Final Words and Next Steps
We are at an impasse at this point. In this article, we have shown why the technical details of the Bloomberg alleged hack are inaccurate and/or implausible. These technical details were offered to Bloomberg through anonymous sources, so we have no way of doing further fact-checking. We showed why, even if a chip can be produced and placed it would not work as Bloomberg reports. CEOs such as Tim Cook of Apple and Charles Liang of Supermicro and all of the named companies have said that the reporting was untrue or inaccurate. The three security experts named in the two Bloomberg pieces have expressed reservations about what and how Bloomberg has presented the story.
Bloomberg is standing by their piece, citing 17 sources and over 100 interviews. It seems 9 sources between Apple and Supermicro have contradicting evidence offered by CEOs with a duty to make truthful statements about their companies. There are 2 cited security experts who have reservations, as does the lynchpin expert in the follow-up piece but we do not know if they are included in the tally.
I do not know the editorial team at Bloomberg, but here is a New York Times assessment of this team’s track record in the space:
This seems to be far from an isolated viewpoint on the reporters (e.g. the Robert M. Lee thread.)
The next steps should be clear:
- Bloomberg needs to either present credible and verifiable information to prove this story is true. The hack they presented does not work against the intended targets as we have shown here. There is now enough evidence pointing to systematic discrepancies that the stories cannot stand.
- If Bloomberg cannot present credible information to show how the hack presented is possible, plausible, and did happen, Bloomberg needs to retract the story and investigate how this passed editorial muster and was published.
- Again, there needs to be a formal SEC investigation. Apple, Amazon, and Supermicro have made specific statements calling Bloomberg’s reporting false. Those companies have a duty to make truthful statements to those making investment decisions. Barring Bloomberg’s ability to credibly back up their initially presented hack, the SEC needs to investigate trade histories around each company, and probe for links to Bloomberg’s staff, executives, confidants, and acquaintances to see if there is any nexus between trade activity and what may be a false or misleading story.
- Barring evidence proving the hack as presented, shareholders of Amazon, Apple, and Supermicro should seek remediation from Bloomberg for their loss of value.
- Amazon, Apple, and Supermicro should also seek compensation for their losses since the story has been damaging to their brands.
We are now at the point where this article outlines why the alleged hack is likely not feasible in the manner described in the story. Named external parties have not just given a “no comment” but have criticized the story’s presentation and accuracy. The damage has been done by the article’s publication, and thus, there is a question as to if that damage was inflicted truthfully, or through misrepresentation. Bloomberg has not changed its story in weeks, even after very simple technical aspects, such as the inability of a compromised BMC to communicate externally in sophisticated networks such as AWS and Apple, have been surfaced. There is something strange about this story that warrants an investigation.
If Bloomberg would like to comment beyond standing by its 17 sources and 100 interviews, we will update after this section. I will also offer my time to evaluate their evidence and print a retraction to this story if they can provide verifiable evidence that their story is completely true.