Ask HN: Did the Bloomberg's story “The Big Hack” happen?
In 2018 bloomberg posted an article[0] revealing how China infiltrated america's top companies hardware with micro chips. Most of the companies named in the article denied it and called for retraction, Apple even wrote a letter to congress. But bloomberg still sticks to the story.
What really happened?
[0] https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies Probably not. There's just too much that stinks about the story. As you mentioned, every company which was supposed to be involved has categorically denied Bloomberg's claims, some of those claims are suspiciously similar to material provided to them by sources as theoretical examples (like the suggestion that analog filters could conceal implanted logic), and Bloomberg never made any further attempts to substantiate their story. Yes of course. Back in the mid to late 2000's there was another big hack, known then as the "Manchurian Microchip" hack, which resulted in Chinese penetration of many US national security projects including the F-22. It's very difficult to find good information about this anymore, thanks to a raft of fiction produced with the same name "coincidentally" around the same time. I'm still wondering why they weren't sued. Some of the companies named had a massive drop in their share price. What do you really get out of a lawsuit like that though? Presumably you don't want anyone else to write such dramatic claims with such flimsy information in the future... but that's already a thing. I think most news orgs who are aware of the Bloomberg chip story would not want to reproduce those results as far as egg on their face and etc. I don't think we truly know. I'd bet on the story being not accurate, but I'm unsure to what degree: Did Bloomberg eat some total fabrication? The method described seemed questionable, but variations on it could be possible and be easily in the realm of "reporter doesn't understand source". Did something happen, was caught earlier and embellished (on the way to the journalists, or by the journalists?) and Bloomberg doesn't want to admit they didn't validate that properly? To my knowledge Bloomberg has not given any further statements about this, which IMHO doesn't look good. Neither is there any third-party information outside the denials, which also could be inaccurate or hiding behind technicalities. Given that it was just revealed that Apple was working on secret project that no high level executive knew about, it's very likely the story was true and was hidden from top tech execs. https://tidbits.com/2020/08/17/the-case-of-the-top-secret-ip... I'm having a hard time seeing the connection. Why would the fact that Apple engineers participated in a secret project for the government once mean anything with regard to this story? (Note that the iPod project wasn't even "hidden from top tech execs". It was approved by top executives at the time, including the SVP of Hardware.) I believe at least some part of the story must be true, because nothing else seems to justify the seemingly-coordinated push-back against the story and anyone who didn't want to just accept the claims of falsification. I can't recall seeing that kind of reaction to any story before or since. e: I take it back, the unanimous denials of PRISM "direct access" felt very similarly-coordinated to the Big Hack denials: https://www.buzzfeednews.com/article/jwherrman/direct-access... > nothing else seems to justify the seemingly-coordinated push-back against the story Uh... other than the reputational damage to the companies named in the story? A claim that Amazon's servers were actually compromised by China would have a significant impact on their cloud business. Ditto for any of the other companies (allegedly) involved. Yeah, that doesn’t make sense to me as justification for the existence of the story. DISCLAIMER: This is entirely uninformed speculation. I have no inside information, nor any particular depth of knowledge in the subject. Please seek more qualified sources for discourse at a higher level than "Thanksgiving dinner political talk". This is the best summary of issues I've seen: https://www.servethehome.com/investigating-implausible-bloom... There are so many technical problems with Bloomberg's article that I find it hard to take it at face value. Beyond technical issues, the graphics belie the lack of editorial oversight: the image of a penny with a chip next to it is labeled as "[m]icrochips found on altered motherboards in some cases looked like signal conditioning couplers", but the chip shown is not a signal conditioning coupler. It appears to be an artist's conception based on a google image search for "signal conditioning coupler".[0] This is not the sort of ambiguity one expects in a well-vetted piece. And further absurdity is this circular reference in a follow-up article[1] they published: >In response to the Bloomberg Businessweek story, the Norwegian National Security Authority said last week that it had been "aware of an issue" connected to Supermicro products since June. Trond Ovstedal, a spokesman for the agency, later added to that statement, saying the agency was alerted to the concerns by someone who had heard of them via Bloomberg's news gathering efforts. In its initial statement, the authority couldn’t confirm the details of Bloomberg's reporting, but said that it has recently been in dialogue with partners over the issue. It's a game of telephone: ---- Bloomberg to 'A': could you tell us about <story>? 'A' to 'B': I was talking to Bloomberg about <story> recently. 'B' to government: I heard about <story>. Government to Bloomberg: Yes, we have heard about <story>. Bloomberg to readers: Government confirmed they independently knew about <story>! ---- All of this makes me suspect that (a) relatively minor event(s) were misinterpreted by the authors as evidence of a widespread attack. I do not doubt that intelligence agencies interdict hardware and add backdoors (Snowden amply demonstrated that the NSA does this -- even without cooperation from any manufacturer). But I also would not be surprised if Bloomberg confused an Amazon red team/blue team exercise for the real thing, or confused an internal report on the hypothetical risk of supply chain compromise for some real event. [0]: https://twitter.com/marcan42/status/1047935859020902400 [1]: https://www.bloomberg.com/news/articles/2018-10-09/new-evide... This is the big concern behind Intel Management Engine. I personally don't trust it one bit. It's a closed source blob that's been exploited before: [1] https://www.trendmicro.com/en_us/research/17/k/mitigating-cv...