Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Sunday, 04 August 2019 17:50

Ten months on, Bloomberg still mum on Supermicro supply chain yarn

Ten months on, Bloomberg still mum on Supermicro supply chain yarn Image by axonite from Pixabay

Ten months ago, the American news agency Bloomberg published a sensational story claiming that Chinese spies had corrupted the tech supply chain and installed small chips on motherboards which were supplied to the American company Supermicro Computer. Despite being met by a storm of denial, the likes of which is rarely seen, Bloomberg has neither retracted nor corrected the yarn till today.

More importantly, the story highlighted the ability of so-called respectable media organs to cast aspersions on any Tom, Dick or Harry, and get away scot-free with no penalty at all.

The story named Apple, Amazon, the US Department of Defence and data processors for the CIA as being among those who had been using servers with these chips, which had been destroyed after being discovered.

Denials came thick and fast after the story surfaced on 4 October 2018; there were strong denials from Apple and Amazon, and the tale was also contradicted by the US Department of Homeland Security and the British National Cyber Security Centre.

The blowback did not end there; a senior Apple security official took the unusual step of writing to the US Congress directly saying there was no evidence to back Bloomberg's claims while a former general counsel of the company said he had asked the FBI about the charges and been told that the agency knew nothing about it.

In the normal course of things, when a big story like this breaks, major outlets do their own digging, get hold of their own sources, and come out with variants of the story. But remarkably, in the case of this Bloomberg blast, nobody could corroborate even an iota of what was claimed.

Bloomberg showed no contrition. Its response was to run another story on 10 October, by the same reporters, claiming that a big US telecommunications had been hit by hardware tampering, once again products sold by Supermicro.

There was good reason for the reaction to the supply chain yarn; had the story gained legs, there would have been a massive veil of suspicion over the entire tech supply chain that produces a major part of the world's hardware. Additionally, the claims came at a time when the US-China trade war, now a full-blown tilt, was brewing.

Apple and Amazon did not stop with their initial denials; there were calls from Apple chief executive Tim Cook and Amazon Web Services chief executive Andy Jassy for Bloomberg to admit its mistake and retract the story.

Bloomberg reporters Jordan Robertson and Michael Riley, who filed the sensational story, have form in this regard; as British security consultant Kevin Beaumont pointed out the pair put out a story some years ago claiming that the US Government had prior knowledge of the Heartbleed bug, a serious vulnerability in OpenSSL, before it was announced.

And, added Beaumont, who was among the first techies to raise suspicion about the veracity of the Bloomberg claims, they never reacted when the story was denied.

But there were others who were taken in by the story and caught out. Australian Patrick Gray, who has been producing a security podcast for more than a decade, claimed that one of his sources had confirmed the Bloomberg claims with photos, and promptly put out a "special edition" of his podcast.

Alas, it turned out to be an embarrassment, for he had to retract those claims a few days later, when the source, whom he said he had known for 15 years, changed his/her tune and said the photos were from different equipment.

iTWire asked Gray earlier this week whether he had checked any other leads provided by the same source to see if they too were dubious. He responded: "I had never used unverified information from that source before and I haven't since. I retracted my repetition of the source's claims approximately 16 hours after I first published it."

Gray put the boot into that source, writing, "So basically that source’s credibility with me is pretty shot right now, and the best I can do is retract my repetition of the source’s claim that they had verified backdoors in the Supermicro equipment."

But for every person like him, who offers an honest rebuttal, there are plenty of people like Riley and Robertson, both of whom now seem to have disappeared from the US media scrum.

While the Bloomberg story was perhaps the worst example of propaganda being used to affect a particular vendor and country, there have been plenty of plants in the US media, most alleging this, that or the other against Chinese telecommunications equipment vendor Huawei Technologies.

US media have also lent their considerable clout to blackballing Russian security firm Kaspersky and ensuring that the company lost whatever public sector business it had in the US.

The last that was heard of the Bloomberg story was in November last year, when the Washington Post reported that another reporter from Bloomberg, Ben Elgin, was making inquiries from Apple, seeking discreet information about what his own colleagues had reported.

According to the Post, Elgin wrote to one employee at Apple on 19 November, saying, "My colleagues’ story from last month (Super Micro) has sparked a lot of pushback. I’ve been asked to join the research effort here to do more digging on this … and I would value hearing your thoughts (whatever they may be) and guidance, as I get my bearings.”

But it looks like Elgin's investigations are not going to be put out in the public domain; eight months have gone by and there has not been even a peep from Bloomberg.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments