Last sentence is worded wrongly: "Bloomberg should pull it back." No proof article like this from company which is trusted by so many = malicious intent. Wording should have been: "Bloomberg should be put down." Because they apparently misused power they did not deserve. 0 responsibility = 0 right to have power.

On the other hand, there's no way any of those companies would confess to having possessed compromised hardware even if they did, unless they got caught pants down by officials. It would be a nightmare to try to figure out what sort of information might have leaked and how many people would be affected. Far easier to deny everything since nobody can prove anything. I don't trust Bloomberg, which seems to have gone suspiciously silent to boot, but the world would need to be ending before I trusted the likes of Apple.

The fact that the shares dropped from $21 to $12 because of this story which has lost a lot of its credibility, means Bloomberg upon being proved malicious intent, which it is. Should be paying Supermicro lots of money for compensation. This is a scaremonger story to stop production of certain products so other people can benefit, and until real proof comes out, this is a fairytale bloomberg story.

It is true that Supermicro have every reason to say they are fine. This can be easily solved however, as all the Bloomberg needs to do is provide a board from them with malicious chip on. What are they waiting for ? Even though even if all of this was a hoax, I can't imagine Bloomberg never considered they would need to support their claim with some sort of proof. So, maybe we just need to wait a bit.

Yeah really odd they would run such a Firm story without a board in hand. Cannot be so hard to lay hands on one... on the other hand I can believe the US Gov. would pressure Apple and Amazon to cover this up to help protect US interests (SuperMicro and jobs + saving face publicly to the world) while they have already apparently removed the threat. It could be the coverup Bloomberg are claiming...

This turn of the story tackles the journalistic issue here, claims that (yet) have not been proved true, or false for that matter. If it'd be political, the whole thing might as well have been called fake news at some point. That said, I'm not sure if Supermicro is the only company that should do their checks. If they're infiltrated, they'd just say everything's as normal... I'd trust the answers of the biggest users, Amazon, Apple, etc. more than just the company's words who's meant to be compromised in the first place.

Kaarme:

On the other hand, there's no way any of those companies would confess to having possessed compromised hardware even if they did, unless they got caught pants down by officials. It would be a nightmare to try to figure out what sort of information might have leaked and how many people would be affected. Far easier to deny everything since nobody can prove anything. I don't trust Bloomberg, which seems to have gone suspiciously silent to boot, but the world would need to be ending before I trusted the likes of Apple.

The problem with this is that the vector of attack means that there would be evidence of the hack everywhere. That's why I found the entire thing so strange when it was first reported - the companies were outright denying it and not giving the usual "no comment".. but on the flipside Bloomberg claims it has ~15 sources including both in the industry/government whose details about the attack align. If this was a random blog or something I'd write it off - but despite what "everythingisfakenewsloololo" people think, Bloomberg is fairly reputable and I don't really see a motive for the fake story. I keep saying people say "its a political hit piece" or "malicious intent against supermicro" but neither really make any sense to me - the scope of the piece allows multiple companies to weigh in on it being fake - not just supermicro, the various details of the attack do the same, and the weight of the claims levied opens Bloomberg up for liability. Whole story is strange to me.

1) when a news organization has 17 sources and corroboration from two gov'ts (U.K. & U.S.) and does not "show the evidence", it is not from a lack of evidence, it's from national security. 2) the Pentagon (esp DARPA), has been aware of the problem of offshore manufacturing and the guaranteed penetration by state actors ever since businesses started going to China. 3) other than the technical aspects of this story, anybody who doesn't believe China has spies in every manufacturing plant is both foolish and naive and they've never been to China. 4) Supermicro is doing precisely the right thing - put on a brave face, deny everything but investigate thoroughly.

tunejunky:

1) when a news organization has 17 sources and corroboration from two gov'ts (U.K. & U.S.) and does not "show the evidence"

'Bloomberg has used seventeen anonymous sources' 'American and British authorities also said they knew nothing about the alleged infiltration.' I've never said this isn't possible, or even unlikely, but I'm not at all interested in stories with no evidence. If you can't back it up, then you shouldn't print it(or keep repeating it)

in every newspaper or news program of any repute three independent sources are required. whistle-blowing in particular, often means anonymity because of the power differential between a person and a group/company/corporation/nation. when you add in the known behavior of Chinese industrial and military espionage, costing billions of dollars in Intellectual Property to leapfrog from second world status to first, why is anyone surprised at anything? i've only said i wasn't surprised by the Bloomberg story as it is entirely credible if you've ever been to China. i've been to China and Hong Kong many times, as in more than 10. and the strong-arm tactics of the gov't re: business and IP is well known and a company is forced to transfer some technology in order to be there in the first place. whether you're General Motors, Supermicro, Apple, et al... or not. this alleged event wasn't for that technology transfer - they have that, it was to target the end user. totalitarian states are totalitarian, so "free discourse/data/information" is antithetical to the state. the Chinese are already the most surveilled people on the face of the earth (as are the visitors there...if you look you can find the minders). why the surprise they want to gather every bit of information that they can?

