The Bloomberg story seems politically motivated...
There isn’t enough information do determine fault in the separate firmware incident. It also doesn’t say if Apple resumed using SuperMicro as a supplier...
Bottom line is Apple found a problem and addressed it before it could cause damage. We don’t know the results of their investigation into whom was responsible. Was the firmware modified by a third party? Was it a beta firmware? Was the hardware intercepted and modified after leaving the manufacturer, but before getting to Apple and an exploit introduced?
No enough information... but Bloomberg needs to get their facts straight before publishing rumors.
Bloomberg says they DO have their facts straight. "The companies’ denials are countered by six current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government’s investigation. One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon; the official and one of the insiders also described Amazon’s cooperation with the government investigation. In addition to the three Apple insiders, four of the six U.S. officials confirmed that Apple was a victim. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks. The sources were granted anonymity because of the sensitive, and in some cases classified, nature of the information."
He said, she said...
I find it utterly inconceivable that Apple -- especially Tim Cook -- would not be at least as concerned about such a security intrusion as some Bloomberg reporters or unnamed "former senior security officials" (it's the same crowd that kept harassing Apple to create backdoors and to give intrusive access to iOS devices to the likes of the FBI).
I am quite satisfied -- as both a consumer and a shareholder -- with Apple's unambiguous denial of this claim. I'd take Apple's word over that of these media/Washington DC types.
If Bloomberg is wrong, nobody will care in a month.
If Apple is lying, then the SEC will ultimately dole out a massive fine and the entire saga will be in the press for a very long time.
Yeah. I'm pretty sure that Apple's presenting the situation accurately.
I suspect this is a national security issue which means the involved players can deny all they want without fear of the SEC who would be prevented from interfering or involving themselves if it's truly an active case. The Bloomberg articles says as much, that it's still an open and classified investigation.
On top of that there never were allegations of a "wide-spread attack" on Apple's servers as alluded to in the AI article so of course that's deniable, and calling any source making that claim (they haven't) laughable might be perfectly appropriate.
Every reference to Apple in the investigative piece (and they were few) indicates Apple caught this early on, never once implying it was persistent and widespread. Amazon also denies anything happened and the whole thing is made up, someone's imagination, despite 17 sources including 6 hi-level current and former intelligence officials claiming otherwise.
That's not how comments about national security issues by publicly traded companies are made, though.
Those are more like "We have no comment, pending the results of a classified investigation" or just no response at all. The SEC can still come after a company that lied in public statements. national security or no.
And, regarding wide-spread. The allegations are that over 5000 servers had the surveillance chip. If that's not wide-spread, then what is?
Perhaps they should leave the techie stuff to the likes of Ars Technica.
Bloomberg has a solid track record of reporting on Apple. Apple has a solid track record of saying little of substance when it does not fit their image.
Bloomberg's "solid track record of reporting on Apple"? I must have missed it. Can you provide some examples (I mean stories like this one they broke that are non-trivial, not ones where they're just reporting what others are).
Perhaps they should leave the techie stuff to the likes of Ars Technica.
Bloomberg has a solid track record of reporting on Apple. Apple has a solid track record of saying little of substance when it does not fit their image.
This Bloomberg article we're discussing did not involve Apple as the focus anyway, very little mentioned about them, and zero claims about it being anything widespread. It had far more to do with Amazon so hardly to be considered an Apple hit-piece.
In a probably unrelated event Apple began using Google servers for iCloud just a few months later which quite a few members here found surprising and some even distressed by. FWIW Google build its own servers and uses its own in-house designed security chipsets.
The Bloomberg story seems politically motivated...
There isn’t enough information do determine fault in the separate firmware incident. It also doesn’t say if Apple resumed using SuperMicro as a supplier...
Bottom line is Apple found a problem and addressed it before it could cause damage. We don’t know the results of their investigation into whom was responsible. Was the firmware modified by a third party? Was it a beta firmware? Was the hardware intercepted and modified after leaving the manufacturer, but before getting to Apple and an exploit introduced?
No enough information... but Bloomberg needs to get their facts straight before publishing rumors.
Bloomberg says they DO have their facts straight. "The companies’ denials are countered by six current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government’s investigation. One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon; the official and one of the insiders also described Amazon’s cooperation with the government investigation. In addition to the three Apple insiders, four of the six U.S. officials confirmed that Apple was a victim. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks. The sources were granted anonymity because of the sensitive, and in some cases classified, nature of the information."
He said, she said...
I find it utterly inconceivable that Apple -- especially Tim Cook -- would not be at least as concerned about such a security intrusion as some Bloomberg reporters or unnamed "former senior security officials" (it's the same crowd that kept harassing Apple to create backdoors and to give intrusive access to iOS devices to the likes of the FBI).
