Bloomberg is cornered in the case of alleged Chinese espionage

The climate between Apple and Bloomberg he is still quite shaken after the vehicle claims that both Ma, Amazon and other companies in the sector, including government agencies, would have been spied on by China in a move involving the installation of microchips on servers used by these companies and government agencies.

A lot of water has flowed, but so far, both sides are irreducible: while the pair Apple and Amazon continue to affirm that there is no chance that the story will be green (for everything that has already been invested and, so far, nothing has been confirmed), The Bloomberg continues to state that the accusation was the result of an investigation of more than a year, involving more than 17 sources.

Let's go to the new developments!

National Intelligence also counters Bloomberg

The US Director of National Intelligence, Dan Coats, was another to state that, so far, the government “has seen no evidence” that Chinese spy chips have been installed on such servers, as reported by CyberScoop.

We have seen no evidence of this, but we are taking nothing for granted. We saw nothing, but we are always watching.

Dan Coats, US Director of National IntelligenceDan Coats, US Director of National Intelligence, speaking at the CyberTalks event

The comment was made before a speech at CyberTalks, where the director addressed these supply chain issues as a facet of cyber security threats and corroborated similar claims from people like Rob Joyce (senior consultant for cybersecurity strategy at the NSA).

Amazon also positions itself

THE Amazon Web Services, in the figure of its CEO Andy Jassy, also positioned itself.

@tim_cook is right. The history of Bloomberg You are wrong about Amazon, too. They offered no proof, the story continued to change and showed no interest in our responses unless we could validate their theories. Reporters were manipulated or spoke without evidence. THE Bloomberg should portray.

Jassy’s words of the recent weight of the Apple CEO’s statement that none of this is true and that Bloomberg should portray.

Super Micro reevaluating its products

Super Micro (central part of this story, since it was accused of manipulating the servers), in turn, announced that it will reevaluate its motherboards in search of any evidence of malicious chips, as highlighted by Reuters.

"Despite the lack of any evidence that there is a malicious hardware chip, we are carrying out a complicated and time-consuming review to investigate the allegations of the matter," the company said in a statement.

At the same time, the company's CEO also joined Cook in asking that Bloomberg portray itself by history, as Steve Kopack of the CNBC:

Super Micro is committed to creating world-class servers and storage products. The recent history of Bloomberg it created unjustified confusion and concern for our customers and caused damage to our customers and us. THE Bloomberg You must act responsibly and portray your unsupported claims that malicious hardware components were deployed on our motherboards during the manufacturing process.

The allegations imply that there are a large number of mother plaques affected. THE Bloomberg it did not show a single affected motherboard, we did not see any malicious hardware components in our products, no government agency contacted us about malicious hardware components, and no customer reported finding malicious hardware components.

Bloomberg is alone

Erik Wemplecritical of The Washington Post (and that he has a blog inside the newspaper), talked about it and basically said that the ball is now with Bloomberg.

According to his sources, New York Times, Wall Street Journal and The Post they investigated the story to see if they would discover something and, who knows, confirm the story or give some other version of the facts; but nothing was found.

For Wemple, the best journalism is the one that puts into practice what we call reverse engineering. He used the biggest case of success today to exemplify this: the recent investigation of the New York Times on the finances of the Trump family, in which the newspaper published documents, he cited sources basically made a complete survey of the “accusation”, showing concrete evidence of the content of the text.

THE BloombergOn the other hand, it gave almost no script for the information to be reproduced (which helps to explain why competing vehicles tried to confirm everything, but failed). The denials of companies (Apple and Amazon) and the American government basically oblige Bloomberg to add some kind of proof (be it to assign more reporters history, to re-interview the sources, to ask for photos and emails that prove something doesn't matter). If the vehicle does not, Wemple believes that the only solution is a retraction.

Technically impossible espionage?

We already commented that, from a technical point of view, installing a microchip on servers to spy on a company would be technically possible, at least according to a former Apple employee. An expert on the subject also stated that such a technique is plausible, even though it was far from being used by him to achieve this purpose. But it doesn't seem like that.

Super Micro cardThe website Serves The Home used a Super Micro motherboard to investigate the allegations of the Bloomberg

In summary, a very thorough analysis made by the website Serves The Home identified as the main problem of this story the whole description of the original matter that the chips are “connected to the management controller of the motherboard, a type of superchip that administrators use to remote login to problematic servers, giving access to the most sensitive code even on problematic or disconnected machines ”. The chips would also be able to tell the connected device to connect to external computers and install codes received from those servers on the device's operating system.

The claim that the device communicates externally is considered false by them due to the basic security practices of the sector (BMCs are usually networked separately from internet-facing connections). According to the website, the firms identified in the report, including Apple and Amazon, probably have better security protections than a small or medium-sized company, which would include enhanced security for BMCs, making these attacks virtually impossible.

Access to sensitive codes on faulty or disconnected machines has also been ruled out by the website, since "this is not the way this technology works". When the BMC is on, the data stores and the processor are not connected and cannot be directly communicated in that state. That is, if the server storage is not activated, it will be inaccessible and no code injection can be performed.

The site also countered other parts of the report Bloomberg and basically insists on the idea that the vehicle needs to present credible and verifiable information to prove that this story is true and that, if such evidence or information is not available, the Bloomberg he should portray himself and investigate how it ended up in his writing.

· • ·

The thing is getting ugly for the Bloomberg

via AppleInsider, Daring Fireball, Cult of Mac, 9to5Mac, Daring Fireball, AppleInsider