I was going to write about the one-year anniversary of Bloomberg’s “The Big Hack” fiasco, but Nick Heer, writing at his excellent Pixel Envy, has done the job for me:
Unfortunately, a year later, we’re still no closer to
understanding what happened with this story. Bloomberg still
stands by it, but hasn’t published a follow-up story from its
additional reporting. No other news organization has corroborated
the original story in any capacity. After being annihilated after
the story’s publication, Supermicro’s stock has bounced
Most upsetting is that we don’t know the truth here in any
capacity. We don’t know how the story was sourced originally other
than the vague descriptions given about their roles and knowledge.
We don’t know what assumptions were made as Riley and Robertson
almost never quoted their sources. We don’t know anything about
the thirty additional companies — aside from Amazon and Apple —
that were apparently affected, nor if any of the other nine
hundred customers of Supermicro found malicious hardware. We don’t
know what role, if any, Bloomberg’s financial services business
played in the sourcing and publication of this story, since they
were also users of Supermicro servers. We don’t know the truth
of what is either the greatest information security scoop of the
decade or the biggest reporting fuck-up of its type.
What does that say about Bloomberg’s integrity?
As Heer points out, a year ago, co-author Michael Riley himself tweeted, “That’s the unique thing about this attack. Although details have been very tightly held, there is physical evidence out there in the world. Now that details are out, it will be hard to keep more from emerging.”
With not one shred of evidence emerging in a year, it seems very clear that this was, in fact, “the biggest reporting fuck-up of its type”.
And yet Bloomberg stands by it.
★ Monday, 7 October 2019