I am quite satisfied -- as both a consumer and a shareholder -- with Apple's unambiguous denial of this claim. I'd take Apple's word over that of these media/Washington DC types.
If Bloomberg is wrong, nobody will care in a month.
If Apple is lying, then the SEC will ultimately dole out a massive fine and the entire saga will be in the press for a very long time.
Yeah. I'm pretty sure that Apple's presenting the situation accurately.
I suspect this is a national security issue which means the involved players can deny all they want without fear of the SEC who would be prevented from interfering or involving themselves if it's truly an active case. The Bloomberg articles says as much, that it's still an open and classified investigation.
On top of that there never were allegations of a "wide-spread attack" on Apple's servers as alluded to in the AI article so of course that's deniable, and calling any source making that claim (they haven't) laughable might be perfectly appropriate.
Every reference to Apple in the investigative piece (and they were few) indicates Apple caught this early on, never once implying it was persistent and widespread. Amazon also denies anything happened and the whole thing is made up, someone's imagination, despite 17 sources including 6 hi-level current and former intelligence officials claiming otherwise.
That's not how comments about national security issues by publicly traded companies are made, though.
Those are more like "We have no comment, pending the results of a classified investigation" or just no response at all. The SEC can still come after a company that lied in public statements. national security or no.
And, regarding wide-spread. The allegations are that over 5000 servers had the surveillance chip. If that's not wide-spread, then what is?
Where did Bloomberg say that 5000 Apple servers were infected? I totally missed that if it's there. AFAICT they don't claim that and I read the article again just now.
As regards the SEC what leads you to believe they can involve themselves in a classified national security investigation? It looks to me like "classified and national security" would trump any SEC investigation, in fact any other civil agency probe.
On top of that Apple's statement was both extremely specific and at the same time quite vague. IMHO the very specific claim alluded to could well be true without the Bloomberg article being false.
Apple: "Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server" Bloomberg: "Three senior insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards." Supposedly this was discovered within a lab setting and not in one of their server farms? I think that's the claim.
Yeah, this is already covered in the original story:
Bloomberg's reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously-reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple.
The supplier said that Apple had purchased servers, but the supplier doesn't actually know what Apple did with them. The report that Siri used infected servers came from an anonymous source, not the supplier.
Apple's final word at the time:
Apple is deeply committed to protecting the privacy and security of our customers and the data we store. We are constantly monitoring for any attacks on our systems, working closely with vendors and regularly checking equipment for malware. We’re not aware of any data being transmitted to an unauthorized party nor was any infected firmware found on the servers purchased from this vendor.
I get that you work to the notion that 'anything bad for Apple is good for Google', but you and the 'Apple must die' brigade need to think this through.
As Mike as already pointed out:
If Apple is lying, then the SEC will ultimately dole out a massive fine and the entire saga will be in the press for a very long time.
If Apple were to try to cover up a breach of any size in the way that you're accusing them of, then effect on the company when it came to light would be catastrophic. Even Facebook would not attempt to keep something like this under wraps. Users need to be informed if there is any chance that their personal data is compromised in such a way.
In 2006, Apple sent out a small number iPods that were infected with a virus. In this case, they warned the general public as soon as they found:
In a statement posted to its website, Apple says 1% of Video iPods sold after 12 September 2006 were infected with a computer virus known as “RavMonE”.
“As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it,” the Apple statement says. “This known virus affects only Windows computers, and up-to-date anti-virus software should detect and remove it. So far we have seen less than 25 reports concerning this problem.”
Point is, rather than try to cover it up, Apple would most likely come clean (as the law requires) and just blame the folk who sold them the equipment.
The Bloomberg story seems politically motivated...
There isn’t enough information do determine fault in the separate firmware incident. It also doesn’t say if Apple resumed using SuperMicro as a supplier...
Bottom line is Apple found a problem and addressed it before it could cause damage. We don’t know the results of their investigation into whom was responsible. Was the firmware modified by a third party? Was it a beta firmware? Was the hardware intercepted and modified after leaving the manufacturer, but before getting to Apple and an exploit introduced?
No enough information... but Bloomberg needs to get their facts straight before publishing rumors.
Bloomberg says they DO have their facts straight. "The companies’ denials are countered by six current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government’s investigation. One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon; the official and one of the insiders also described Amazon’s cooperation with the government investigation. In addition to the three Apple insiders, four of the six U.S. officials confirmed that Apple was a victim. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks. The sources were granted anonymity because of the sensitive, and in some cases classified, nature of the information."
He said, she said...
