There's a ton of stuff we don't know about Bloomberg Supermicro 1 and 2 that I'm not sure we're going to know. Here's what I do know about Supermicro 1, the original story:
I know a ton of national security and cybersecurity reporters and contractors who tried to substantiate the first story without success.
I tried to substantiate the first story without success.
People who I spoke to on Capitol Hill said they *wished* it was true to confirm what we generally know about China's industrial espionage.
People I spoke to in industry launched expensive investigations to see if they had been hit. They hadn't.
Amazon told me it investigated the claims after the Bloomberg story, to no avail.
Experts told me that the public denials from Apple and Amazon would put them in regulatory peril if they were lying.
In public: Rob Joyce said the NSA was baffled by the story and asked anyone with information to bring it to the NSA.
A key technical expert quoted in the article said he told the reporters he didn't believe the story about a microchip implant, but that was not in the story.
The general consensus from the original story was that if China was going to run this exact scenario, a firmware attack would be more likely than a microchip implant.
Bloomberg backed up their story a few days later with a single claim about backdoored ethernet hardware - which is still a distance from the original claim of a rice-sized microchip on the motherboard.
Supermicro commissioned their own third party investigation, which turned up nothing. At one point in the wake of the first story, their stock had dropped over 50%.
If you know anything that would substantiate either Supermicro story, my DMs are open.
I want to be absolutely clear: National security reporting is tough. Information is compartmentalized - not everyone knows everything. People draw connections that aren't there. People lie. There are tons of things I don't know.
If you know any of them, genuinely, let me know.
I noticed I left one out: DHS never notified anyone to mitigate the issue.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
The natsec/infosec implications of the coup attempt are staggering - not just in Pelosi's office.
They'll need to assume all systems and physical files were compromised, and catalog what of each was stolen, altered or destroyed
In the long run, they need an evacuation failsafe for computer systems.
I wasn't really referring to classified files. But it's worth noting that Mieke Eoyang disagrees both in terms of classified files and in general (down conversation).
By the end of the first season, over the course of several investigations, the FBI had hacked into Boston's transportation system, an online casino that was cooperating with the investigation and the camera on a teenage girl's home computer.
Where will they CSI:CYBER next?
Interesting notes from the intro to episode 1:
-Peter McNichol (Ghostbusters 2) has been replaced by Ted Danson.
-They've taken out the part where someone whispers "It can happen to you."