If there was hidden hardware on a bunch of servers, where is the hardware now? Why doesn’t Bloomberg’s sources have the hardware or know which boards they were?
Bloomberg provides zero evidence this happaned, outside of their anonymous sources.
> Why doesn’t Bloomberg’s sources have the hardware or know which boards they were?
How do you know Bloomberg's sources don't? They're anonymous, and while they might know about the implants in detail, they may not have the authority to take examples on a public dog and pony show.
Also, if they want to keep their anonymity, they probably have to be careful about what gets released in order avoid exposing themselves. For example, if you have a limited-distribution report you want to leak info from, leaking a summary of the report is a lot safer than leaking the report text itself. At a minimum, the latter narrows down the leaker to someone who had physical access to a copy.
> This is as stupid as saying Xinhua/Caixin have anonymous sources with solid evidence showing Trump is from Mars.
That tone is pretty uncalled for. The Bloomberg story may or may not be completely accurate, but it's fairly detailed and plausible. While you may categorically distrust anonymous sources, it's not stupid to think they may sometimes be right and that you can trust reputable journalists to vet what they say a fair amount of the time.
This story is still young. I wonder what other news organizations can find out about it (beyond the press release responses).
Also worth noting that Bloomberg has demonstrated its willingness to put journalistic integrity ahead of profits in the past. They’re currently blocked in China because of a story they ran years ago about the business connections of the country’s top leaders.
> that story a few years ago was backed by solid facts, independently confirmed by multiple sources. what bloomberg has this time?
Again, how do you know this story hasn't been confirmed by multiple sources and isn't backed by solid facts? IIRC, Bloomberg claims they confirmed details with sources within the US Government, Apple, and Amazon. Apple and Amazon have issued denials, but its quite possible those denials may have been lies or the people who made them may not have had all the facts.
Reputable journalists don’t base an entire story on anonymous sources: you use anonymous sources for background, you don’t use them as primary sources. If they don’t yet have anyone on record, then they shouldn’t be publishing stories until they do. Deep Thoat wasn’t the only source for Watergate: he was used as a means to obtain further evidence and sources.
How do you fact-check anonymous? Plausible has nothing to do with it. Plenty of things can be plausible, but that doesn’t make them even slightly true.
Assuming credibility for an anonymously sourced story is a folly, especially when the allegations are both market-moving and completely unverified. It’s irresponsible. They should have held the story until they had verifiable info.
Anonymous sources are only anonymous to readers, not the journalists behind the piece who do know the identity and vet the information before publishing. That's standard operating procedure.
It doesn't mean there are no dishonest journalists and made up sources, but assuming a source is real it is never without any verification at all.
Apple says they provided denials of this to Bloomberg before they posted and the article doesn’t (or didn’t when I read it) reflect that at all. The author chose to exclude that information. Or Apple is lying.
Anonymous sources without corroboration or other verification might as well be made up. We could literally write anything with “anonymous sources,” but unless there is some other validation or evidence, it’s Shrodinger’s Cat: it is equally true and false.
You do have validation: that Bloomberg has in the past been reliable and that it would be harmful to Bloomberg to publish such a story falsely. It's literally what editors are there for.
Certainly I might not believe "briandear" writing an article with only confidential sources (and really, that should be the term, not anonymous), but you don't make your living by being a reliable source of news.
My thoughts exactly. They're making claims that virtually everyone in tech is denying and haven't/can't produce any evidence.
Not to mention, if this hardware had been trying to phone home, it's safe to assume it would have set off some kind of an alert at at least one of these places.
"...let us consider a hypothetical. What if:
1. Everything in the Businessweek story is true, Chinese spies planted hardware backdoors in computers built and used by major American companies, and the FBI investigated along with those companies and discovered the backdoors.
2. It is a national-security secret and the companies were instructed by the FBI never to acknowledge it.
3. The companies are patriotically but falsely denying the hack."
If it were Apple, they wouldn’t write a categorical denial because once the “truth” leaked, their credibility would be shot for a long time. The standard Apple answer would be “Apple could not be reached for comment.”
The people hypothetically demanding these denials have gone literally thermonuclear before. It’s an entirely different ball game when you deal with the guys with machine guns.
When you read the article, I believe they are alluding to the fact that Apple and Amazon did discover the vunerabilities.
“In 2016, Apple informed Supermicro that it was severing their relationship entirely—a decision a spokesman for Apple ascribed in response to Businessweek’s questions to an unrelated and relatively minor security incident.”
> Not to mention, if this hardware had been trying to phone home, it's safe to assume it would have set off some kind of an alert at at least one of these places.
Maybe at some big companies, but not anywhere I've worked. I hardly know anyone who audits outgoing traffic with dedicated hardware.
I wonder if there is some magical market cap boundary beyond which companies stop being grossly negligent. We know it's over 200B as Intel somehow never bothered fixing their products for decades, let's hope five times that is big enough.
The original article specifically says that they saw odd network behavior and issues with the firmware. If this is all true (?), that's a piece of how they found it.
even when vice is covering it up? there are nuances everywhere. if you don't trust the reporters/editors to be accountable, the whole system of news reporting falls apart
Imagine that the boards actually do exist, and represent an espionage by a foreign government. Why would the company not immediately hand it over to the FBI/CIA, and immediately be forced to sign an NDA?
> Bloomberg provides zero evidence this happaned, outside of their anonymous sources.
Bloomberg probably ran this hoping that now that people are looking, some folks outside the circle of anonymous sources will find the chip so that they don't risk exposing their sources.
Publishing fishing expedition stories is irresponsible journalism. Bloomberg is a market-influencing outlet: printing unsubstantiated rumor is unethical, especially given their influence.
It's not a fishing exhibition if you have a bunch of sources from different directions all corroborating the story.
The story is so explosive that I find it very difficult to believe that Bloomberg isn't on very solid ground.
Nevertheless, getting hold of irrefutable physical evidence may be very difficult. By breaking the story, they now have lots of people now looking for that evidence.
In addition, they may now have enough cover to be able to actually present evidence in their possession and claim that it came from an outside source in order to protect their sources.
There is no good reason for Bloomberg to lie about this as it will significantly damage their reputation and bottom line if proven false.
Now, that doesn't mean that Bloomberg wasn't the target of an operation and was given planted, false information to trace leaks. However, as this has been in the playbook very recently, I would expect the press to be on guard for this.
How many people at Apple or Amazon have the ability to steal compromised hardware and surreptitiously hand it to a journalist? That seems like a pretty lofty expectation.
Bloomberg provides zero evidence this happaned, outside of their anonymous sources.