Profile picture
Robert M. Lee @RobertMLee
, 16 tweets, 6 min read Read on Twitter
Thread: the same Bloomberg journalists that covered the Super Micro story have covered technical stories that I’ve been involved in calling out before. I have nothing to add on the Super Micro story but here’s my experience with the journalists (1/x)
There are likely other examples but the first time I remember reading anything from these journalists was the Chattanooga APT story where a cybersecurity company pitched them “ICS honeypots” (opening ICS ports shouldn’t be considered ICS honeypots) and connections to them.
The story can be found here bloomberg.com/news/2014-09-3… and essentially (before its correction) was extremely hyped up and biased while pushing you could do attribution based off IP addresses alone. If positioned Chattanooga as a hub of cyber attacks on ICS
At the time I publicly critiqued the article because it had nothing to do with ICS as discussed and critiques it from an intel perspective. @SteveD3 did an amazing piece on it and covered the fact that @sjhilt was the person in Chattanooga who scanned their “honeypot”
He was doing discovery of ICS connected to the internet and essentially poorly configured honeypots and IP addresses that had ICS ports open. Since then @sjhilt has been known affectionately as the Chattanooga APT
The next time I saw a story by the same Bloomberg reporters was when they posted this piece claiming a cyber attack, by Russia, caused the explosion at the BTC pipeline in Turkey and not the physical attack that both the victim and attacker acknowledged. bloomberg.com/news/articles/…
Immediately I took to Twitter to break down why almost nothing in this story made sense from a technical perspective. It was compelling to someone who didn’t understand ICS but from an ICS perspective it wasn’t. It was also based on four anonymous sources.
Others covered it in depth as well. @spacerog had a good blog on it bloomberg.com/news/articles/… and @daviottenheimer @RidT and I went line by line to tear the story apart on Genius which they took down but Davi thankfully captured here flyingpenguin.com/?p=20958
I covered it in a SANS paper trying to be much more nuanced and professional than my previous tearing it apart. ics.sans.org/media/Media-re… and then @hatr covered it in amazing depth with new insights sueddeutsche.de/digital/tuerke… which I covered here ics.sans.org/blog/2015/06/1…
So all that build up to add this to the Super Micro story: I got to speak to the journalists. A few times. It’s fair to say they were less than impressed with me (and others) tearing apart their stories. I found them to be polite considering the situation
I found their technical knowledge to be insufficient in covering these stories. But they also claimed all sorts of anonymous sources - which I honestly assessed that they had and believed - about the situation in the BTC pipeline. The shared unpublished details with me
They also shared that some of their inspiration and knowledge of the topic came from a book they read on the BTC pipeline. The information the sources gave them was conspiracy theory like and the book they referenced was essentially a hit piece on the oil industry.
They claimed anonymous US intelligence community sources as well. Except I led the ICS threat discovery mission at the time at the NSA. And I had never heard of this attack being a cyber attack. The NSA doesn’t see everything but if the US IC is your source we would have.
In the end I was left with the assessment that the journalists were entirely well meaning individuals. I thought them to be honest and they did have the anonymous sources they claimed. But their capturing of the technical details and proclivity for conspiracy theories hurt them.
So looking at the Super Micro story. I tend to agree with @KimZetter and others who have said there is likely some truth in what the journalists have said. And I’m sure they believe what they’ve been told. But I’m not sure they captured it correctly or talked to the right people.
And to be clear I do not mean there’s truth in that their claims are correct. But instead that individually sources may have told them interesting things that had some partial truths that combined into a story that isn’t accurate. Anyway listen to @riskybusiness podcast for more.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Robert M. Lee
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!