47 stories
·
6 followers

Apple CEO Tim Cook Is Calling For Bloomberg To Retract Its Chinese Spy Chip Story

1 Comment and 2 Shares

"I feel they should retract their story. There is no truth in their story about Apple. They need to do that right thing."

Headshot of John Paczkowski
Headshot of Joseph Bernstein

Last updated on October 19, 2018, at 2:12 p.m. ET

Posted on October 19, 2018, at 1:14 p.m. ET

Apple CEO Tim Cook, in an interview with BuzzFeed News, went on the record for the first time to deny allegations that his company was the victim of a hardware-based attack carried out by the Chinese government. And, in an unprecedented move for the company, he called for a retraction of the story that made this claim.

Earlier this month Bloomberg Businessweek published an investigation alleging Chinese spies had compromised some 30 US companies by implanting malicious chips into Silicon Valley–bound servers during their manufacture in China. The chips, Bloomberg reported, allowed the attackers to create “a stealth doorway” into any network running on a server in which they were embedded. Apple was alleged to be among the companies attacked, and a focal point of the story. According to Bloomberg, the company discovered some sabotaged hardware in 2015, promptly cut ties with the vendor, Supermicro, that supplied it, and reported the incident to the FBI.

Apple, however, has maintained that none of this is true — in a comment to Bloomberg, in a vociferous and detailed company statement, and in a letter to Congress signed by Apple’s vice president of information security, George Stathakopoulos. Meanwhile, Bloomberg has stood steadfastly by its story and even published a follow-up account that furthered the original’s claims.

The result has been an impasse between some of the world’s most powerful corporations and a highly respected news organization, even in the face of questions from Congress. On Thursday evening, an indignant Cook further ratcheted up the tension in response to an inquiry from BuzzFeed News.

“There is no truth in their story about Apple,” Cook told BuzzFeed News in a phone interview. "They need to do that right thing and retract it."

This is an extraordinary statement from Cook and Apple. The company has never previously publicly (though it may have done so privately) called for the retraction of a news story — even in cases where the stories have had major errors or were demonstratively false, such as a This American Life episode that was shown to be fabricated.

Reached for comment, Bloomberg reiterated its previous defense of the story. “Bloomberg Businessweek's investigation is the result of more than a year of reporting, during which we conducted more than 100 interviews,” a spokesperson told BuzzFeed News in response to a series of questions. “Seventeen individual sources, including government officials and insiders at the companies, confirmed the manipulation of hardware and other elements of the attacks. We also published three companies’ full statements, as well as a statement from China’s Ministry of Foreign Affairs. We stand by our story and are confident in our reporting and sources.”

Bloomberg did not answer questions about evidence supporting its allegations or the public remarks of its named sources.



Although they are unusual, Cook’s comments highlight the CEO’s ongoing personal involvement in Apple’s response to the story, and his mounting frustration that the company’s rebuttals to it have been ignored by Bloomberg.

“I was involved in our response to this story from the beginning,” said Cook.

“I personally talked to the Bloomberg reporters along with Bruce Sewell, who was then our general counsel. We were very clear with them that this did not happen, and answered all their questions,” said Cook. “Each time they brought this up to us, the story changed, and each time we investigated we found nothing.”

“This did not happen. There’s no truth to this.”

In addition to disputing the report itself, Cook also took issue with the lack of evidence he said Bloomberg supplied to document its claims. Cook said the reporters never provided Apple with any specific details about the malicious chips it is alleged to have found and removed. He added that he thinks the allegations are undergirded by “vague secondhand accounts.”

“We turned the company upside down,” Cook said. “Email searches, data center records, financial records, shipment records. We really forensically whipped through the company to dig very deep and each time we came back to the same conclusion: This did not happen. There’s no truth to this.”

Asked if a scenario like the one Bloomberg described could occur without him knowing about it, Cook replied, “The likelihood of that is virtually zero.”

Cook’s commentary only furthers a growing sense of intrigue around the story, which has been the subject of ongoing public debate among information security experts and journalists. The piece would have massive global security ramifications if it is indeed accurate. It was published by one of the most respected publications in the world, one thought to have high-level government sources. And yet government security agencies and people who lead them are also puzzled.

The United States Department of Homeland Security, the UK’s National Cyber Security Center, NSA Senior Adviser for Cybersecurity Strategy Rob Joyce, former FBI general counsel James Baker, and US Director of National Intelligence Dan Coats have all said variously that they either have no reason to doubt the denials of the companies mentioned in the Bloomberg story or that they've seen no evidence supporting its claims. And some sources named in the story have raised questions about it and how their remarks were used. One of those sources, hardware security expert Joe Fitzpatrick, told the Risky Business podcast the story “doesn’t make any sense.

