SuperMicro server spy chip story returns, with no more proof than before

Posted:
in General Discussion edited February 2021
Bloomberg has doubled-down on its controversial 2018 report alleging that there were Chinese-planted spy chips in server hardware supplied to Apple, other big tech, and the US government -- but there is nothing in the new story to corroborate the widely debunked original report.

Inside one of Apple's U.S. data centers
Inside one of Apple's U.S. data centers


On October 4, 2018, a Bloomberg report based on what the venue said was a multi-year investigation claimed that Apple, Amazon, and 30 other companies had been the victim of an espionage campaign in which rice-sized chips had been planted on motherboards made by Super Micro. Once delivered, the motherboards supposedly created a backdoor into infrastructure like Apple's iCloud.

It has been two and a half years, and Bloomberg has issued another round of reporting on the story. The new story cites new "sources" that lack first-hand information on the tale, and instead say that they were "briefed" about the matter.

SuperMicro has refuted the details of the report again. In a statement to Bloomberg the company says that there has been no contact by the U.S. government or any of its customers about the claims.

Furthermore, SuperMicro calls the continued saga "a mishmash of disparate and inaccurate allegations" and it "draws farfetched conclusions."

Bloomberg itself cites the NSA as standing by previous comments denying the claims, including a statement that the agency was "befuddled" by the report.

In 2018, following the original claims, Apple was quick to deny allegations, insisting that it had conducted a "massive, granular, and siloed investigation."

Amazon also issued a very clear denial of the story.

"There are so many inaccuracies in this article as it relates to Amazon that they're hard to count," Amazon said in its statement, refuting several specific claims, and specifically citing that there was no modified hardware found.

Several subsequent accounts have cast further doubt, such as one from the senior advisor for Cybersecurity Strategy to the director of the U.S. National Security Agency. Additionally, The U.S. Department of Homeland Security commented that it had "no reason to doubt" the positions of Apple and Amazon.

Apple CEO Tim Cook also spoke about Bloomberg's allegations. Apple's CEO denied the report, and took issue with how the story's reporters communicated with Apple.

"There is no truth in their story about Apple," Cook said in 2018. "They need to do that right thing and retract it."

"I was involved in our response to this story from the beginning," said Cook. "I personally talked to the Bloomberg reporters along with Bruce Sewell who was then our general counsel. We were very clear with them that this did not happen, and answered all their questions. Each time they brought this up to us, the story changed and each time we investigated we found nothing."

"We turned the company upside down. Email searches, datacenter records, financial records, shipment records," Cook added. "We really forensically whipped through the company to dig very deep and each time we came back to the same conclusion: This did not happen. There's no truth to this."

Super Micro itself said that it would continue to investigate the allegations found in the report. At the same time, Super Micro CEO Charles Liang echoed Cook's call for a retraction.

"Bloomberg's recent story has created unwarranted confusion and concern for our customers, and has caused our customers, and us, harm," Liang said at the time. "Bloomberg should act responsibly and retract its unsupported allegations that malicious hardware components were implanted on our motherboards during the manufacturing process."

Other analyses proved that the vector of attack that Bloomberg proposed was impossible. Specifically, that report said that there were some "fairly astounding plausibility and feasibility gaps," and added that the story was notably light on details and difficult to navigate. No additional details were provided in Friday's new recounting of the saga.

SuperMicro servers are still being purchased by the Federal government, and never left the allowable purchases list at any time.

In the face of debunks, and Apple, Amazon, SuperMicro, plus at least three Federal agencies calling for a retraction, Bloomberg stands by its reporting.
«134

