Bloomberg’s Credibility Tied to Supermicro Hacking Claim [Opinion]

Facing banks of servers forming a long corridor
Dean Mouhtaropoulos / Getty Images

Bloomberg’s Credibility Tied to Supermicro Hacking Claim Opinion

On October 4, Bloomberg dropped a bombshell on the tech world by announcing that two of the world’s biggest card holders, Apple and Amazon, were victims of a hacked server provided by Supermicro. In releasing this story that took them over a year to produce, they didn’t just report the news, they became the news.

Unfortunately for Bloomberg, their credibility came under direct attack from the tech juggernauts named in the story. Both Apple and Amazon provided swift and detailed denials of the major claims in the story. Apple’s response was more stinging as it brought Bloomberg’s journalistic integrity into question, a move Apple does not usually make.

Unsurprisingly, spokespeople from Supermicro also expressed surprise by the allegations. More unsettling for Bloomberg is the fact that US government agencies are chiming in on the side of Apple and Amazon.

In the piece, “New Evidence of Hacked Supermicro Hardware Found in U.S. Telecom”, Bloomberg presents new evidence for Chinese hacking.

Yossi Appleboum is the security expert claiming to have discovered hacked hardware from Supermicro as reported by Bloomberg in 2015. While there is no reason to doubt his statement, it does not provide any direct corroboration for the current charge of major US companies being hacked.

This claim also seems to be disconnected from the original report. The new evidence is of hacked ethernet connectors rather than implanted microchips on the motherboard. Bloomberg writes.

Appleboum previously worked in the technology unit of the Israeli Army Intelligence Corps and is now co-chief executive officer of Sepio Systems in Gaithersburg, Maryland. His firm specializes in hardware security and was hired to scan several large data centers belonging to the telecommunications company. Bloomberg is not identifying the company due to Appleboum’s nondisclosure agreement with the client. Unusual communications from a Supermicro server and a subsequent physical inspection revealed an implant built into the server’s Ethernet connector, a component that’s used to attach network cables to the computer, Appleboum said.

The victim of the hack is an unnamed US carrier. All but T-Mobile have made statements denying any involvement.

Blurred male figure walks past Wall Street sign
  Spencer Platt / Getty Images

It is suspicious that while 30 companies were cited as victims, the only two named happen to have just hit a trillion dollar market cap. What Bloomberg needs is not more vague innuendo, but at least one company to come forward and attest that they were a victim of the hack.

It would also make a difference if Bloomberg could produce an FBI agent or government official to confirm the part of the story where Apple is said to have reported the situation to the FBI. Without that paper trail or human witness, the story has become Bloomberg’s credibility. That, alone, ensures there is more to this story than we have right now.