In a crowded field of huge cybersecurity news, one of the biggest stories of recent years broke last week, and with it has come a complicated tale that illustrates the shifting shape of a rapidly changing world.
An investigation by Bloomberg Businessweek alleges that server manufacturer Supermicro, which supplies some of the world’s largest tech companies, as well as banks and government security agencies, has had its supply chain infiltrated by a Chinese company.
The report says that a chip “the size of a grain of rice” had been secretly placed on Supermicro servers, allowing information to be monitored and accessed by the supposed perpetrators.
The implications of this – an alleged “hardware hack” at the absolute most fundamental level, and of a company that supplies extremely high-risk and high-value organisations, are to. The fallout, if it is true, will be seismic.
The complications
As it happens, the fallout has been exactly that, but for a slightly different reason. Apple and Amazon, who were both directly implicated, quickly came out with denials in the strongest terms. As The Register’s analysis points out, it’s the specificity of these denials that makes them worth noting.
Companies, and especially big ones, are very cautious when it comes to the press. The PR machines of Apple and Amazon are very capable of spinning and twisting news reports and allegations in a way that leaves the reader uncertain of exactly what has happened, but sure that the companies have done nothing wrong. And they’re also good at doing it in a way that is vague enough to avoid lawsuits further down the line.
That’s not really what has happened here. Apple said this in a statement: “On this we can be very clear: Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident.”
This is specific enough that if it was later found to be true, Apple would be on very shaky ground legally. At the same time, various law enforcement and security agencies, including the UK’s national cyber security centre, have come out to say that they see no reason not to believe the companies involved.
The options
So, we can be relatively certain that Bloomberg’s report is not as clear cut as it first appears. What are some of the possibilities?
- Bloomberg has got it completely wrong; its reporters did not check facts properly and its system of editors and lawyers did not do their due diligence. This is very unlikely – Bloomberg is one of the most reputable news sources in the world, with world-class reporters and an extreme dedication to accuracy. Apple and Amazon are serious organisations, but so is Bloomberg.
- Bloomberg has got it right and Apple, Amazon and others are lying. This again seems unlikely given how specific their responses are, and how damaging this could be further down the line. There will be teams of people assessing every word that is said.
- The Bloomberg reporters have worked from slightly inaccurate information and have reached correspondingly inaccurate conclusions from that. Because of the scale and importance of the story, that’s still a big deal.
Some observers have suggested that option three could represent a deliberate ruse by state actors. It would take a lot to trick Bloomberg, but the potential reward is high: there are some powers that actively look to discredit credible news sources, of which Bloomberg is a leader.
Another criticism levied by observers is that the stories are relatively scant on technical detail. This is, perhaps, understandable, given that the story was expected to be read by a largely non-technical audience. But it makes it difficult for those with a technical background to verify what is, at its core, a story about technology.
Tech news is news
That seems to be a part of this whole story that is largely being ignored. More and more, people talk about the “intersection” between tech and politics, but it is becoming clearer that the two are now so inexorably linked that it is barely worth mentioning. It’s strange to think, but global technology, and the companies that power that ecosystem, has now become so powerful, that it fuels geopolitica scandals.
This has been described by many as a “bombshell” story, and that is certainly true. Technology news, mirroring its importance in society, used to go alongside sport or showbiz, or other popular but relatively ‘trivial’ categories, but now it arguably sits alongside politics and business in the pantheon of hard news. Who knew a server chip would one day make front pages?
Newsletter sign up