I find it utterly inconceivable that Apple -- especially Tim Cook -- would not be at least as concerned about such a security intrusion as some Bloomberg reporters or unnamed "former senior security officials" (it's the same crowd that kept harassing Apple to create backdoors and to give intrusive access to iOS devices to the likes of the FBI).
I am quite satisfied -- as both a consumer and a shareholder -- with Apple's unambiguous denial of this claim. I'd take Apple's word over that of these media/Washington DC types.
If Bloomberg is wrong, nobody will care in a month.
If Apple is lying, then the SEC will ultimately dole out a massive fine and the entire saga will be in the press for a very long time.
Yeah. I'm pretty sure that Apple's presenting the situation accurately.
I suspect this is a national security issue which means the involved players can deny all they want without fear of the SEC who would be prevented from interfering or involving themselves if it's truly an active case. The Bloomberg articles says as much, that it's still an open and classified investigation.
On top of that there never were allegations of a "wide-spread attack" on Apple's servers as alluded to in the AI article so of course that's deniable, and calling any source making that claim (they haven't) laughable might be perfectly appropriate.
Every reference to Apple in the investigative piece (and they were few) indicates Apple caught this early on, never once implying it was persistent and widespread. Amazon also denies anything happened and the whole thing is made up, someone's imagination, despite 17 sources including 6 hi-level current and former intelligence officials claiming otherwise.
That's not how comments about national security issues by publicly traded companies are made, though.
Those are more like "We have no comment, pending the results of a classified investigation" or just no response at all. The SEC can still come after a company that lied in public statements. national security or no.
And, regarding wide-spread. The allegations are that over 5000 servers had the surveillance chip. If that's not wide-spread, then what is?
Where did Bloomberg say that 5000 Apple servers were infected? I totally missed that. AFAICT they don't claim that and I read the article again just now.
As far as the SEC where have you seen that they can ignore national security orders?
My bad, 7000. Bloomberg does say 7000.
Also, FTA, from Apple's response: "In response to Bloomberg's latest version of the narrative, we present the following facts: Siri and Topsy never shared servers; Siri has never been deployed on servers sold to us by Super Micro; and Topsy data was limited to approximately 2,000 Super Micro servers, not 7,000. None of those servers has ever been found to hold malicious chips."
Regarding the SEC - they couldn't ignore a national security order now. However, they can go back to lies by publicly traded companies presented during the time of the investigation and drop the hammer on companies. If Apple, and Amazon are under a national security order, they wouldn't have said a single thing.
This is a funny hill for you to die on, man. Occam's razor applies here -- the simplest explanation is that Bloomberg is wrong, because the stakes are too high for Apple and Amazon to lie about it.
The Bloomberg story seems politically motivated...
There isn’t enough information do determine fault in the separate firmware incident. It also doesn’t say if Apple resumed using SuperMicro as a supplier...
Bottom line is Apple found a problem and addressed it before it could cause damage. We don’t know the results of their investigation into whom was responsible. Was the firmware modified by a third party? Was it a beta firmware? Was the hardware intercepted and modified after leaving the manufacturer, but before getting to Apple and an exploit introduced?
No enough information... but Bloomberg needs to get their facts straight before publishing rumors.
Bloomberg says they DO have their facts straight. "The companies’ denials are countered by six current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government’s investigation. One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon; the official and one of the insiders also described Amazon’s cooperation with the government investigation. In addition to the three Apple insiders, four of the six U.S. officials confirmed that Apple was a victim. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks. The sources were granted anonymity because of the sensitive, and in some cases classified, nature of the information."
He said, she said...
I find it utterly inconceivable that Apple -- especially Tim Cook -- would not be at least as concerned about such a security intrusion as some Bloomberg reporters or unnamed "former senior security officials" (it's the same crowd that kept harassing Apple to create backdoors and to give intrusive access to iOS devices to the likes of the FBI).
I am quite satisfied -- as both a consumer and a shareholder -- with Apple's unambiguous denial of this claim. I'd take Apple's word over that of these media/Washington DC types.
If Bloomberg is wrong, nobody will care in a month.
If Apple is lying, then the SEC will ultimately dole out a massive fine and the entire saga will be in the press for a very long time.
Yeah. I'm pretty sure that Apple's presenting the situation accurately.
No correlation to the APPL Shorters then? BB seem to be very good at causing stock movements in a number of stocks. Just asking and I have no holdings in any US Stock.
Perhaps they should leave the techie stuff to the likes of Ars Technica.
Bloomberg has a solid track record of reporting on Apple. Apple has a solid track record of saying little of substance when it does not fit their image.
