Bloomberg Businessweek this morning published a bombshell story that had all the juicy elements: spying, tech giants, foreign intrigue. According to the report, tiny microchips were found hidden on servers sold to top tech companies and were used for network intrusion. These companies included Amazon, Apple, as well as major banks, and the servers were reportedly made by the manufacturer Super Micro. The authorities have reportedly been secretly looking into this espionage campaign for years.
All of the companies involved in this story denied Bloomberg‘s claims. Perhaps most forceful was Apple, which not only gave a lengthy statement to Bloomberg before publishing, but also just re-published it as a blog post on its own site. “The October 8, 2018 issue of Bloomberg Businessweek incorrectly reports that Apple found ‘malicious chips’ in servers on its network in 2015,” the post says. “As Apple has repeatedly explained to Bloomberg reporters and editors over the past 12 months, there is no truth to these claims.”
In addition to denying the claims, Apple’s post adds some color and further rebuttals that weren’t in its original statement to Bloomberg. Here are some of the important points:
- “Despite numerous discussions across multiple teams and organizations, no one at Apple has ever heard of this investigation. Businessweek has refused to provide us with any information to track down the supposed proceedings or findings. Nor have they demonstrated any understanding of the standard procedures which were supposedly circumvented.”
- “No one from Apple ever reached out to the FBI about anything like this, and we have never heard from the FBI about an investigation of this kind — much less tried to restrict it.”
- “Apple has never found malicious chips in our servers.”
- “Finally, in response to questions we have received from other news organizations since Businessweek published its story, we are not under any kind of gag order or other confidentiality obligations.”
These seem like very clear and frank rebuttals of the report. The article, for example, claims that Apple found suspicious chips in 2015 and reported it to the FBI. The company says this is false. It also clearly states it is not being silenced by any gag orders or other agreements. In short, with such a vigorous denial, we are forced to believe that one of the parties is misinformed.
The forcefulness of Apple’s response stands out. Organizations like Facebook and Twitter are frequently the focus of stories about data mishandling, but their responses are often either calculated and vague or apologetic. Apple, in contrast, is very specific and clear.
A spokesperson for Bloomberg offered me this statement about the magazine’s report:
Bloomberg Businessweek‘s investigation is the result of more than a year of reporting, during which we conducted more than 100 interviews. Seventeen individual sources, including government officials and insiders at the companies, confirmed the manipulation of hardware and other elements of the attacks. We also published three companies’ full statements, as well as a statement from China’s Ministry of Foreign Affairs. We stand by our story and are confident in our reporting and sources.
Given that the news outlet independently confirmed its information, it’s standing by the investigation. We’ll have to see if Apple tries to respond further.