By John Gruber
Jiiiii — Free to download, unlock your anime-watching-superpowers today!
Apple Newsroom has just published an even stronger denial of Bloomberg Businessweek’s “The Big Hack” story:
Apple has always believed in being transparent about the ways we handle and protect data. If there were ever such an event as Bloomberg News has claimed, we would be forthcoming about it and we would work closely with law enforcement. Apple engineers conduct regular and rigorous security screenings to ensure that our systems are safe. We know that security is an endless race and that’s why we constantly fortify our systems against increasingly sophisticated hackers and cybercriminals who want to steal our data. […]
Finally, in response to questions we have received from other news organizations since Businessweek published its story, we are not under any kind of gag order or other confidentiality obligations.
They’re defending both the security of their data center servers and the integrity of their public statements.
In my earlier piece on this story, I forgot to mention one particularly odd tidbit in Bloomberg’s reporting. Bloomberg wrote (italics added):
Three senior insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards. Apple severed ties with Supermicro the following year, for what it described as unrelated reasons. […] Apple made its discovery of suspicious chips inside Supermicro servers around May 2015, after detecting odd network activity and firmware problems, according to a person familiar with the timeline. Two of the senior Apple insiders say the company reported the incident to the FBI but kept details about what it had detected tightly held, even internally.
What sense does it make that Apple discovered a profound security problem in Super Micro motherboards in May 2015, so serious that the company reported it to the FBI, but then didn’t sever ties with Supermicro until at least eight months later? That timeline makes no sense.
Also, what exactly is a “senior insider”? I’ve never seen that phrase before. An odd attribution. This Google search only finds four hits in Bloomberg’s archive — once in 1996, once in 1998, once in January 2018, and this story today. (And Google finds no hits at all for the phrase in their archive of businessweek.com.)
★ Thursday, 4 October 2018