There's a ton of stuff we don't know about Bloomberg Supermicro 1 and 2 that I'm not sure we're going to know. Here's what I do know about Supermicro 1, the original story:
I know a ton of national security and cybersecurity reporters and contractors who tried to substantiate the first story without success.
I tried to substantiate the first story without success.
I tried to substantiate the first story without success.
People who I spoke to on Capitol Hill said they *wished* it was true to confirm what we generally know about China's industrial espionage.
People I spoke to in industry launched expensive investigations to see if they had been hit. They hadn't.
People I spoke to in industry launched expensive investigations to see if they had been hit. They hadn't.
Amazon told me it investigated the claims after the Bloomberg story, to no avail.
Experts told me that the public denials from Apple and Amazon would put them in regulatory peril if they were lying.
Experts told me that the public denials from Apple and Amazon would put them in regulatory peril if they were lying.
In public: Rob Joyce said the NSA was baffled by the story and asked anyone with information to bring it to the NSA.
A key technical expert quoted in the article said he told the reporters he didn't believe the story about a microchip implant, but that was not in the story.
A key technical expert quoted in the article said he told the reporters he didn't believe the story about a microchip implant, but that was not in the story.
The general consensus from the original story was that if China was going to run this exact scenario, a firmware attack would be more likely than a microchip implant.
Bloomberg backed up their story a few days later with a single claim about backdoored ethernet hardware - which is still a distance from the original claim of a rice-sized microchip on the motherboard.
Supermicro commissioned their own third party investigation, which turned up nothing. At one point in the wake of the first story, their stock had dropped over 50%.
If you know anything that would substantiate either Supermicro story, my DMs are open.
I want to be absolutely clear: National security reporting is tough. Information is compartmentalized - not everyone knows everything. People draw connections that aren't there. People lie. There are tons of things I don't know.
If you know any of them, genuinely, let me know.
If you know any of them, genuinely, let me know.
I noticed I left one out: DHS never notified anyone to mitigate the issue.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
