Well one can definitely say that the people at Bloomberg don’t doubt their story. Is it at all possible that higher ups making statements from Apple or Amazon didn’t know? Even if so, I don’t see any way for some sides credibility to not be severely harmed by the end of this.
And Facebook now enters the fray, saying there was an attack (though doesn’t seem to be claiming they were effected by the chip in previous article?)
Edit - I read the dates of the articles wrong, and thought this was a new one this morning. It was posted alongside the original story, but main point of comment still stands so keeping it up.
Their account seems pretty solid and the story itself I think is less incredible than what Snowden leaked: a password check bypass on the hardware remote access systems is all they need basically.
Is it possible that only lower level Apple/Amazon employees were involved in the investigation and that they are forbidden from telling anyone else, even senior legal executives?
But they don't, they explicitly mentioned they are not under a gag order, which is the first thing you are forbidden to mention when you are gagged. That is the reason why "warrant canaries" exist.
I think what GP was suggesting is that lower level employees might be under individual gag order, keeping them from ever reporting the incident to their higher ups (including those responsible for the warrant canary).
The Norwegian national security agency has confirmed that they were aware of the allegations against SuperMicro since June, but they won't confirm if it's true (nor are they denying it) and they noted that they are also aware that Amazon/Apple are denying it.
As for why Apple/Amazon are denying it I wonder if it's because they don't want to burn bridges. If they confirm the allegations, how would that play out in the Chinese business world?
Well, all of the above mentioned want a slice of Chinese pie.
I'd say that market linkage in between China and USA in tech was just beginning to heal up after the credit crisis, but before that Chinese companies were rather wary of going to USA because it is expensive and risky market to enter, and instead chose easier markets for overseas expansion.
As any hope of rapprochement is now done for, they will revert to their old ways.
Comrades from AS4134 must be now scrambling everybody and everything into damage control mode. I think they firmly believed that they had an impenetrable cover.
> “In 2015, we were made aware of malicious manipulation of software related to Supermicro hardware from industry partners through our threat intelligence industry sharing programs,” Facebook said in an emailed statement. “While Facebook has purchased a limited number of Supermicro hardware for testing purposes confined to our labs, our investigations reveal that it has not been used in production, and we are in the process of removing them.”
Facebook confirmed this happened. But looks like Apple and Amazon are denying it.
This article just refers to some firmware vulnerabilities from Apple back in 2015, which is nothing uncommon, and Apple had taken proper measures to mitigate that. Besides it has nothing to do with China's attack.
And Facebook now enters the fray, saying there was an attack (though doesn’t seem to be claiming they were effected by the chip in previous article?)
Edit - I read the dates of the articles wrong, and thought this was a new one this morning. It was posted alongside the original story, but main point of comment still stands so keeping it up.