NSA Senior Cybersecurity Advisor questions Bloomberg Businessweek’s China iCloud spy chip claim

“Rob Joyce, Senior Advisor for Cybersecurity Strategy at the NSA, is the latest official to question the accuracy of Bloomberg Businessweek‘s bombshell ‘The Big Hack’ report about Chinese spies compromising the U.S. tech supply chain,” Joe Rossignol reports for MacRumors. “”

“‘I have pretty good understanding about what we’re worried about and what we’re working on from my position. I don’t see it,’ said Joyce, speaking at a U.S. Chamber of Commerce cyber summit in Washington, D.C. today, according to a subscriber-only Politico report viewed by MacRumors,” Rossignol reports. “‘I’ve got all sorts of commercial industry freaking out and just losing their minds about this concern, and nobody’s found anything,’ Joyce added.”

“Joyce, a former White House cybersecurity coordinator, noted that all of the companies named in the Bloomberg Businessweek report have issued strong denials, including Apple, Amazon, and Supermicro,” Rossignol reports. “He said those companies would ‘suffer a world of hurt’ if regulators later determine that they lied.”

Read more in the full article here.

MacDailyNews Take: You don’t put out a public statement like Apple’s unless you’re damn sure the report is wrong. We can’t wait to find out how Bloomberg Businessweek‘s story was vetted, how it got published, and to hear the publication’s official explanation (if we ever do).

With U.S. Senators now calling for more information, and officials like Joyce questioning Bloomberg Businessweek‘s story, we expect that we’ll all find out just what the heck went down here someday. Hopefully, it’ll be revealed sooner than later.

SEE ALSO:
Before China iCloud spy chip allegations, Bloomberg published these five incorrect stories about Apple – October 10, 2018
U.S. Senators Rubio and Blumenthal demand answers from Supermicro over spy chip allegations – October 10, 2018
Apple CEO Tim Cook is in Shanghai in possible PR move after Bloomberg Businessweek’s spy chip yarn – October 9, 2018
One of Bloomberg’s sources told them Chinese spy chip story ‘didn’t make sense’ – October 9, 2018
Apple suppliers took an $18 billion stock hit after Bloomberg’s disputed China hacking report – October 5, 2018
UK cyber security agency backs Apple, Amazon China hack denials – October 5, 2018
Apple official statement: What Bloomberg Businessweek got wrong about Apple – October 5, 2018
Apple strongly disputes Bloomberg BusinessWeek report that Chinese ‘spy’ chips were found in iCloud servers – October 4, 2018

15 Comments

  1. “You don’t put out a public statement like Apple’s unless you’re damn sure the report is wrong. We can’t wait to find out how Bloomberg Businessweek‘s story was vetted, how it got published, and to hear the publication’s official explanation (if we ever do).”

    With the resources Apple has, it can and will whitewash anything to protect its reputation. Bloomberg, with a fraction of the resources to protect its reputation, would not likely publish a claim unless it had some evidence to support it.

    Apple Said They haven’t found evidence to support Bloomberg’s claim. Apple DID NOT have evidence to disprove Bloomberg’s claim.

    Before rushing to judgement, how about getting all the data, shall we?

    Do you or do you not think known IP thieves in China haven’t tried to gain illegitimate access to computing chips sold in the USA? Why or why not? Trump claimed so in his campaign rhetoric. It is uncharacteristic of MDN to pivot away from the Trump narrative. Evidence please.

    1. It is not on Apple and Amazon, et al, to prove that hardware tampering could not possibly ever take place.

      It is on Bloomberg to prove that some tampering did in fact take place.

      Some really dodgy things about the story have come to light in the last week, if you’ve followed it. Such as interviews with one of the few named sources in the article, the hardware security consultant.

      For example, he said one of the authors has been talking to him for a year trying to understand the hypothetical and theoretical way a hardware hack might occur and what it would look like.

      The named consultant is very uncomfortable now: the hypotheticals that he gave, and the image he supplied as an example, turn out, low and behold, to be exactly what allegedly came to pass and what the unnamed sources have allegedly confirmed. What a coincidence.