Comments

  • Reply 1 of 64
    • Bloomberg's own named source (Joe Fitzpatrick) discredited the story - https://risky.biz/RB517_feature/
    • No other publications could verify the claims e.g. https://www.washingtonpost.com/blogs/erik-wemple/wp/2018/10/22/your-move-bloomberg/
    • Bloomberg have made no attempt to clarify the story or correct any of the errors pointed out by experts, including the NSA.
    • The article is grossly naive on the operation of the data centers.
    • No physical evidence of such chips was ever found
    • The described method of giving access is not compatible with a singular tiny chip, nor would such a method work to begin with.
    • Even the cover photo for the article was b/s
    williamlondonjdb8167Xedomar moraleslongpathkillroychasmviclauyycnormmn2itivguy
  • Reply 2 of 64
    maestro64maestro64 Posts: 5,043member
    Why is anyone surprised they are trying another run at this story. Journalist today think they can say anything they like and use "anonymous" source to back up their false claims and knowing there will be no downside for their misleading information. They think they are smarter than anyone else and no will fact check them since they write so well.
    prismaticssteven n.entropyswatto_cobra
  • Reply 3 of 64
    It's a good thing you didn't name Bloomberg in your headline: if you had, I wouldn't have seen it because of the filter I put in place a while back to shield myself from their unsubstantiated hyperbole.
    watto_cobra
  • Reply 4 of 64
    lkrupplkrupp Posts: 10,557member
    Bloomberg sounds like Trump, keep telling the lie long enough and hope people start believing it.

    What are the facts? Smart engineers have been all over these SuperMicro boards and found nothing, NOTHING. Bloomberg has not come up with a single shred of physical evidence that this allegation is true.
    muthuk_vanalingamDAalsethStrangeDayswilliamlondonomar moralestokyojimuviclauyycdewmebyronlwatto_cobra
  • Reply 5 of 64
    flydogflydog Posts: 1,123member
    Yet AI continues to rely on Bloomberg as a source of information for its stories. 
    williamlondonomar moralesapplguyRayz2016
  • Reply 6 of 64
    Mike WuertheleMike Wuerthele Posts: 6,858administrator
    flydog said:
    Yet AI continues to rely on Bloomberg as a source of information for its stories. 
    An organization as monolithic as Bloomberg can get some things right, and some things wrong.

    Mike Bloomberg isn't personally writing every article.
    XedStrangeDayswilliamlondonthtchasmviclauyycGeorgeBMaclibertyforallwatto_cobra
  • Reply 7 of 64
    DAalsethDAalseth Posts: 2,783member
    This is why when I read other stories from Bloomberg I discount them, or often just skip them. At this point Bloomberg could say it was sunny, and I’d take an umbrella. At some point they will start to lose readership because of this kind of BS. 

    The worst part though is that there IS a real threat of spying and cyber attacks from state actors. But they will use software. Witness the recent attack on businesses and government agencies. That was all done via software. Reports like this one from Bloomberg distract from the real threats.
    muthuk_vanalingamtokyojimulongpathviclauyycn2itivguywatto_cobra
  • Reply 8 of 64
    This just makes Bloomberg look like they're itching to be another conspiracy rag.
    watto_cobra
  • Reply 9 of 64
    Everyone involved w/ the story says 'No way!', but a disreputable paper says 'Yes way!'. Hmm. The original story only had a single named-source, and even he said he was taken out of context and said their story "didn't make sense":

    https://appleinsider.com/articles/18/10/09/security-researcher-cited-in-bloombergs-china-spy-chip-investigation-casts-doubt-on-storys-veracity

    https://9to5mac.com/2018/10/09/bloomberg/
    edited February 2021 chasmn2itivguywatto_cobra
  • Reply 10 of 64
    maestro64maestro64 Posts: 5,043member
    lkrupp said:
    Bloomberg sounds like Media and every Politician, keep telling the lie long enough and hope people start believing it.

    What are the facts? Smart engineers have been all over these SuperMicro boards and found nothing, NOTHING. Bloomberg has not come up with a single shred of physical evidence that this allegation is true.
    I am sorry I slightly fix your statement to make it more arcuate   
    macseekersteven n.watto_cobra
  • Reply 11 of 64
    1348513485 Posts: 343member
    NinjaMan said:
    is it racist that they described the chip as "rice sized"?
    Maybe, or maybe just an unfortunate word choice.

