Apple’s Tim Cook Demands Chinese Hack Story Retraction

The boss of Apple Tim Cook has called for Bloomberg to retract an article that alleges that the Chinese have installed spy chips on numerous hardware platforms from US firms.

Both Apple, Amazon and others have issued vehement denials that their systems were compromised by an alleged scheme by Chinese spy agencies that involved compromising the supply chain of a US server manufacturer.

The Bloomberg Businessweek report earlier this month alleged that a unit of China’s People’s Liberation Army gained access to the internal systems of dozens of companies and US government agencies by planting spy chips in servers made by Super Micro during the manufacturing process at plants in China.

Spy allegations

Super Micro was founded in 1993 in the US and carries out manufacturing operations via subcontractors in China. It is said to be one of the world’s biggest providers of server motherboards, with hundreds of high-profile customers.

The spy chips, Bloomberg reported, allowed the attackers to create “a stealth doorway” into any network running on a server in which they were embedded.

Super Micro has denied the Bloomberg claims.

But the Bloomberg report said that its allegations were based on a top-secret US government probe that began in 2015 and is still open, and it cited a number of unnamed company and government sources.

The malicious chips allegedly affected nearly 30 companies, including Apple, a major bank and government contractors, Bloomberg apparently said.

The affected servers were found to be present in Department of Defence data centres, on board warships and handling data from CIA drones, the report apparently said.

Earlier this month all the firms mentioned denied Bloomberg’s claims.

No truth

And now Apple’s CEO has gone one step further.

“There is no truth in their story about Apple,” Cook told BuzzFeed News in a phone interview. “They need to do that right thing and retract it.”

“I was involved in our response to this story from the beginning,” Cook reportedly said. “I personally talked to the Bloomberg reporters along with Bruce Sewell, who was then our general counsel. We were very clear with them that this did not happen, and answered all their questions,” said Cook. “Each time they brought this up to us, the story changed, and each time we investigated we found nothing.”

While Cook disputed the Bloomberg report, he also took issue with the lack of evidence that Bloomberg supplied to document its claims.

Cook said the reporters never provided Apple with any specific details about the malicious chips it is alleged to have found and removed. He added that he thinks the allegations are undergirded by “vague secondhand accounts.”

“We turned the company upside down,” Cook reportedly said. “Email searches, data centre records, financial records, shipment records. We really forensically whipped through the company to dig very deep and each time we came back to the same conclusion: This did not happen. There’s no truth to this.”

Asked if a scenario like the one Bloomberg described could occur without him knowing about it, Cook replied, “The likelihood of that is virtually zero.”

Bloomberg response

But Bloomberg Businessweek has stuck by its report.

“Bloomberg Businessweek’s investigation is the result of more than a year of reporting, during which we conducted more than 100 interviews,” the publication reportedly said in a statement.

“Seventeen individual sources, including government officials and insiders at the companies, confirmed the manipulation of hardware and other elements of the attacks.

“We also published three companies’ full statements, as well as a statement from China’s Ministry of Foreign Affairs.

“We stand by our story and are confident in our reporting and sources,” it said.

Official stance

But at least officially, authorities do not seem to buy into Bloomberg’s allegations.

The Department of Homeland Security is aware of the media reports of a technology supply chain compromise,” the US DHS said earlier this month.

“Like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story,” it added.

Unless Bloomberg opens about its sources for the article, it seems this story is going to run and run for the time being.

How much do you know about hackers? Take our quiz!