DHS and GCHQ join Amazon and Apple in denying Bloomberg's Chinese chip hack story

Both US and UK intelligence officials have put out statements over the weekend in support of Amazon, Apple, and Supermicro in regards to recent allegations made by Bloomberg in an article published last week.

On Thursday, Bloomberg reporters claimed that Chinese intelligence had secretly implanted spy chips inside motherboards used for Supermicro servers that eventually made their way inside the IT infrastructure of Apple, Amazon, and 30 other companies, but also inside the networks of US and UK governments.

The report shocked the public and cut Supermicro's stock value in half.

All three major companies named in the piece vehemently denied the Bloomberg report's claims.

Amazon cited "so many inaccuracies [...] that they're hard to count."

Apple suggested Bloomberg's sources "might be wrong or misinformed," and they might be "confusing their story with a previously-reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of [the Apple] labs."

Supermicro, too, denied the Bloomberg report, with the company saying they have "never been contacted by any government agencies either domestic or foreign regarding the alleged claims."

In its report, Bloomberg cited 17 unnamed sources from the intelligence and private sector.

But in its statement, Apple said that "no one from Apple ever reached out to the FBI about anything like this, and we have never heard from the FBI about an investigation of this kind -- much less tried to restrict it."


Over the past few days, several security researchers and infosec pundits have torn the Bloomberg article to pieces, criticizing everything from the incorrect artwork to the lack of technical details or the reporters' ability to convince sources to go on the record with their real names. Despite all this, Bloomberg stood by its reporting.


zdnet.com/article/dhs-and-gchq-join-amazon-and-apple-in-denying-bloomberg-chip-hack-story/

Attached: 600x-1.jpg (600x799, 74.32K)

Other urls found in this thread:

theverge.com/2013/6/6/4404112/nsa-prism-surveillance-apple-facebook-google-respond
bloomberg.com/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecom
servethehome.com/yossi-appleboum-disagrees-bloomberg-is-positioning-his-research-against-supermicro/
twitter.com/NSFWRedditGif

Curious on how this story hasn't caught too much traction yet.

If Amazon and Apple is telling fibs and denied so vehemently against it then they are in a world of astronomical hurt by the regulators. If Bloomberg was in the wrong then this would of been an epic fail of journalism or even worse someone is out there feeding misinformation to influence policy. Either way the fallout from this ordeal will be interesting.


Could Apple lie on the grounds of National Security etc. ?- the same way tech companies neglected to mention about various NSA spying programs they were a part of.. a requirement of the gag order

They did for PRISM, not to mention lying about their own firmware issues.

There are actually two things wrong about this.

said the people who continue to lie about built-in backdoors for spy agencies.

The alphabet agencies are not loyal to their respective countries. They are whores of the globalists, and the israelis, and probably the chinese as well.

Hell, they're outright hostile to their respective countries

true

When did they deny being part of PRISM?

Around june 6th 2013
theverge.com/2013/6/6/4404112/nsa-prism-surveillance-apple-facebook-google-respond

fuck off.

Attached: ClipboardImage.png (640x419, 58.96K)

I don't know who not to trust

I get why Amazon or Apple will deny it but why the other 2? GCHQ has always been quite hawkish on China's tech in the UK so this will give them a lot of ammunition. Homeland would likely want the same validation for keeping Huawei and ZTE out so giving credence to the Bloomberg story would support that.

DHS banned Huawei use in security devices for that specific reason, nearly a year ago.

Now when the Chinese complain or do retaliatory actions they can point to this as justification. Also this is strong ammunition to rally the allies to negotiate with China. Makes no sense for them to cover it up especially in this political climate. I know the hedgies sometimes go quite far with their short plays...but this would take the cake by a light year.

If the story is true, the various security agencies may be denying it because there are still vulnerable systems in place.

Or the spooks have found a way to hack those chips themselves and are spying on there own citizens through them. Or because of the market hit that would happen.

trust nobody, not even yourself

gonna bump this to help defeat disinfo

For what its worth Sepio Systems, a hardware security company, has confirmed with Bloomberg that they have found other types of modifications to servers from Supermicro as well as other vendors.
bloomberg.com/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecom
The real kicker though

I found this to be interesting:
servethehome.com/yossi-appleboum-disagrees-bloomberg-is-positioning-his-research-against-supermicro/
Basically, this guy thinks the problem isn't restricted to supermicro and is far reaching.
I still would like to see a physical example though.

Same here, I won't deny that hardware spying device is possible. But since it's so prevalent, I'd like to see what components there are in.
Also the picture they use like in OP and how it's written is like it's some chip that you "just plug on a board" and suddenly it's sending stuff to China, whereas is describing it as a bugged connector which isn't something new.
Added bonus, if they showed what it looked like. Other people could check around the hardware they get and can confirm/deny how widespread it is.

No matter which case is eventually found to be true, nobody should be happy. Any one of them is unacceptable.

Even if the whole shambles is a complete lie to force businesses to invest in security measures, the real problem is that BMCs have become a standard component and that they are never updated due to manufacturer carelessness. Why bother updating BMC firmware when nobody will pay for it? Why bother making servers that meet the OpenBMC standard or other opensource standards when nobody with money will care until the breach has already taken place?
Security is still an afterthought.

B-but it's nothing. J-just allegations out of thin air.
Goym, trust our PR departments.
Really, our submarines, our Navy(TM), our Striker Tanks are 100% secured by our partners who are totally NOT using mobos manufactured in China and are not sellouts for a greater israel. Trust your government full of double citizens who have business with the tirannic China slave country.
Be polite. Keep tweeting, Goym.

If anyone could do it, he has done it. China mass produces anything with billion of slaves. China has done it.


Let's say that out of the many backdoors some has been found. Let's say that by finding them, these backdoors can be used by changing the firmware//code. Do you use it against an opponent or go ranting about it on CNN while giving the (((precious info))) to some fucking TLA ??


OY, (((Press))) is Free. It is 2019 (((Jewish Year))) soon.

>(((Bloom)))(((berg)))
hmmm...

DAMAGE CONTROL
They don't want people becoming concerned with backdoors in computer hardware.

Ugh, like, this. It's all fine you guys, Apple and Amazon said so. Stop acting like conspiracy theorists.

Sent from my iPhone.

Just like the Intelaviv leaks these will be verified shortly. I don't think anyone with two halves of a brain cell to rub together is convinced it's all a lie.

We've known for years that this sort of thing is going on, why is it such a stretch that the Chinese would be doing to us what we obviously do to them? Heck it's possible that the implants that have been discovered are reverse-engineered from ones the NSA planted in hardware destined for China.

They're probably not lying as much as they're selectively telling parts of the truth. If there were a compromise of this type, it would almost certainly be highly classified, and the companies involved would be required not to comment on it for national security reasons. It's highly likely that C-level executives would be completely ignorant of this - knowledge would be compartmentalized by government requirement to only the personnel with direct knowledge of the event and their immediate superiors.

Yeah, I'm honestly surprised this didn't happen sooner.


Spooks vs American journalists. It's best not to trust either.

Why is there even a discussion about this?