New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Apple CEO Tim Cook Calls on Bloomberg to Retract Supply Chain Hack Story: 'There's No Truth to This'

For the first time since Bloomberg published a highly controversial story suggesting Chinese spies planted microchips in Supermicro server motherboards Apple used in its iCloud facilities, Apple CEO Tim Cook has gone on the record to vehemently deny the claims.

In an interview with BuzzFeed News, Cook said there is "no truth" to the story about Apple, before making the unprecedented move of calling on Bloomberg to publish a retraction.


Since the report went live earlier this month, Apple has refuted Bloomberg's claims in multiple clearly worded statements denying such an incident ever took place. Apple maintains that the story is "completely untrue," malicious chips were never found in its servers, and there was never an FBI investigation into the incident.

Bloomberg has continued to stand by its original report, which, based on info obtained from 17 unnamed sources, said that Apple, Amazon, and other tech companies had purchased and installed Supermicro servers that had been tampered with by the Chinese government. Small chips were allegedly implanted into server motherboards, allowing China to access corporate secrets and other information.

Apple did have an issue with Supermicro servers that led to the company dropping Supermicro as a supplier, but the relationship ended after malware was discovered on a single server in an incident unrelated to Bloomberg's claims.

According to Apple CEO Tim Cook, though he only spoke out publicly about the Bloomberg story this week, he's been involved in Apple's response "from the beginning."
"I personally talked to the Bloomberg reporters along with Bruce Sewell who was then our general counsel. We were very clear with them that this did not happen, and answered all their questions," said Cook. "Each time they brought this up to us, the story changed and each time we investigated we found nothing."
Cook went on to say that Bloomberg failed to provide Apple with specific details about the malicious chips the company supposedly found and removed, and that Bloomberg's claims are based on "vague secondhand accounts." Cook told BuzzFeed that Apple did a deep search through all of its documentation and could find zero evidence of malicious chips or an FBI investigation.
"We turned the company upside down," Cook said. "Email searches, data center records, financial records, shipment records. We really forensically whipped through the company to dig very deep and each time we came back to the same conclusion: This did not happen. There's no truth to this."
As BuzzFeed points out, Apple has never publicly called for a retraction of a story before, even in instances where incorrect information was published. Following Cook's discussion with BuzzFeed, the site again contacted Bloomberg, and Bloomberg once again refused to budge.
"Bloomberg Businessweek's investigation is the result of more than a year of reporting, during which we conducted more than 100 interviews," a spokesperson told BuzzFeed News in response to a series of questions. "Seventeen individual sources, including government officials and insiders at the companies, confirmed the manipulation of hardware and other elements of the attacks. We also published three companies' full statements, as well as a statement from China's Ministry of Foreign Affairs. We stand by our story and are confident in our reporting and sources."
Along with multiple strongly worded denials from Apple, including one to Congress, several other sources and government agencies have supported Apple's claims that the information shared in Bloomberg's story is false.

The UK's Cyber Security Agency, the Department of Homeland Security, former FBI general counsel James Baker, and NSA Senior Advisor Rob Joyce have all questioned the veracity of Bloomberg's claims and have denied knowledge of such an investigation.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.



Top Rated Comments

(View all)

4 weeks ago
This is getting a little bit weird. For Tim to call for a retraction suggests the article must have hit on a core value of the company.

I would guess it has to do with customer privacy and customer trust, where if Apple was the victim of a malicious actor like this and then covered it up, customer data could have been stolen without acknowledgment.

That Bloomberg refuses to stand down is a pretty serious statement from that news organization. I’ve worked with their reporters before and they are professionals.

So I am surprised by this situation where Apple has ratchets it up as far as it can go and Bloomberg has not backed down or released additional information to support the claim.

Very strange situation.
Rating: 40 Votes
4 weeks ago
Bloomberg reported on weak iPhone X sales last year and they never apologized for being wrong. Don’t bank on this either, Tim.
Rating: 28 Votes
4 weeks ago
Fake news.

