Apple Newsroom has just published an even stronger denial of Bloomberg Businessweek’s “The Big Hack” story:
Apple has always believed in being transparent about the ways we
handle and protect data. If there were ever such an event as
Bloomberg News has claimed, we would be forthcoming about it and
we would work closely with law enforcement. Apple engineers
conduct regular and rigorous security screenings to ensure that
our systems are safe. We know that security is an endless race and
that’s why we constantly fortify our systems against increasingly
sophisticated hackers and cybercriminals who want to steal our
Finally, in response to questions we have received from other news
organizations since Businessweek published its story, we are not
under any kind of gag order or other confidentiality obligations.
They’re defending both the security of their data center servers and the integrity of their public statements.
In my earlier piece on this story, I forgot to mention one particularly odd tidbit in Bloomberg’s reporting. Bloomberg wrote (italics added):
Three senior insiders at Apple say that in the summer of 2015, it,
too, found malicious chips on Supermicro motherboards. Apple
severed ties with Supermicro the following year, for what it
described as unrelated reasons. […] Apple made its discovery of
suspicious chips inside Supermicro servers around May 2015, after
detecting odd network activity and firmware problems, according to
a person familiar with the timeline. Two of the senior Apple
insiders say the company reported the incident to the FBI but kept
details about what it had detected tightly held, even internally.
What sense does it make that Apple discovered a profound security problem in Super Micro motherboards in May 2015, so serious that the company reported it to the FBI, but then didn’t sever ties with Supermicro until at least eight months later? That timeline makes no sense.
Also, what exactly is a “senior insider”? I’ve never seen that phrase before. An odd attribution. This Google search only finds four hits in Bloomberg’s archive — once in 1996, once in 1998, once in January 2018, and this story today. (And Google finds no hits at all for the phrase in their archive of businessweek.com.)
★ Thursday, 4 October 2018