    Either way, doesn't Bloomberg think that on chips that are microscopically examined that a grain of rice-sized anomaly just might be noticed?
    watto_cobra
  • Reply 12 of 64
    Sounds like time for a good, old-fashioned, multi-billion dollar defamation lawsuit to put the fear of God into Bloomberg.
    randominternetpersonlongpathchasmmacseekerseanjviclauyycrotateleftbytesphericn2itivguywatto_cobra
  • Reply 13 of 64
    Sounds like time for a good, old-fashioned, multi-billion dollar defamation lawsuit to put the fear of God into Bloomberg.
    Exactly.  You have to believe that Apple, Amazon, and Super Micro each have to be at least weighing the pros and cons of such a step.  It would be a tough case to win, but with Bloomy doubling down on this BS, perhaps it's the logical next step.
    longpathchasmviclauyycsphericwatto_cobra
  • Reply 14 of 64
    I'm rather befuddled that Bloomberg hasn't been served an enormous libel suit by now.
    chasmviclauyycwatto_cobra
  • Reply 15 of 64
    Why doesn't Supermicro sue Bloomberg for slander? Force Bloomberg to either prove their story by presenting facts or back down and retract the story.
  • Reply 16 of 64
    mike1mike1 Posts: 3,275member
    13485 said:
    NinjaMan said:
    is it racist that they described the chip as "rice sized"?
    Maybe, or maybe just an unfortunate word choice.

    Either way, doesn't Bloomberg think that on chips that are microscopically examined that a grain of rice-sized anomaly just might be noticed?

    Huh?! Rice is still a food and describing it as rice-sized certainly conveys the relative size of something pretty accurately.
    steven n.viclauyycmazda 3swatto_cobra
  • Reply 17 of 64
    Ignoring this particular story, all governments have the motive to plant bugs against hostile nations. Very few have the opportunity, since all motherboards are made in China. The gov't of China has both motive AND opportunity. It's obvious they also have the means to do so, including Chinese law and political system which permits the CCP to do this. 

    Does everyone agree that China has the motive, opportunity and means to perform this type of attack? This is my question for everyone here. Answer it. Don't evade the question.
    edited February 2021
  • Reply 18 of 64
    sflocalsflocal Posts: 6,092member
    Bloomberg needs to be put in front of a committee hearing and put his to rest.  If this did indeed happen, then let's see the evidence.  So far, everyone that is mentioned in the article denies it.  If Bloomberg is lying, then someone needs to be jailed.  This kind of news can destroy a company like SuperMicro.
    chasmviclauyycwatto_cobra
  • Reply 19 of 64
    genovellegenovelle Posts: 1,480member
    Bloomberg has doubled-down on its controversial 2018 report alleging that there were Chinese-planted spy chips in server hardware supplied to Apple, other big tech, and the US government -- but there is nothing in the new story to corroborate the widely debunked original report.

    Inside one of Apple's U.S. data centers
    Inside one of Apple's U.S. data centers


    On October 4, 2018, a Bloomberg report based on what the venue said was a multi-year investigation claimed that Apple, Amazon, and 30 other companies had been the victim of an espionage campaign in which rice-sized chips had been planted on motherboards made by Super Micro. Once delivered, the motherboards supposedly created a backdoor into infrastructure like Apple's iCloud.

    It has been two and a half years, and Bloomberg has issued another round of reporting on the story. The new story cites new "sources" that lack first-hand information on the tale, and instead say that they were "briefed" about the matter.

    SuperMicro has refuted the details of the report again. In a statement to Bloomberg the company says that there has been no contact by the U.S. government or any of its customers about the claims.

    Furthermore, SuperMicro calls the continued saga "a mishmash of disparate and inaccurate allegations" and it "draws farfetched conclusions."

    Bloomberg itself cites the NSA as standing by previous comments denying the claims, including a statement that the agency was "befuddled" by the report.

    In 2018, following the original claims, Apple was quick to deny allegations, insisting that it had conducted a "massive, granular, and siloed investigation."

    Amazon also issued a very clear denial of the story.

    "There are so many inaccuracies in this article as it relates to Amazon that they're hard to count," Amazon said in its statement, refuting several specific claims, and specifically citing that there was no modified hardware found.

    Several subsequent accounts have cast further doubt, such as one from the senior advisor for Cybersecurity Strategy to the director of the U.S. National Security Agency. Additionally, The U.S. Department of Homeland Security commented that it had "no reason to doubt" the positions of Apple and Amazon.

