Last week, I wrote about Bloomberg Businessweek’s big story claiming that servers from the company Super Micro used by Apple, Amazon, and others had hardware modifications made to their motherboards. These reported modifications were supposedly made by hackers from the Chinese military, and the tiny added chips would make the servers vulnerable to hacking by opening backdoors for other servers to get trusted access or to inject code remotely. Bloomberg cited multiple sources from the US Intelligence community, from Amazon, and even three from within Apple.
It is one thing when a blog leaks something on the word of an anonymous source. It’s is quite another when a reputable publication does it on the word of several sources. Based on Bloomberg’s reputation, you would think that there has to be something to this report, right? I did at first.
Maybe not. One of the most notable aspects of this story is the strong denials issued by Super Micro, Amazon and Apple. Maybe the first two aren’t that surprising, but Apple speaking out quickly and publicly was. They are famous for ignoring controversies and avoiding public comment on outside reports involving them if at all possible. An immediate public comment is definitely out of the ordinary, and it piqued my interest when I saw it.
That gets to the next point of interest. Bloomberg actually published the denials from Super Micro, Amazon, and Apple in their article. That tells me that they have a very high level of confidence in their sources and their story. There is no way Bloomberg would go this far if they didn’t feel like they are vindicating themselves, rather than pointing the finger at possible mistakes.
Going back to Apple, the company immediately issuing a denial of Bloomberg’s report is not the only thing worth noting. The strength of that denial is very important.
“On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server.”
This kind of absolute, blanket denial is rare for a publicly-traded company because it gives them no wiggle room later on. Why is that important? If the statements prove to be incorrect, they would get Apple in trouble with regulatory organizations like the FTC. As a public company, they have to serve their shareholders and be mindful of the impact of their words on global markets. Issuing a blanket denial and being wrong would open Apple up to fines and lawsuits. Knowingly issuing a false denial would really put Apple in the crosshairs. Apple PR knows this, and would not release such a statement if they weren’t absolutely sure that they were right.
So, we have Bloomberg on one side with enough confidence in their sources and story that they published the denials right in their article. We have Apple on the other side, releasing a public statement that could get them fined or sued if they are wrong or lying. Something’s got to give.
A new wrinkle came yesterday, as the US Department of Homeland Security issued a statement on the matter. In their own words:
“The Department of Homeland Security is aware of the media reports of a technology supply chain compromise. Like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story. Information and communications technology supply chain security is core to DHS’s cybersecurity mission and we are committed to the security and integrity of the technology on which Americans and others around the world increasingly rely.”
So now two governmental security organizations have come out on the side of Apple, Amazon, and Super Micro. I can’t help but think that these statements from the DHS and NCSC shift this story into the favor of the companies above, and put Bloomberg on notice. Just as Apple would be in trouble if they mislead investors, if this story proves to be false, you can bet that Bloomberg will end up in court over it. Super Micro and other suppliers have already had their stock prices affected since the story ran last week, so there is real money on the line now They would absolutely have grounds for legal action, even if Bloomberg believed that their sources were correct when they ran the story.
I think the high stakes are what makes this story so unique. Rumors are nothing new in the tech industry, but it is very rare for companies to step so far out onto the ledge as what we see here. Both Apple and Bloomberg have made statements that open them up to legal and regulatory issues, and the way things look right now, there’s no way both of them can be right. One of these companies is going to end up on the wrong side of this story, and there will be real consequences for it. A few days ago, I was leaning toward thinking there was something to this Bloomberg report, but today, my money is on Apple.