from the not-looking-good dept
A few weeks ago, Bloomberg published a giant story claiming that Chinese spies did a somewhat daring supply chain hack on American big tech firms. The gist of the story was that servers from Super Micro had hidden chips that somehow were then used by Apple and Amazon (not to mention the US government), that allowed someone in China to access certain data. The story was a blockbuster that got everyone talking. But, almost as soon as it came out, a bunch of people started raising questions about the story. While the Bloomberg reporters claimed over a dozen sources, both Apple and Amazon came out with incredibly strong denials. Way stronger than is common in these situations. And while I know some cynical people insist that companies will lie about this stuff all the time, that is not actually true. Some companies may misrepresent things, or try to play down stories, but outright fabrication is not at all common (and the consequences of a company doing it would be severe). And here, both Amazon and Apple’s denials were so clear, so specific and so adamant that it raised serious questions about the reporting.
Since there was so much confusion over it all, we held off on writing about it, figuring more information would come out in the days and weeks after the initial story. And so far, nearly all of the “additional info” has only served to raise significantly more questions about Bloomberg’s reporting. Various government and intelligence agencies all claimed they had no evidence to support these claims. Again, some will argue that they are lying, and (again) while those agencies may have a history of misrepresenting things, the denials here were clear and unequivocal. The UK’s National Cyber Security Centre (a part of GCHQ) said they completely supported Apple and Amazon that no such attack occurred. The US Department of Homeland Security said the same thing. Dan Coats, the US Director of National Intelligence said the US intelligence community has seen no evidence of such an attack, which certainly undermines the Bloomberg story. Some of the folks quoted in the Bloomberg article even questioned the accuracy of the article with one going so far as to say the article that he is named in… “didn’t make sense.”
Also, as reporter Nicole Perlroth noted, one of the reporters on the Bloomberg story — Michael Riley — had also done a story back in 2014 making bold claims that the NSA had exploited the Heartbleed bug, and multiple other reports ripped that story to shreds, with multiple people denying it and no one else confirming it.
Now, with this story, Apple has done something it’s never done before: asked Bloomberg for a retraction of the article. That’s a pretty big move — and Bloomberg says it still stands by its reporting (as it did with the Heartbleed story).
However, at this point, Bloomberg has whittled away whatever benefit of the doubt there was left and set fire to the scraps. It’s difficult to believe that Bloomberg’s story was accurate, and the company and its reporters owe everyone an explanation — or at least some additional evidence to support the reporting. I don’t doubt that there is a kernel of truth in the story — but given the vehement and thorough response from everyone, it certainly seems likely that the reporters on the Bloomberg piece misunderstood something big, leading to misreporting of things in a way that leads to a very inaccurate picture of what’s going on. Bloomberg should, at the very least, appoint someone else to go through the work put in by reporters Michael Riley and Jordan Robertson, and explore whether or not the story really is accurate, and why it is that basically everyone is saying it’s not.
Reporters can, and do, make mistakes. How they respond to such mistakes is the real marker of the ethics they and the organizations they work for hold. Considering Bloomberg stood by that Heartbleed story, perhaps we shouldn’t expect such a reckoning at the publication — but, at the very least, it’s going to lead plenty of people to write off Bloomberg as a credible source on issues like these, and that’s unfortunate, given that there are some really big and important stories having to do with computer security right now. Having one major publication show itself to be untrustworthy in its coverage would be very bad.
Filed Under: espionage, hacked chips, jordan robertson, michael riley, security, supply chain, surveillance
Companies: amazon, apple, bloomberg, super micro