You must be new. Bloomberg has a solid track record of trolling Apple, as its headed now by Mark Gurman. Gurman has an axe to grind for Apple from when he was a rumors blog Jr detective. He once got so pissy about one of his rumors being wrong that he claimed Apple actually changed their product design just to invalidate his rumor. Kid is nuts.
I used Super Micro motherboards for years but back then they were made in USA. I bought a little Atom server from them a couple years ago and it only lasted about 18 months. Unknown motherboard failure, not repairable and out of warranty. Since then I have only purchased Intel boards but I never investigated where they were manufactured.
The Bloomberg story seems politically motivated...
There isn’t enough information do determine fault in the separate firmware incident. It also doesn’t say if Apple resumed using SuperMicro as a supplier...
Bottom line is Apple found a problem and addressed it before it could cause damage. We don’t know the results of their investigation into whom was responsible. Was the firmware modified by a third party? Was it a beta firmware? Was the hardware intercepted and modified after leaving the manufacturer, but before getting to Apple and an exploit introduced?
No enough information... but Bloomberg needs to get their facts straight before publishing rumors.
Bloomberg says they DO have their facts straight. "The companies’ denials are countered by six current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government’s investigation. One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon; the official and one of the insiders also described Amazon’s cooperation with the government investigation. In addition to the three Apple insiders, four of the six U.S. officials confirmed that Apple was a victim. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks. The sources were granted anonymity because of the sensitive, and in some cases classified, nature of the information."
He said, she said...
I find it utterly inconceivable that Apple -- especially Tim Cook -- would not be at least as concerned about such a security intrusion as some Bloomberg reporters or unnamed "former senior security officials" (it's the same crowd that kept harassing Apple to create backdoors and to give intrusive access to iOS devices to the likes of the FBI).
I am quite satisfied -- as both a consumer and a shareholder -- with Apple's unambiguous denial of this claim. I'd take Apple's word over that of these media/Washington DC types.
If Bloomberg is wrong, nobody will care in a month.
If Apple is lying, then the SEC will ultimately dole out a massive fine and the entire saga will be in the press for a very long time.
Yeah. I'm pretty sure that Apple's presenting the situation accurately.
I suspect this is a national security issue which means the involved players can deny all they want without fear of the SEC who would be prevented from interfering or involving themselves if it's truly an active case. The Bloomberg articles says as much, that it's still an open and classified investigation.
On top of that there never were allegations of a "wide-spread attack" on Apple's servers as alluded to in the AI article so of course that's deniable, and calling any source making that claim (they haven't) laughable might be perfectly appropriate.
Every reference to Apple in the investigative piece (and they were few) indicates Apple caught this early on, never once implying it was persistent and widespread. Amazon also denies anything happened and the whole thing is made up, someone's imagination, despite 17 sources including 6 hi-level current and former intelligence officials claiming otherwise.
That's not how comments about national security issues by publicly traded companies are made, though.
Those are more like "We have no comment, pending the results of a classified investigation" or just no response at all. The SEC can still come after a company that lied in public statements. national security or no.
And, regarding wide-spread. The allegations are that over 5000 servers had the surveillance chip. If that's not wide-spread, then what is?
Where did Bloomberg say that 5000 Apple servers were infected? I totally missed that. AFAICT they don't claim that and I read the article again just now.
As far as the SEC where have you seen that they can ignore national security orders?
My bad, 7000. Bloomberg does say 7000.
Also, FTA, from Apple's response: "In response to Bloomberg's latest version of the narrative, we present the following facts: Siri and Topsy never shared servers; Siri has never been deployed on servers sold to us by Super Micro; and Topsy data was limited to approximately 2,000 Super Micro servers, not 7,000. None of those servers has ever been found to hold malicious chips."
Regarding the SEC - they couldn't ignore a national security order now. However, they can go back to lies by publicly traded companies presented during the time of the investigation and drop the hammer on companies. If Apple, and Amazon are under a national security order, they wouldn't have said a single thing.
This is a funny hill for you to die on, man. Occam's razor applies here -- the simplest explanation is that Bloomberg is wrong, because the stakes are too high for Apple and Amazon to lie about it.
No one is accusing them of lying, and no one is claiming there was any security breach at Apple. Nor is Bloomberg claiming your revised 7000 servers number was infected with anything at all. It appears to me the reason for including a mention in the story was to emphasize how many Apple had in place before the returns back to Supermicro started.
But the vendor themselves notes Apple's sudden and unexplained refusal to continue communication with them on the discovered "firmware" issue after initially reporting it: "...when his company (Supermicro) asked Apple's engineers to provide information about the firmware, they gave an incorrect version number—and then refused to give further information. The big question that should be staring you in the face begging for an answer is: If the firmware version was not a legitimate one recognized by the vendor how did it get there and who authored it? Second to that is what prompted Apple to stop pursuing the answer through the vendor, ending cooperation.
