Tim Cook calls for Bloomberg to retract its Big Hack story

Hacking

In an interview with Buzzfeed News, Tim Cook made it clear Bloomberg should retract its Oct. 4 Businessweek story that said Chinese spies breached the supply chain of 30 U.S. companies including Apple. The Apple CEO says since the story isn’t true, it should be removed. 

In what’s being described as an “extraordinary statement” because Apple has never previously publicly called for a retraction of a news story, Cook said:

There is no truth in (the Bloomberg) story about Apple. They need to do that [sic] right thing and retract it.

The executive also expressed frustration with how Bloomberg has handled the process after numerous rebuttals by the company, explaining:

I was involved in our response to this story from the beginning. I personally talked to the Bloomberg reporters along with Bruce Sewell, who was then our general counsel. We were very clear with them that this did not happen, and answered all their questions. Each time they brought this up to us, the story changed, and each time we investigated we found nothing.

In the original story, Bloomberg noted Chinese spies were able to infiltrate companies that supplied parts to Supermicro. The San Jose-based company is one of the world’s largest suppliers of server motherboards.

According to the report, China was able to attach tiny microchips the size of a rice grain to many of these parts. From there, they made their way onto Supermicro’s server motherboards and eventually to companies like Apple. Once the servers were turned on, the microchips were designed to alter the machine’s operating system so that it could accept code modifications.

Soon after the story was published, Apple, Supermicro, and others, including the U.S. Department of Homeland Security, mentioned in the story denied it.

In a press release, Apple said:

As a matter of practice, before servers are put into production at Apple they are inspected for security vulnerabilities and we update all firmware and software with the latest protections. We did not uncover any unusual vulnerabilities in the servers we purchased from Super Micro when we updated the firmware and software according to our standard procedures.

Since then, Bloomberg has continued to stick by its story, telling Buzzfeed News:

Bloomberg Businessweek’s investigation is the result of more than a year of reporting, during which we conducted more than 100 interviews. Seventeen individual sources, including government officials and insiders at the companies, confirmed the manipulation of hardware and other elements of the attacks. We also published three companies’ full statements, as well as a statement from China’s Ministry of Foreign Affairs. We stand by our story and are confident in our reporting and sources.

The Big Hack story is a strange one. Everyone involved with the story, except for Bloomberg, seems to have gone on record to deny its claims. Perhaps it’s time for Bloomberg to publish more information to back up its claims or yes, consider retracting the story.

What do you think about this story? Who do you believe?