By John Gruber
WorkOS: APIs to ship SSO, SCIM, FGA, and User Management in minutes. Check out their launch week.
“Pink hat lady” was one of the most-noted rioters in the January 6 Capitol insurrection mob. The New Yorker’s Ronan Farrow identified her, and got her to speak for an extensive interview:
Before the pandemic, Rachel Powell, a forty-year-old mother of eight from western Pennsylvania, sold cheese and yogurt at local farmers’ markets and used Facebook mostly to discuss yoga, organic food, and her children’s baseball games. But, last year, Powell began to post more frequently, embracing more extreme political views. Her interests grew to include conspiracy theories about covid-19 and the results of the Presidential election, filtered through such figures as Donald Trump, Rudy Giuliani, and the Infowars founder Alex Jones. On May 3, 2020, Powell wrote on Facebook, “One good thing about this whole CV crisis is that I suddenly feel very patriotic.” Expressing outrage at the restrictions that accompanied the pandemic, she wrote, “It isn’t to late to wake up, say no, and restore freedoms.” Several days later, she posted a distraught seven-minute video, shot outside a local gym that had been closed. “Police need to see there’s people that are citizens that are not afraid of you guys showing up in your masks. We’re going to be here banded together, and we’re not afraid of you,” she said. “Maybe they should be a little bit afraid.”
On January 6th, during the storming of the United States Capitol, Powell made good on that threat. Videos show her, wearing a pink hat and sunglasses, using a battering ram to smash a window and a bullhorn to issue orders. “People should probably coördinate together if you’re going to take this building,” she called out, leaning through a shattered window and addressing a group of rioters already inside. “We got another window to break to make in-and-out easy.”
It’s a fascinating interview. But what jumps out, electrically, is the role Facebook clearly played in Powell’s radicalization.
Matt Tait, in a thread on Twitter, deconstructed today’s Bloomberg follow-up to “The Big Hack” in exquisite detail. The whole thread is worth your attention. The gist of it:
FWIW, my money is on this whole saga being, if you dig deeply enough, just briefings related to the 2016 Supermicro bad firmware update incident filtered through so many games of telephone that it’s eventually twisted itself into a story about tiny chips that never happened. […]
This story is too big, and the refutations too blunt and too numerous to support on this level of third- and fourth-hand sourcing. If they have documents: go for it. Make fools of Apple, Amazon, FBI, NSA, DHS and ODNI by publishing them. Otherwise, this story should not have run.
Bingo. And there’s still nothing — nothing — that refutes the argument that the original 2018 story should be entirely, or at least largely, retracted.
Bloomberg’s Michael Riley, co-reporter of “The Big Hack”, on 5 October 2018, just after the original report was published:
That’s the unique thing about this attack. Although details have been very tightly held, there is physical evidence out there in the world. Now that details are out, it will be hard to keep more from emerging.
He’s 100 percent right — once the details were out, it would have been nearly impossible for more details, including physical evidence (actual secret chips on actual Supermicro components) not to emerge.
If the story were true.
Well, holy shit, two years and four months after publishing “The Big Hack”, Bloomberg has finally followed up. The follow up is even from the same two reporters, Jordan Robertson and Michael Riley.
It’s a 4,000-word exercise in journalistic sophistry. It creates the illusion of something being there, but there is nothing there. The only good purpose this report could serve is as source material for a class on critical thinking. Bloomberg headlined this followup “The Long Hack: How China Exploited a U.S. Tech Supplier”, but it’s looking ever more like a long con on Bloomberg’s part.
The original story’s key allegations — what made it a blockbuster — were that Chinese government operatives had surreptitiously added “phone home” chips to server components made by a company named Supermicro, and that Apple and Amazon were among the companies who’d been breached by these compromised servers. Apple and Amazon adamantly refuted the entire story, in unambiguous language. Bloomberg’s original report offered no firsthand evidence of these compromised servers. In the years since, no one has ever discovered any evidence of such compromised servers.
Today’s follow-up from Bloomberg offers no evidence either.
Regarding Apple and Amazon, today’s report offers the following (again, in a 4,000+ word story):
Bloomberg Businessweek first reported on China’s meddling with Supermicro products in October 2018, in an article that focused on accounts of added malicious chips found on server motherboards in 2015. That story said Apple Inc. and Amazon.com Inc. had discovered the chips on equipment they’d purchased. Supermicro, Apple and Amazon publicly called for a retraction. U.S. government officials also disputed the article.
No other paragraph in the story mentions either Apple or Amazon. Bloomberg still hasn’t retracted their allegations regarding Apple or Amazon. Yet they still haven’t produced one shred of evidence supporting their allegations. Apple and Amazon aside, they still haven’t produced one shred of evidence regarding these surreptitious “phone home” chips on Supermicro components.
Shameful.