    Apple CEO Tim Cook also spoke about Bloomberg's allegations. Apple's CEO denied the report, and took issue with how the story's reporters communicated with Apple.

    "There is no truth in their story about Apple," Cook said in 2018. "They need to do that right thing and retract it."

    "I was involved in our response to this story from the beginning," said Cook. "I personally talked to the Bloomberg reporters along with Bruce Sewell who was then our general counsel. We were very clear with them that this did not happen, and answered all their questions. Each time they brought this up to us, the story changed and each time we investigated we found nothing."

    "We turned the company upside down. Email searches, datacenter records, financial records, shipment records," Cook added. "We really forensically whipped through the company to dig very deep and each time we came back to the same conclusion: This did not happen. There's no truth to this."

    Super Micro itself said that it would continue to investigate the allegations found in the report. At the same time, Super Micro CEO Charles Liang echoed Cook's call for a retraction.

    "Bloomberg's recent story has created unwarranted confusion and concern for our customers, and has caused our customers, and us, harm," Liang said at the time. "Bloomberg should act responsibly and retract its unsupported allegations that malicious hardware components were implanted on our motherboards during the manufacturing process."

    Other analyses proved that the vector of attack that Bloomberg proposed was impossible. Specifically, that report said that there were some "fairly astounding plausibility and feasibility gaps," and added that the story was notably light on details and difficult to navigate. No additional details were provided in Friday's new recounting of the saga.

    SuperMicro servers are still being purchased by the Federal government, and never left the allowable purchases list at any time.

    In the face of debunks, and Apple, Amazon, SuperMicro, plus at least three Federal agencies calling for a retraction, Bloomberg stands by its reporting.
    Sounds like they need an old fashioned defamation lawsuit along the lines of Dominion. Problem solved. 
    killroychasmspheric
  • Reply 20 of 64
    genovelle said:
    Super Micro itself said that it would continue to investigate the allegations found in the report. At the same time, Super Micro CEO Charles Liang echoed Cook's call for a retraction.

    "Bloomberg's recent story has created unwarranted confusion and concern for our customers, and has caused our customers, and us, harm," Liang said at the time. "Bloomberg should act responsibly and retract its unsupported allegations that malicious hardware components were implanted on our motherboards during the manufacturing process."

    Other analyses proved that the vector of attack that Bloomberg proposed was impossible. Specifically, that report said that there were some "fairly astounding plausibility and feasibility gaps," and added that the story was notably light on details and difficult to navigate. No additional details were provided in Friday's new recounting of the saga.

    SuperMicro servers are still being purchased by the Federal government, and never left the allowable purchases list at any time.

    In the face of debunks, and Apple, Amazon, SuperMicro, plus at least three Federal agencies calling for a retraction, Bloomberg stands by its reporting.
    Sounds like they need an old fashioned defamation lawsuit along the lines of Dominion. Problem solved. 
    Your argument might be valid if Bloomberg was blaming SuperMicro, but in fact the Bloomberg article, even the title of the original Bloomberg article, blamed the Communist Party of China, not SuperMicro, and implies that SuperMicro was a victim here, not a culprit. Do you think that SuperMicro was the culprit? Do you think the average reader of this article blames SuperMicro when the article itself never blamed SuperMicro? Can you cite a case where a victim successfully sued a newspaper for libel for pointing out that they were a victim or can you cite a case where anyone in the press blamed SuperMicro for this problem?

    https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
    "The chips had been inserted during the manufacturing process, two officials say, by operatives from a unit of the People’s Liberation Army."

    The fact that SuperMicro didn't point out that they were a victim, but instead made the response that their products were NOT impacted, actually is the only factor that makes me think SuperMicro is indeed complicit. If SuperMicro was innocent a more appropriate response would have been, "Please show us the evidence. We want to see evidence of this claim if our products haver been compromised." But they never said that, which makes me think even their responses were controlled by the CCP. Their answer was exactly what the guilty government of China would say, not what an innocent victim would say.
    elijahglibertyforall
This discussion has been closed.