tunejunky:

in every newspaper or news program of any repute three independent sources are required. whistle-blowing in particular, often means anonymity because of the power differential between a person and a group/company/corporation/nation. when you add in the known behavior of Chinese industrial and military espionage, costing billions of dollars in Intellectual Property to leapfrog from second world status to first, why is anyone surprised at anything? i've only said i wasn't surprised by the Bloomberg story as it is entirely credible if you've ever been to China. i've been to China and Hong Kong many times, as in more than 10. and the strong-arm tactics of the gov't re: business and IP is well known and a company is forced to transfer some technology in order to be there in the first place. whether you're General Motors, Supermicro, Apple, et al... or not. this alleged event wasn't for that technology transfer - they have that, it was to target the end user. totalitarian states are totalitarian, so "free discourse/data/information" is antithetical to the state. the Chinese are already the most surveilled people on the face of the earth (as are the visitors there...if you look you can find the minders). why the surprise they want to gather every bit of information that they can?

Reminds me of a news article I saw somewhere a while back: The Chinese had hacked into a thinktanks servers and been actively perusing and stealing their IP for about a year, this intrusion was discovered finally and stopped.... the Chinese were so incensed at this that they DDoS's the thinktank's servers lol They have hacked so many universities and companies to steal data it is just not a surprise anymore.

Humanoid_1:

Reminds me of a news article I saw somewhere a while back: The Chinese had hacked into a thinktanks servers and been actively perusing and stealing their IP for about a year, this intrusion was discovered finally and stopped.... the Chinese were so incensed at this that they DDoS's the thinktank's servers lol They have hacked so many universities and companies to steal data it is just not a surprise anymore.

lol i use a burner cell when i'm there because they monitor every frequency and often have backdoors, particularly Huawei

With my specially made shiny and secure hat on, I would say IF this story turns to have any truth in it and indeed SMC was infiltrated, I bet it is specific server board batches, intended for specific servers that they were interested in, would be my guess. That's why it could be hard to confirm its existence, since it might be only some specific boards that might or might not be affected, if the story holds some truth in it of course.

tunejunky:

1) when a news organization has 17 sources and corroboration from two gov'ts (U.K. & U.S.) and does not "show the evidence", it is not from a lack of evidence, it's from national security.

Not a single one of their "anonymous sources" have been confirmed by anyone but Bloomberg. This "corroboration from two gov'ts" doesn't seem to hold up as both Gov'ts have stated that they have ZERO knowledge of the claims. Bloomberg has refused to provide any data to SuperMicro, Amazon or Apple. If the story was ligitimate, they wouldn't have a problem doing so. Even the security firm that did the audit of the systems says the story is a load of crap. When a "news" organization sites numerous "anonymous" sources and refuses to provide any evidence to support the claim to anyone, be it readers or the supposedly affected organizations, the story is fake. You can spout your Anti-China rhetoric all you want, but until Bloomberg provides actual evidence of their claims or provides the name of these supposed "anonymous sources", there's no reason to believe anything they print.

tunejunky:

1) when a news organization has 17 sources and corroboration from two gov'ts (U.K. & U.S.) and does not "show the evidence", it is not from a lack of evidence, it's from national security. 2) the Pentagon (esp DARPA), has been aware of the problem of offshore manufacturing and the guaranteed penetration by state actors ever since businesses started going to China. 3) other than the technical aspects of this story, anybody who doesn't believe China has spies in every manufacturing plant is both foolish and naive and they've never been to China. 4) Supermicro is doing precisely the right thing - put on a brave face, deny everything but investigate thoroughly.