One high-ranking national security official told BuzzFeed News that the story has the ring of truth, but stressed that he had no personal knowledge of the investigation detailed by Bloomberg. The official said that there is a highly classified effort in the US government to detect how adversaries implant devices like the one described in the Bloomberg story.

Meanwhile, other publications have been unable to advance or even match Bloomberg’s reporting. And powerful voices from Silicon Valley to DC have publicly and privately questioned the validity of the story. Earlier this month, FBI Director Christopher Wray warned a hearing of the Senate Homeland Security Committee to “be careful what you read” in reference to the report. And a high-ranking executive at a publicly traded tech giant told BuzzFeed News that his company knew the supply chain in question in the Bloomberg story, and that a corporate investigation didn’t turn up any evidence of tampering. “We couldn’t find anything,” he said. “Our assessment is that it didn’t happen.”

Another high-ranking executive at a major Silicon Valley tech company echoed that assessment.

“I'm responsible for supporting many of the organizations that this touched, so this story was a ‘holy shit’ moment for me,” they told BuzzFeed News. “And we went and pulled every possible string — because god forbid something like this happened and you didn't know — and we found nothing.”

Amazon, which along with Apple was a major subject of Bloomberg’s story, issued a similarly vehement denial on the day of its publication, and then went dark. The company has not responded to repeated requests for comment or interviews with CEO Jeff Bezos or general counsel David Zapolsky.

“Please leave us out of this. We weren’t mentioned and I don’t want us to be. I don’t know what the fuck is going on here.”

Meanwhile, companies that might possibly be among the 30 alleged to have been compromised are doing all they can to steer clear of the story. “We investigated and we found nothing,” an executive at one Fortune 50 company told BuzzFeed News. “Please leave us out of this. We weren’t mentioned and I don’t want us to be. I don’t know what the fuck is going on here.”

According to numerous spokespeople and executives in positions to know about internal investigations, the following tech companies and banks are not members of the group of almost 30 that Bloomberg alleges were compromised: Google, Microsoft, IBM, Oracle, Dell, Hewlett Packard, Verizon, Comcast, AT&T, Twitter, Palantir, T-Mobile, Goldman Sachs, and Capital One.

For now, it seems that resolving the mystery around the story would require Bloomberg to open itself up — or be opened up. But moving from a dispute in public to a dispute in court is something none of the companies named in the report have signaled a desire to do.

With additional reporting by Ryan Mac and Kevin Collier

UPDATE

Read the whole story
emilcar
48 days ago
reply
Épica la que se ha liado con este tema.
Murcia (España)
JRBaz
32 days ago
reply
Vitoria-Gasteiz
Share this story
Delete

Como Mac sin cabeza

1 Comment
¿Utilizas un Mac "sin cabeza"? Bueno, reformemos la pregunta.... ¿Utilizas un Mac sin monitor?
Read the whole story
JRBaz
290 days ago
reply
Interesante artículo sobre 'dongles' para simular conexión a un monitor. En el trabajo los usamos con algunos equipos no enracables que necesitan de gestión remota gráfica.
Vitoria-Gasteiz
Share this story
Delete

Time Machine Editor, configura el comportamiento de las copias de seguridad de Time Machine

1 Comment
Time Machine no es que precisamente tenga muchas opciones a la hora de configurar su comportamiento y básicamente "hace las copias de seguridad" y ya está. Con esta utilidad puedes tomar decisiones al respecto de cómo quieres que realice las copias.
Read the whole story
JRBaz
295 days ago
reply
Estaba buscando una interfaz que me permitiera prescindir de la línea de comandos para hacer pruebas más cómodamente. Gran entrada
Vitoria-Gasteiz
Share this story
Delete

Dentro de la Ingeniería del Caos

1 Share
La ingeniería del Caos es la disciplina de experimentar en un sistema distribuido para crear confianza en la capacidad del sistema para soportar condiciones turbulentas en producción.
Read the whole story
JRBaz
296 days ago
reply
Vitoria-Gasteiz
Share this story
Delete

Los cuatro niveles de control del feed

1 Share

El feed es la seña de identidad de un podcast. Es el archivo donde está contenida no solo la relación de episodios sino la definición plena del podcast. Reconociendo el feed como un concepto quizá algo complejo, son muchas las plataformas de podcasting que tratan de hacer un by-pass sobre el feed y no “complicar” al podcaster con su entendimiento y manejo. Sin embargo si optamos por estas opciones fáciles y cómodas estamos cometiendo un terrible error.

Hoy en día existen varias plataformas de podcasting rápido, que proponen vías alternativas para la difusión del contenido, tales como apps propias, redes sociales, widgets html y otros. Sin embargo, para que un podcast crezca tiene que llegar al mayor número de usuarios posible y ello sólo se puede conseguir si tenemos un feed, y si además tenemos el control del mismo.

