Apple launched investigation into Bloomberg's China hack claims, 'found nothing'
Apple reportedly launched a wide-reaching internal investigation into an explosive report claiming Chinese spies compromised its servers in what boils down to a complex supply chain hack, but came up empty in its examination.
Graphic illustrating size of supposed Chinese spy chip allegedly embedded in Apple servers. | Source: Bloomberg Businessweek
Citing multiple high-ranking Apple executives who spoke on the matter anonymously, BuzzFeed News reports the company conducted a "massive, granular, and siloed investigation" into claims leveled in a recent Bloomberg Businessweek report. The Bloomberg story, published Thursday, alleges servers used by nearly 30 tech firms including Apple and Amazon were compromised as part of an elaborate Chinese intelligence operation uncovered in 2015.
Not only did Apple's investigation find no evidence of the hardware tampering in question, but it also failed to identify unrelated incidents that could have contributed to Bloomberg's claims, the report said.
"We tried to figure out if there was anything, anything, that transpired that's even remotely close to this," a senior Apple security executive said, according to BuzzFeed News. "We found nothing."
A security engineer involved in the investigation said they had never seen a microchip resembling the component described in the Bloomberg report.
Thursday's story claimed Chinese operatives managed to sneak a microchip the size of a grain of rice onto motherboards produced by Supermicro, which supplied the parts for use in Apple's iCloud data centers. The chip, supposedly designed by the Chinese military, was said to act as a "stealth doorway onto any network" and offered "long-term stealth access" to attached computer systems.
"I don't know if something like this even exists," the unnamed Apple engineer said. The person went on to note that Bloomberg did not produce material for Apple to examine in efforts to corroborate the report. "We were given nothing. No hardware. No chips. No emails."
Another Apple executive, a senior member of the company's legal team, said it had not been in contact with government agencies purportedly investigating the matter. Bloomberg in its report claims Apple informed the FBI of "suspicious chips" found in Supermicro servers around May 2015 after "detecting odd network activity and firmware problems."
The executive reiterated Apple's public statement on the matter, saying the company is not bound by a confidentiality agreement or gag order.
Apple appears to have exhausted all avenues in its investigation, and sources told BuzzFeed News the company believes there is little else it can do at this juncture.
Just hours after the Bloomberg report was published, both Apple and Amazon issued strongly worded statements refuting the claims in no uncertain terms. As BuzzFeed News points out, the denial is unlike anything Apple has distributed, including a precisely worded counter to claims that it participated in the U.S. government's PRISM surveillance program in 2013. The company uses broad language to categorically deny all assertions in Bloomberg's story, and offers point-by-point rebuttal to certain facts and figures.
Amazon's response struck a similar tone.
For its part, Bloomberg is standing by its investigation, saying the report took more than a year to compile and involved more than 100 interviews. The publication cites 17 sources from government agencies and companies involved in the alleged hack, including senior insiders at Apple.
With both sides refusing to stand down the issue has become a matter of "he said, she said." It is unclear how, or even if, the allegations can be disproven, as Bloomberg has yet to produce conclusive evidence of the scheme beyond information from anonymous sources.
Graphic illustrating size of supposed Chinese spy chip allegedly embedded in Apple servers. | Source: Bloomberg Businessweek
Citing multiple high-ranking Apple executives who spoke on the matter anonymously, BuzzFeed News reports the company conducted a "massive, granular, and siloed investigation" into claims leveled in a recent Bloomberg Businessweek report. The Bloomberg story, published Thursday, alleges servers used by nearly 30 tech firms including Apple and Amazon were compromised as part of an elaborate Chinese intelligence operation uncovered in 2015.
Not only did Apple's investigation find no evidence of the hardware tampering in question, but it also failed to identify unrelated incidents that could have contributed to Bloomberg's claims, the report said.
"We tried to figure out if there was anything, anything, that transpired that's even remotely close to this," a senior Apple security executive said, according to BuzzFeed News. "We found nothing."