1. might be or might not be, sources not made available might still be made up, ESPECIALLY when it's government sources and interests beyond security, such as trade wars (you notice where I'm going?) are a thing. Like tariffs because of "national security" which is utter rubbish also. 2. if they know, warned, cried, why did they never impose a law that they need to have manufacturing in the US if companies want to supply to the government in the first place? It's not like the US would not need enough hardware with the "war on terror" that in the last 17 years nobody could have built a plant there, if the so smart goverment and three letter organisations are so sure that something's happening in China. 3. oh I do believe they have spies there. You think the US haven't gotten spies in China that are supposed to make sure nothing goes wrong with what the US need from over there? If not, why not? Have you ever been to China, I'm asking out of curiosity? 4. Supermicro was never the issue there, but more likely Bloomberg bringing out a story that not only destroys company's worth, but also actively works against any counter intelligency trying to catch the people responsible for such placements of "control" chips in hardware that's targeted to be compromised. If somebody really was trying to catch the people responsible for such an issue, it would only be logical to NOT say anything about it until AFTER they solved the issue. If not, they're trusting on the Chinese "infiltrators" to stop their doing just because somebody said they're doing it. To believe that would also be naive.

fantaskarsef:

1. might be or might not be, sources not made available might still be made up, ESPECIALLY when it's government sources and interests beyond security, such as trade wars (you notice where I'm going?) are a thing. Like tariffs because of "national security" which is utter rubbish also. 2. if they know, warned, cried, why did they never impose a law that they need to have manufacturing in the US if companies want to supply to the government in the first place? It's not like the US would not need enough hardware with the "war on terror" that in the last 17 years nobody could have built a plant there, if the so smart goverment and three letter organisations are so sure that something's happening in China. 3. oh I do believe they have spies there. You think the US haven't gotten spies in China that are supposed to make sure nothing goes wrong with what the US need from over there? If not, why not? Have you ever been to China, I'm asking out of curiosity? 4. Supermicro was never the issue there, but more likely Bloomberg bringing out a story that not only destroys company's worth, but also actively works against any counter intelligency trying to catch the people responsible for such placements of "control" chips in hardware that's targeted to be compromised. If somebody really was trying to catch the people responsible for such an issue, it would only be logical to NOT say anything about it until AFTER they solved the issue. If not, they're trusting on the Chinese "infiltrators" to stop their doing just because somebody said they're doing it. To believe that would also be naive.

If the Gov't had a concern relating to "national security" that resulted in an investigation, action would have been taken long before Bloomberg ran that story. The problem is, as was brought up in the other thread, to have a chip smaller than a grain of rice, how would you connect it to the system? The necessary interconnects alone would increase the size of the chip beyond that of a grain of rice. There's also the matter of fabricating such a small chip. We're just getting to 7nm. The number of transistors alone, necessary for the functionality described, would prohibit such a small chip at 12nm or even 7nm. Bloomberg claims that these "small than a grain of rice" chips are complete systems, minus output components. That would mean the chips contain rom, ram, cpu and network interface, as well as all of the necessary interconnects for power and networking. No Chinese manufacturer has the ability to fabricate a chip at a small enough node to pull it off, much less be able to manage the heat output that running such a small chip would produce. A chip performing all the functions described by Bloomberg would require a heatsink to avoid burning out.

So why hasnt supermicro provided a bluprint/schematic of the board next to a picture? We wouldnt even need to see any info/nam/model nbrs of components/chips, but it would be easy to visually compare it and see if there is anything that shouldn't be there. Yet they havent...

fry178:

So why hasnt supermicro provided a bluprint/schematic of the board next to a picture? We wouldnt even need to see any info/nam/model nbrs of components/chips, but it would be easy to visually compare it and see if there is anything that shouldn't be there. Yet they havent...

Bloomberg has yet to produce the proof of their claim either....but yet, people are so quick to believe a baseless claim from Bloomberg without the slightest bit of evidence to support the claim.

This just stinks of government meddling. Huawei is no longer backed by the large carriers here in the US. AT&T was pressured to back off from supplying the new Mate 20 and Mate 20 Pro. DOD is scrambling for a replacement since GloFo pulled out of the 7nm race. Feels like we have entered into another McCarthy Era. Instead of just general Communist infiltration, a specific country has been called out. Justified or not, just feels like this is the road being traveled down...again.

It's time for all accused to jointly submit legal preceedings againsts Bloomberg This stinks like a government covert smear campaign against asian suppliers, and they have left bloomberg to the wolves. I have already checked with a qualified board engineer that should a chip of that size be placed where they claim, it would have no capacity to do what bloomberg is claiming. modifying the trace layers to implement an attack vector to route this chip on would not go by unnoticed.