  2. For a less politicized view on this affair, CNET reports:

    https://www.cnet.com/news/apple-amazon-deny-report-that-chinese-spy-chips-infiltrated-their-hardware/

    “The Bloomberg story noted that “six current and former senior national security officials” — members of both the Obama and Trump administrations — offered details of the discovery of the chips and a government investigation into the matter.

    “We stand by our story and are confident in our reporting and sources,” a Bloomberg News spokesperson said in a statement provided to CNET.

    Four of the US government officials and three Apple insiders reportedly confirmed the company fell victim to the chips, while one official and two people in AWS reportedly offered information on how it impacted Amazon, according to the Bloomberg story. Amazon cooperated with a US government investigation, according to two of the people cited in the story.

    The report says 17 people confirmed that Super Micro’s hardware was “manipulated.” The sources weren’t named because the information was sensitive and, in some cases classified, the story said.”

    The companies affected all immediately went on PR campaigns that essentially come down to, “We’re big and rich, and we don’t know about that, so end of story”.

    I doubt Bloomberg has the chips in question in their possession, but employees at Apple, Amazon, or SuperMicro probably do. It’s only a matter of time before more details become public. Whenever dealing with a powerful policially connected individual or corporation, a whistle blower has to be prepared to be attacked mercilessly from all directions. The sources Bloomberg used for the story are wise to remain anonymous for now.

    1. Companies may have gone on PR campaigns because they’re “big and rich” but also because they didn’t want Bloomberg to control a false narrative. What else would you do if you were falsely accused? If you are silent, then that is considered an admission of guilt, if you defend yourself, then that is seen as a cover-up. If there were something going on, I don’t see Apple being so unequivocal in there denials, because there will be heck to pay if Apple is found out.

      1. Cook has been silent on practically every other late delivery and poor quality issue Apple has had on his watch. Shitty keyboards, thermally constrained computers across the board, inability to make Air Power, whay doesnt Apple explain themselves on those bungles?

      2. When you are accused of something you did not do, you aid in the investigation to ensure the full truth is revealed. Any company/person who instantly goes on the attack against a whistle blower is highly suspect. It will take time to fully understand all the details but all the people who rush to judgement are exposing their own biases.

        Given that Amazon and Google have enlisted the Chinese to make home spies for consumers, it isn’t far fetched to imagine that the Chinese and other countries have embedded such things into consumer products and cloud servers. No public company would ever admit to it if they knew, Google covered up their known Google + breach for 3 years. Why do people think Amazon or Apple would disclose anything publicly? Apple has blackballed SuperMicro, what for? Apple doesn’t want to say. It’s going to take more time to know all the facts. Let it play out instead of playing corporate cheerleader and throwing all journalists under the bus. Without journalism, Google + would still be leaking private data.

  3. While the Apple online defense press pushes on, let’s be clear: companies have not disproven the story, nor have Bloomberg’s sources made themselves known, or produced evidence of tampering. So I await the full facts before letting either party off the hook. MDN and its minions apparently want to debunk a complex issue in 10 minutes.

    By the way, Rob Joyce as an NSA spook (an organization that MDN formerly detested) probably has good incentive to cover up the fact that adding surveillance chips is something every nation now does. He certainly doesn’t want the funders of his speaking engagements to dry up. But he has littleto add on this specific subject because he’s not worked for Apple or Amazon or Supermicro. He worked in the Trump administration for a grand total of 6 weeks as Homeland Security Advisor and is more known for elaborate xmas light shows than anything to do with Supermicro chips.

  4. I’m sorry, but fully half the nation now believes, in totality, that the mere idea an accusation has been made, it’s incontrovertible truth. “Guilty until proven innocent” IS the New Norm.

  5. The Bloomberg story is vaguely sourced, contains unproven allegations, is unverified, and uses weasel words so it sounds like a bureaucrat, not a newspaper, wrote it.

    I suspect that the story is a plant, and I suspect a spy agency such as the CIA or CIA-affiliated entity planted it.

    The defenders of that story demand that skeptics produce evidence to disprove it when, rationally, it’s not up to skeptics to disprove it; It’s up to the author(s) who originated it, as well as its defenders, to prove it.

Leave a Reply to MacBram Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.