A security engineer involved in the investigation said they had never seen a microchip resembling the component described in the Bloomberg report.
Thursday's story claimed Chinese operatives managed to sneak a microchip the size of a grain of rice onto motherboards produced by Supermicro, which supplied the parts for use in Apple's iCloud data centers. The chip, supposedly designed by the Chinese military, was said to act as a "stealth doorway onto any network" and offered "long-term stealth access" to attached computer systems.
"I don't know if something like this even exists," the unnamed Apple engineer said. The person went on to note that Bloomberg did not produce material for Apple to examine in efforts to corroborate the report. "We were given nothing. No hardware. No chips. No emails."
Another Apple executive, a senior member of the company's legal team, said it had not been in contact with government agencies purportedly investigating the matter. Bloomberg in its report claims Apple informed the FBI of "suspicious chips" found in Supermicro servers around May 2015 after "detecting odd network activity and firmware problems."
The executive reiterated Apple's public statement on the matter, saying the company is not bound by a confidentiality agreement or gag order.
Apple appears to have exhausted all avenues in its investigation, and sources told BuzzFeed News the company believes there is little else it can do at this juncture.
Just hours after the Bloomberg report was published, both Apple and Amazon issued strongly worded statements refuting the claims in no uncertain terms. As BuzzFeed News points out, the denial is unlike anything Apple has distributed, including a precisely worded counter to claims that it participated in the U.S. government's PRISM surveillance program in 2013. The company uses broad language to categorically deny all assertions in Bloomberg's story, and offers point-by-point rebuttal to certain facts and figures.
Amazon's response struck a similar tone.
For its part, Bloomberg is standing by its investigation, saying the report took more than a year to compile and involved more than 100 interviews. The publication cites 17 sources from government agencies and companies involved in the alleged hack, including senior insiders at Apple.
With both sides refusing to stand down the issue has become a matter of "he said, she said." It is unclear how, or even if, the allegations can be disproven, as Bloomberg has yet to produce conclusive evidence of the scheme beyond information from anonymous sources.
Comments
as well as board position right?
still, rather speedy conclusion no?
Edit -- also:
That thing is TINY.
Edit -- then my next question is, any response from Amazon et al? guess I'll ddg it.
... guess I could read to the end of the article.... I'll show myself out now....
https://www.wsj.com/amp/articles/china-expands-its-cybersecurity-rulebook-heightening-foreign-corporate-concerns-1538741732
What if Apple is put in a position of having to extricate all of their manufacturing and assembly work from China? Apple is holding a very weak hand right now.
Bloomberg is under no such rule, and will never offer any proof of their allegations.
It's not rocket science who's more credible in this case.
This is beginning to sound more and more like some of Dan Brown's earlier works.
I'm afraid Bloomberg's going to have to do much better than a few anonymous sources now. We need to see some solid evidence. Have they got any more details of this alleged chip? If the Chinese military really does have such a device then we should be stealing their IP.
When the statement is false, the statement cause damages, and the person who made the statement knew it was false. Applying this to Bloomberg, it is unlikely that it would be held liable because there are no damages and the article writer relied on people who represented to the writer that the facts were true.
As of last evening I was nearly 100% on Apple's side with this, especially after Bruce Sewell, Apple's retired legal officer, said he knew nothing about it either and he's the one even more likely than Cook to have been advised if there was a national security investigation in place. Reportedly executive management and CEO's tend to be kept in the dark for plausible deniability reasons. But after reading this just now I'm a little less firmly in Apple's camp. "The lady doth protest too much, methinks" comes to mind.
Apple has had claims made against it before that could have impacted their reputation far more than this one, child labor in China, Apple security teams searching peoples houses, and cooperation with Prism are three off the top of my head, and they've never gone to this extent to broadcast over and over how innocent they are. Went to bed last night with it looking to me like Bloomberg got bad info and then wake up to yet more Apple protests and denials? This is getting weirder rather than clearer, morphing from that molehill into a mountain.