¿Y qué es mantener el control del feed? Tal cual si habláramos de los niveles de conducción autónoma (algo muy de moda en estos días), existen varios niveles, digamos CUATRO:

  1. PRIMER NIVEL: Conozco el feed, mi plataforma de podcasting me lo facilita y yo me encargo de su distribución a Apple Podcasts y a otras plataformas de difusión de podcasts. Un ejemplo de esto sería el feed que nos da iVoox.
  2. SEGUNDO NIVEL: incluye el primer nivel y además cierta capacidad de personalización, pudiendo determinar las categorías específicas de Apple Podcasts y/o Google Play, así como algún otro parámetro. El feed de SoundCloud es un feed de segundo nivel.
  3. TERCER NIVEL: incluye los otros dos; es un feed que nos ofrece nuestra plataforma de podcasting pero en el que tenemos control pleno de todos los parámetros del feed, incluido específicamente un campo de redirección del feed para llegado el caso poder migrar a otra plataforma. Spreaker es un ejemplo de tercer nivel.
  4. CUARTO NIVEL: es el control TOTAL, cuando hacemos nuestro feed a mano con un editor de texto o código (partiendo de una plantilla como la que ofrece Apple), o usando alguna aplicación como por ejemplo Feeder 3 para Mac. Hospedamos el feed en nuestro hosting sin depender de ninguna plataforma, ni siquiera un WordPress hospedado por nosotros mismos.

Durante mucho tiempo yo he optado por un CUARTO NIVEL usando la citada aplicación Feeder 3, pero desde hace un año aproximadamente descendí al TERCER NIVEL, toda vez que Spreaker lo ofrece y es la plataforma de podcasting donde hospedo los podcasts de mi red. Hay muchas cosas que echo de menos del cuarto nivel, como por ejemplo que los títulos de cada episodio enlacen al artículo en emilcar.fm del episodio en lugar de a la página de Spreaker del episodio. Otra diferencia es que Spreaker de momento no permite HTML en las notas del episodio, lo cual dificulta muchísimo la incorporación de enlaces, siendo esta  una característica que espero incorporen en 2018.

Aunque lo que he perdido con el cambio de nivel es importante, el automatismo de poder publicar directamente en Spreaker cualquier episodio de cualquiera de mis podcasts (incluso en movilidad) y que llegue inmediatamente a todos los oyentes supone una ventaja indudable a la que no quiero renunciar. Por no hablar del ahorro en tiempo que suponer no tener que gestionar a mano el feed de 20 podcasts.

Aun así, no es el feed de Spreaker el que divulgo, sino una redirección a través de FeedPress. Aunque la necesidad de redirección puntual queda cubierta por Spreaker, FeedPress me ofrece una capa adicional de estadísticas y me comunica el número de suscriptores, una cifra que si bien no es un dato tan significativo como lo fuera en otros tiempos, es algo interesante de manejar, aunque sólo sea para romperte la cabeza comparando el número de suscriptores con el de descargas reales 😉

¿Y por qué desde el principio? A nadie escapa que Apple Podcasts es hoy por hoy el principal portal de podcasts, no sólo por los usuarios de iOS y macOS que lo usan para descargar sus podcasts favoritos sino porque todas, repito, TODAS las aplicaciones para escuchar podcasts del MUNDO, las de iOS y las de Android, beben de su catálogo para ofrecerlo a sus usuarios. Desde iTunes Connect tenemos la posibilidad de cambiar el feed de nuestro podcast, algo que los más viejos del lugar jamás pensamos que veríamos, pero ese cambio no es tan profundo como nos gustaría, dado que sólo afecta a los nuevos suscriptores, dejando a los suscriptores existentes anclados al antiguo feed.

Por eso es tan importante tener un control de NIVEL TRES como mínimo, para asegurarnos de que si cambiamos de plataforma nuestros oyentes vendrán con nosotros. Y por eso es tan importante tenerlo desde el principio, porque si damos a Apple Podcasts un feed no controlado por nosotros, vamos a perder el control sobre muchos suscriptores.

 

Read the whole story
JRBaz
424 days ago
reply
Vitoria-Gasteiz
Share this story
Delete

Ponte al mando de Parallels Desktop 13, el libro, ya disponible y gratis

1 Comment
Parallels Desktop for Mac, creado por Parallels, Inc., es un software que proporciona virtualización de hardware para ordenadores Macintosh con procesadores Intel para ejecutar un sin fin de sistemas operativos que incluyen las versiones de Windows mas recientes, incluido Windows 10, las versiones de macOS y OS X mas recientes incluyendo macOS 10.13 High Sierra y las más recientes versiones de Ubuntu entre otros muchos sistemas operativos.
Read the whole story
JRBaz
470 days ago
reply
Gracias a Carlos tenemos la opción de echar un vistazo a las "tripas" de esta nueva versión y valorar su compra/actualización.
Vitoria-Gasteiz
Share this story
Delete
Next Page of Stories