Good on Tim.
Rating: 26 Votes
4 weeks ago

Bloomberg reported on weak iPhone X sales last year and they never apologized for being wrong. Don’t bank on this either, Tim.


Bloomberg is poor journalism.
Rating: 22 Votes
4 weeks ago

Fake news.

Good on Tim.


If someone wrote some false things about my company, I would be suing, not asking politely for a retraction.

Why is Tim afraid to sue?
Rating: 20 Votes
4 weeks ago

Fake news.

Good on Tim.

What would happen if it wasn't? Not saying its real but saying WHAT IF...? Something is definitely fishy here but which side it is will only be known in about 10-20 years :D
Rating: 19 Votes
4 weeks ago
It seems like they have two choices:

1. Issue a retraction, save some face and try to limp away from this with other stories

Or

2. Become the de-facto news source for tech conspiracists while losing credibility with the vast majority
Rating: 18 Votes
4 weeks ago

Can you elaborate on the specifics that Bloomberg provided? It’s been a while since I read the story but I remember feeling like it was extremely dumbed down on the technical details for the readership.


You're right, I take that back.

Joe Fitzpatrick is the technical expert named in the Bloomberg article. In an interview ('https://risky.biz/RB517_feature/') he pointed out that Bloomberg consulted with him about how this could be done and so he speculated how he would do it. Later when the article was published, he was surprised to see that "how it happened" was exactly how he said he would have done it, to the letter. Here is a partial transcript (emphasis is mine):

FITZPATRICK: But what really struck me is that like all the details that were even remotely technical, seemed like they had been lifted from from the conversations I had about theoretically how hardware implants work and how the devices I was making to show off at Black Hat two years ago worked.

GRAY: So I guess what you are saying here is, the report, I mean all of the technical details of the report, you’d covered that ground with that reporter.

FITZPATRICK: Yeah, I had conversations about all the technical details and various contexts. But there are a lot of filters that happen, you know? When I explain hardware things even to software people, I don’t expect people to get it the first time and I don’t expect people to be able to describe it accurately all the time. So there is definitely a lot of telephone exchange happening

GRAY: OK but why did that make you feel uneasy? Could it be the case that you know that the technical things you told him lined up perfectly with the technical things that some of these 17 of the anonymous sources told him?

FITZPATRICK: You know, I’m just Joe. I do this stuff solo. I am building hardware implants for phones to show off at conferences. I’m not a pro at building hardware implants. I don’t work for any nation or any state building and shipping these as products. I feel like I have a good grasp at what’s possible and what’s available and how to do it just from my practice. But it was surprising to me that in a scenario where I would describe these things and then he would go and confirm these and 100 percent of what I described was confirmed by sources.

GRAY: And that’s what he was telling you through this process?

FITZPATRICK: That’s what I read in the article.

GRAY: OK, right. You find that a bit strange? That every single thing you seem to tell him, or a large proportion of what you told him, was then confirmed by his other sources.

FITZPATRICK: Yeah, basically. Either I have excellent foresight or something else is going on.

Personally, I think that Bloomberg took these three things and conflated them together into a story:
[LIST=1]
* Apple replaced SuperMicro servers. Apple confirmed this but said it was due to driver problems.
* Apple found a single SuperMicro server that had been compromised, but this was in an isolated lab during their normal testing, and it was compromised in a different way. (Firmware if I recall correctly, not hardware.)
* Joe Fitzpatrick told how a hardware hack could be done in theory.

My belief is that Bloomberg applied #3's technical details to #1 and #2.
Rating: 16 Votes
4 weeks ago
They should own the mistake and we all can move on
Rating: 16 Votes
4 weeks ago

Bloomberg is poor journalism.


Agree, and had that opinion before the Apple issue surfaced.
Rating: 11 Votes

[ Read All Comments ]