They also confirm Apple's return of servers already supplied by them. "Supermicro's senior vice-president of technology, Tau Leng, told The Information that Apple had ended its relationship with Supermicro because of the compromised systems in the App Store development environment. Leng also confirmed Apple returned equipment that it had recently purchased."
Occam's Razor says something significant was going on and I'm surprised as an investigative sort yourself that you aren't the least bit curious or better yet suspicious about what it was. The simplest explanation is that the vendor had no reason to lie about either statement, but Apple might have reason for misdirection considering security issues. Lying? I'm not claiming they did or Amazon did and no one else involved is either AFAICT.
Anyway I don't plan on dying on any hill, this is probably the last of my involvement in the thread (Probably). I'm not taking any PR statement at face value and you seem to want to believe even more than was actually stated by Apple. Fair enough. Neither of us have our own unquestionable proof. It's more like in a civil trial, preponderance of the evidence IMHO.
The Bloomberg story seems politically motivated...
There isn’t enough information do determine fault in the separate firmware incident. It also doesn’t say if Apple resumed using SuperMicro as a supplier...
Bottom line is Apple found a problem and addressed it before it could cause damage. We don’t know the results of their investigation into whom was responsible. Was the firmware modified by a third party? Was it a beta firmware? Was the hardware intercepted and modified after leaving the manufacturer, but before getting to Apple and an exploit introduced?
No enough information... but Bloomberg needs to get their facts straight before publishing rumors.
Bloomberg says they DO have their facts straight. "The companies’ denials are countered by six current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government’s investigation. One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon; the official and one of the insiders also described Amazon’s cooperation with the government investigation. In addition to the three Apple insiders, four of the six U.S. officials confirmed that Apple was a victim. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks. The sources were granted anonymity because of the sensitive, and in some cases classified, nature of the information."
He said, she said...
I find it utterly inconceivable that Apple -- especially Tim Cook -- would not be at least as concerned about such a security intrusion as some Bloomberg reporters or unnamed "former senior security officials" (it's the same crowd that kept harassing Apple to create backdoors and to give intrusive access to iOS devices to the likes of the FBI).
I am quite satisfied -- as both a consumer and a shareholder -- with Apple's unambiguous denial of this claim. I'd take Apple's word over that of these media/Washington DC types.
If Bloomberg is wrong, nobody will care in a month.
If Apple is lying, then the SEC will ultimately dole out a massive fine and the entire saga will be in the press for a very long time.
Yeah. I'm pretty sure that Apple's presenting the situation accurately.
I suspect this is a national security issue which means the involved players can deny all they want without fear of the SEC who would be prevented from interfering or involving themselves if it's truly an active case. The Bloomberg articles says as much, that it's still an open and classified investigation.
On top of that there never were allegations of a "wide-spread attack" on Apple's servers as alluded to in the AI article so of course that's deniable, and calling any source making that claim (they haven't) laughable might be perfectly appropriate.
Every reference to Apple in the investigative piece (and they were few) indicates Apple caught this early on, never once implying it was persistent and widespread. Amazon also denies anything happened and the whole thing is made up, someone's imagination, despite 17 sources including 6 hi-level current and former intelligence officials claiming otherwise.
That's not how comments about national security issues by publicly traded companies are made, though.
Those are more like "We have no comment, pending the results of a classified investigation" or just no response at all. The SEC can still come after a company that lied in public statements. national security or no.
And, regarding wide-spread. The allegations are that over 5000 servers had the surveillance chip. If that's not wide-spread, then what is?
Where did Bloomberg say that 5000 Apple servers were infected? I totally missed that. AFAICT they don't claim that and I read the article again just now.
As far as the SEC where have you seen that they can ignore national security orders?
My bad, 7000. Bloomberg does say 7000.
Also, FTA, from Apple's response: "In response to Bloomberg's latest version of the narrative, we present the following facts: Siri and Topsy never shared servers; Siri has never been deployed on servers sold to us by Super Micro; and Topsy data was limited to approximately 2,000 Super Micro servers, not 7,000. None of those servers has ever been found to hold malicious chips."
Regarding the SEC - they couldn't ignore a national security order now. However, they can go back to lies by publicly traded companies presented during the time of the investigation and drop the hammer on companies. If Apple, and Amazon are under a national security order, they wouldn't have said a single thing.
This is a funny hill for you to die on, man. Occam's razor applies here -- the simplest explanation is that Bloomberg is wrong, because the stakes are too high for Apple and Amazon to lie about it.
No one is accusing them of lying, and no one is claiming there was any security breach at Apple. Nor is Bloomberg claiming your revised 7000 servers number was infected with anything at all. It appears to me the reason for including a mention in the story was to emphasize how many Apple had in place before the returns back to Supermicro started.
But the vendor themselves notes Apple's sudden and unexplained refusal to continue communication with them on the discovered "firmware" issue after initially reporting it: "...when his company (Supermicro) asked Apple's engineers to provide information about the firmware, they gave an incorrect version number—and then refused to give further information.
They also confirm Apple's return of servers already supplied by them. "Supermicro's senior vice-president of technology, Tau Leng, told The Information that Apple had ended its relationship with Supermicro because of the compromised systems in the App Store development environment. Leng also confirmed Apple returned equipment that it had recently purchased."
Occam's Razor says something significant was going on and I'm surprised as an investigative sort yourself that you aren't the least bit curious or better yet suspicious about what it was. The simplest explanation is that the vendor had no reason to lie about either statement, but Apple might have reason for misdirection considering security issues. Lying? I'm not claiming they did and no one else involved is either AFAICT.
The Bloomberg story seems politically motivated...
There isn’t enough information do determine fault in the separate firmware incident. It also doesn’t say if Apple resumed using SuperMicro as a supplier...
Bottom line is Apple found a problem and addressed it before it could cause damage. We don’t know the results of their investigation into whom was responsible. Was the firmware modified by a third party? Was it a beta firmware? Was the hardware intercepted and modified after leaving the manufacturer, but before getting to Apple and an exploit introduced?
No enough information... but Bloomberg needs to get their facts straight before publishing rumors.
Bloomberg says they DO have their facts straight. "The companies’ denials are countered by six current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government’s investigation. One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon; the official and one of the insiders also described Amazon’s cooperation with the government investigation. In addition to the three Apple insiders, four of the six U.S. officials confirmed that Apple was a victim. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks. The sources were granted anonymity because of the sensitive, and in some cases classified, nature of the information."
He said, she said...
I find it utterly inconceivable that Apple -- especially Tim Cook -- would not be at least as concerned about such a security intrusion as some Bloomberg reporters or unnamed "former senior security officials" (it's the same crowd that kept harassing Apple to create backdoors and to give intrusive access to iOS devices to the likes of the FBI).
I am quite satisfied -- as both a consumer and a shareholder -- with Apple's unambiguous denial of this claim. I'd take Apple's word over that of these media/Washington DC types.
If Bloomberg is wrong, nobody will care in a month.
If Apple is lying, then the SEC will ultimately dole out a massive fine and the entire saga will be in the press for a very long time.
Yeah. I'm pretty sure that Apple's presenting the situation accurately.
I suspect this is a national security issue which means the involved players can deny all they want without fear of the SEC who would be prevented from interfering or involving themselves if it's truly an active case. The Bloomberg articles says as much, that it's still an open and classified investigation.
On top of that there never were allegations of a "wide-spread attack" on Apple's servers as alluded to in the AI article so of course that's deniable, and calling any source making that claim (they haven't) laughable might be perfectly appropriate.
Every reference to Apple in the investigative piece (and they were few) indicates Apple caught this early on, never once implying it was persistent and widespread. Amazon also denies anything happened and the whole thing is made up, someone's imagination, despite 17 sources including 6 hi-level current and former intelligence officials claiming otherwise.
That's not how comments about national security issues by publicly traded companies are made, though.
Those are more like "We have no comment, pending the results of a classified investigation" or just no response at all. The SEC can still come after a company that lied in public statements. national security or no.
And, regarding wide-spread. The allegations are that over 5000 servers had the surveillance chip. If that's not wide-spread, then what is?
Where did Bloomberg say that 5000 Apple servers were infected? I totally missed that. AFAICT they don't claim that and I read the article again just now.
As far as the SEC where have you seen that they can ignore national security orders?
My bad, 7000. Bloomberg does say 7000.
Also, FTA, from Apple's response: "In response to Bloomberg's latest version of the narrative, we present the following facts: Siri and Topsy never shared servers; Siri has never been deployed on servers sold to us by Super Micro; and Topsy data was limited to approximately 2,000 Super Micro servers, not 7,000. None of those servers has ever been found to hold malicious chips."
Regarding the SEC - they couldn't ignore a national security order now. However, they can go back to lies by publicly traded companies presented during the time of the investigation and drop the hammer on companies. If Apple, and Amazon are under a national security order, they wouldn't have said a single thing.
This is a funny hill for you to die on, man. Occam's razor applies here -- the simplest explanation is that Bloomberg is wrong, because the stakes are too high for Apple and Amazon to lie about it.
