg to get some unnamed sources to agree to be named or take the story down. Literally nobody and nothing backs them up at this point.

 

[Dustin Lenzz]

...Maybe Bloomberg’s financial reporting on Apple is equivalent to its ‘investigative’ reporting on Apple/Apple’s suppliers...

 

[jimothyGator]

I'm not lawyer, but I'd be surprised if Supermicro or its shareholders don't have a libel case against Bloomberg. From what I've read on this subject, it looks like Bloomberg was extremely careless in their reporting.

Shares in the company dropped nearly 50% the day the story was published. They've recovered somewhat since then (and we'll see what today brings), but the price is still well below it's level before Bloomberg's story.

Apple and others might also have a case, but based on stock price, Supermicro was the one most affected.

 

[QuarterSwede]

I think it’s time for Bloomberg to get some unnamed sources to agree to be named or take the story down. Literally nobody and nothing backs them up at this point.

Not just take it down but print a retraction as well.

 

[lunarworks]

That was some wild disinformation campaign. You've gotta wonder what the goal was.

 

[MacManiac1]

I'm not lawyer, but I'd be surprised if Supermicro or its shareholders don't have a libel case against Bloomberg. From what I've ready on this subject, it looks like Bloomberg was extremely careless in their reporting.

Shares in the company dropped nearly 50% the day the story was published. They've recovered somewhat since then (and we'll see what today brings), but the price is still well below it's level before Bloomberg's story.

Apple and others might also have a case, but based on stock price, Supermicro was the one most affected.

I think you are 100% correct. Unless Bloomberg has some proof that they haven’t shared yet, they should pay a price for this disinformation that is destroying companies.

 

[cwanja]

I'm not lawyer, but I'd be surprised if Supermicro or its shareholders don't have a libel case against Bloomberg. From what I've ready on this subject, it looks like Bloomberg was extremely careless in their reporting.

Shares in the company dropped nearly 50% the day the story was published. They've recovered somewhat since then (and we'll see what today brings), but the price is still well below it's level before Bloomberg's story.

Apple and others might also have a case, but based on stock price, Supermicro was the one most affected.

The piece missing from this article is just that - Supermicro is looking into legal action (at least from reporting on other blogs)

 

[Andres Cantu]

Bloomberg needs to be sued to set a precedent for dangerous fake news that can affect other companies financially.

 

[Dave245]

At this point Bloomberg seriously need to print a retraction and apologise! They clearly got this one wrong.

 

[brendu]

And Michael Bloomberg... Start by owning your company’s mistake. Admit your people were wrong, issue an apology, and push your people to do better.

 

[Zorn]

I'm not sure at this point what Bloomberg has to gain from digging their heels in on this one. It's almost indisputable that if their story was accurate, one of the millions of Supermicro servers out there in data centers or with customers would have been taken apart and the "spy chip" shown to the world. There would be a massive motive for any security researcher or firm to find one of these modified servers and ample supply/opportunity to do so, and yet absolutely nothing.

 

[djcerla]

Fake news. Macrumors forum posters told me it was Apple's lie.

 

[Sasparilla]

Truly bizarre. Makes one wonder if Bloomberg was the victim of a political disinformation campaign.

 

[TonnyM]

When you're only job as a journalist is telling the truth and raporting the facts and you're failing so bad, there's so excuse. We deserve better than being manipulated and lied to.

 

[scottwaugh]

Maybe this thread belongs in the political forum? Its got politics written all over it. (most especially so people commenting on it don't get into trouble)

"In October, a report by Bloomberg claimed that spies working for the Chinese government"

 

[Mac Fly (film)]

I think it’s time for Bloomberg to get some unnamed sources to agree to be named or take the story down. Literally nobody and nothing backs them up at this point.

This keeps happening to the two writers named for the Bloomberg article. In five years they’ve had a few stories that couldn’t be proven. Could it be there are no sources? I don’t know if they are making up their stories, but it’s an explanation certainly worth investigating.

 

[JRobinsonJr]

When you're only job as a journalist is telling the truth and raporting the facts and you're failing so bad, there's so excuse. We deserve better than being manipulated and lied to.

Very true. Sadly, though, "journalism" today is just a euphamism for "making headlines" and doesn't require any of those pesky facts or logic. Even if Bloomberg printed a full retraction, unless it was a full-front-page very few people would notice and even fewer would read it. The damage is done.

NOTE: there are still many people in the journalism profession that have integrity in their work, but... those aren't the people making headlines.

 

[az431]

I'm not lawyer, but I'd be surprised if Supermicro or its shareholders don't have a libel case against Bloomberg. From what I've ready on this subject, it looks like Bloomberg was extremely careless in their reporting.

Shares in the company dropped nearly 50% the day the story was published. They've recovered somewhat since then (and we'll see what today brings), but the price is still well below it's level before Bloomberg's story.

Apple and others might also have a case, but based on stock price, Supermicro was the one most affected.

Libel requires proof that the person who made this statement knew that it was false when it was made. The fact that the statement was false is not enough by itself.

Here Bloomberg relied on outside sources. Even if that reliance was misplaced or negligent, it doesn’t satisfy the knowledge requirement.

 

[NT1440]

This keeps happening to the two writers named for the Bloomberg article. In five years they’ve had a few stories that couldn’t be proven. Could it be there are no sources? I don’t know if they are making up their stories, but it’s an explanation certainly worth investigating.

There are sources, but odds are they’re spooks with a certain agenda.

 

[szw-mapple fan]

I'm not sure at this point what Bloomberg has to gain from digging their heels in on this one. It's almost indisputable that if their story was accurate, one of the millions of Supermicro servers out there in data centers or with customers would have been taken apart and the "spy chip" shown to the world. There would be a massive motive for any security researcher or firm to find one of these modified servers and ample supply/opportunity to do so, and yet absolutely nothing.

Agreed. At this point every piece of new evidence is just eroding Bloomberg's credibility. They need to offer better evidence or retract and be done with it.

 

[jimothyGator]

Libel requires proof that the person who made this statement knew that it was false when it was made. The fact that the statement was false is not enough by itself.

Here Bloomberg relied on outside sources. Even if that reliance was misplaced or negligent, it doesn’t satisfy the knowledge requirement.

Could a claim be made that they now know it to be false (based on this investigation) and by failing to issue a retraction, they’re committing libel? It’ll be up to people wiser and wealthier than me to decide.

 

[td2243]

Of course they didn’t find anything. It was the Russians!!!