No one is accusing them of lying, and no one is claiming there was any security breach at Apple. Nor is Bloomberg claiming your revised 7000 servers number was infected with anything at all. It appears to me the reason for including a mention in the story was to emphasize how many Apple had in place before the returns back to Supermicro started.
But the vendor themselves notes Apple's sudden and unexplained refusal to continue communication with them on the discovered "firmware" issue after initially reporting it: "...when his company (Supermicro) asked Apple's engineers to provide information about the firmware, they gave an incorrect version number—and then refused to give further information.
They also confirm Apple's return of servers already supplied by them. "Supermicro's senior vice-president of technology, Tau Leng, told The Information that Apple had ended its relationship with Supermicro because of the compromised systems in the App Store development environment. Leng also confirmed Apple returned equipment that it had recently purchased."
Occam's Razor says something significant was going on and I'm surprised as an investigative sort yourself that you aren't the least bit curious or better yet suspicious about what it was. The simplest explanation is that the vendor had no reason to lie about either statement, but Apple might have reason for misdirection considering security issues. Lying? I'm not claiming they did and no one else involved is either AFAICT.
Anyway I don't plan on dying on any hill, this is probably the last of my involvement in the thread (Probably). I'm not taking any PR statement at face value and you seem to want to believe even more than was actually stated by Apple. Fair enough. Neither of us have our own unquestionable proof. It's more like in a civil trial, preponderance of the evidence IMHO.
Two people I've been working with for over 20 years and were friends before that gave me the quotes that I put in the story beyond Apple's direct quote.
Perhaps they should leave the techie stuff to the likes of Ars Technica.
Bloomberg has a solid track record of reporting on Apple. Apple has a solid track record of saying little of substance when it does not fit their image.
This Bloomberg article we're discussing did not involve Apple as the focus anyway, very little mentioned about them, and zero claims about it being anything widespread. It had far more to do with Amazon so hardly to be considered an Apple hit-piece.
In a probably unrelated event Apple began using Google servers for iCloud just a few months later which quite a few members here found surprising and some even distressed by. FWIW Google build its own servers and uses its own in-house designed security chipsets.
FWIW - SuperMicro builds its own servers too. They just outsource the actual fabrication of the components in Asia. Does Google do that too? I don't think Google manufactures its own PCB boards, with capacitors, resistors, etc.. and solders them to the PCB right?
Perhaps they should leave the techie stuff to the likes of Ars Technica.
Bloomberg has a solid track record of reporting on Apple. Apple has a solid track record of saying little of substance when it does not fit their image.
Bloomberg has a solid track record of trolling Apple, as its headed now by Mark Gurman.
Um. No. He's a reporter and definitely "not in charge". His name isn't in this story's by-line either. NOW I'm done Plenty here for everyone to make up their own minds what to take at face value if anything.
Perhaps they should leave the techie stuff to the likes of Ars Technica.
Bloomberg has a solid track record of reporting on Apple. Apple has a solid track record of saying little of substance when it does not fit their image.
This Bloomberg article we're discussing did not involve Apple as the focus anyway, very little mentioned about them, and zero claims about it being anything widespread. It had far more to do with Amazon so hardly to be considered an Apple hit-piece.
In a probably unrelated event Apple began using Google servers for iCloud just a few months later which quite a few members here found surprising and some even distressed by. FWIW Google build its own servers and uses its own in-house designed security chipsets.
FWIW - SuperMicro builds its own servers too. They just outsource the actual fabrication of the components in Asia. Does Google do that too? I don't think Google manufactures its own PCB boards, with capacitors, resistors, etc.. and solders them to the PCB right?
Google is pretty secretive when it comes to the actual specifics. A couple years ago someone had asked the man overseeing Google's worldwide server network about designing the servers but sending the manufacturing to China. His answer was that wasn't exactly true about sourcing all the stuff from Asia/China but he wasn't allowed to discuss why it wasn't true, trade secrets and all.
But to the exact question you asked: Common sense would tell you that Google would not be building each individual capacitor, resistor etc so yes there will always be a possibility of some creative ne'er-do-well finding a hardware door somewhere.
I find it difficult to believe that Bloomberg would risk fabricating this whole story. It seems more likely that deals were made behind the scenes to use this to pressure China to back off on IP theft and open up their markets. Apple and Amazon would benefit from this much more than pissing off China by going public.
Perhaps they should leave the techie stuff to the likes of Ars Technica.
Bloomberg has a solid track record of reporting on Apple. Apple has a solid track record of saying little of substance when it does not fit their image.
Perhaps they should leave the techie stuff to the likes of Ars Technica.
Bloomberg has a solid track record of reporting on Apple. Apple has a solid track record of saying little of substance when it does not fit their image.
Bloomberg has a solid track record of trolling Apple, as its headed now by Mark Gurman.
Um. No. He's a reporter and definitely "not in charge". His name isn't in this story's by-line either.
I’m under the impression Gurman was hired to do their Apple-rumors coverage, even if that isn’t being “in charge”. Perhaps he’s not involved here because it’s a matter of general tech/security.
Besides the point tho, which was that he’s not unbiased and is a pro-troll.
Comments
https://aws.amazon.com/blogs/security/setting-the-record-straight-on-bloomberg-businessweeks-erroneous-article/
Mirrors Apple's statement.
As regards the SEC what leads you to believe they can involve themselves in a classified national security investigation? It looks to me like "classified and national security" would trump any SEC investigation, in fact any other civil agency probe.
On top of that Apple's statement was both extremely specific and at the same time quite vague. IMHO the very specific claim alluded to could well be true without the Bloomberg article being false.
Apple: "Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server"
Bloomberg: "Three senior insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards."
Supposedly this was discovered within a lab setting and not in one of their server farms? I think that's the claim.
Yeah, this is already covered in the original story:
The supplier said that Apple had purchased servers, but the supplier doesn't actually know what Apple did with them. The report that Siri used infected servers came from an anonymous source, not the supplier.
Apple's final word at the time:
I get that you work to the notion that 'anything bad for Apple is good for Google', but you and the 'Apple must die' brigade need to think this through.
As Mike as already pointed out:
If Apple were to try to cover up a breach of any size in the way that you're accusing them of, then effect on the company when it came to light would be catastrophic. Even Facebook would not attempt to keep something like this under wraps. Users need to be informed if there is any chance that their personal data is compromised in such a way.
In 2006, Apple sent out a small number iPods that were infected with a virus. In this case, they warned the general public as soon as they found:
https://www.newscientist.com/article/dn10325-apple-blames-ipod-virus-on-windows/
As I said at the time: classy
Point is, rather than try to cover it up, Apple would most likely come clean (as the law requires) and just blame the folk who sold them the equipment.
Regarding the SEC - they couldn't ignore a national security order now. However, they can go back to lies by publicly traded companies presented during the time of the investigation and drop the hammer on companies. If Apple, and Amazon are under a national security order, they wouldn't have said a single thing.
This is a funny hill for you to die on, man. Occam's razor applies here -- the simplest explanation is that Bloomberg is wrong, because the stakes are too high for Apple and Amazon to lie about it.
But the vendor themselves notes Apple's sudden and unexplained refusal to continue communication with them on the discovered "firmware" issue after initially reporting it:
"...when his company (Supermicro) asked Apple's engineers to provide information about the firmware, they gave an incorrect version number—and then refused to give further information.
The big question that should be staring you in the face begging for an answer is: If the firmware version was not a legitimate one recognized by the vendor how did it get there and who authored it? Second to that is what prompted Apple to stop pursuing the answer through the vendor, ending cooperation.
They also confirm Apple's return of servers already supplied by them.
"Supermicro's senior vice-president of technology, Tau Leng, told The Information that Apple had ended its relationship with Supermicro because of the compromised systems in the App Store development environment. Leng also confirmed Apple returned equipment that it had recently purchased."
Occam's Razor says something significant was going on and I'm surprised as an investigative sort yourself that you aren't the least bit curious or better yet suspicious about what it was. The simplest explanation is that the vendor had no reason to lie about either statement, but Apple might have reason for misdirection considering security issues. Lying? I'm not claiming they did or Amazon did and no one else involved is either AFAICT.
Anyway I don't plan on dying on any hill, this is probably the last of my involvement in the thread (Probably). I'm not taking any PR statement at face value and you seem to want to believe even more than was actually stated by Apple. Fair enough. Neither of us have our own unquestionable proof. It's more like in a civil trial, preponderance of the evidence IMHO.
Plenty here for everyone to make up their own minds what to take at face value if anything.
https://www.theregister.co.uk/2017/01/16/google_reveals_its_servers_all_contain_custom_security_silicon/
Google is pretty secretive when it comes to the actual specifics. A couple years ago someone had asked the man overseeing Google's worldwide server network about designing the servers but sending the manufacturing to China. His answer was that wasn't exactly true about sourcing all the stuff from Asia/China but he wasn't allowed to discuss why it wasn't true, trade secrets and all.
But to the exact question you asked: Common sense would tell you that Google would not be building each individual capacitor, resistor etc so yes there will always be a possibility of some creative ne'er-do-well finding a hardware door somewhere.
Besides the point tho, which was that he’s not unbiased and is a pro-troll.
(Edited to revise statement of being in charge)