Bloomberg’s report from earlier this week of Apple’s using compromised servers has managed to stir quite a bit of noise. Apple refuted the report not once but twice, with Amazon, Supermicro, and other major tech giants also strongly discrediting the report and claiming its baseless.
Supporting Apple, a British national cybersecurity agency based on its own assessments says that it has little reason to doubt Apple’s or Amazon’s claims here.
“We are aware of the media reports but at this stage have no reason to doubt the detailed assessments made by AWS and Apple,” said the National Cyber Security Centre, a unit of Britain’s eavesdropping agency, GCHQ. AWS refers to Amazon Web Services, the company’s cloud-computing unit
Even Apple’s retired general counsel, Bruce Sewell, told Reuters that no one at Apple or the FBI is aware of anything like this happening.
Apple’s recently retired general counsel, Bruce Sewell, told Reuters he called the FBI’s then-general counsel James Baker last year after being told by Bloomberg of an open investigation into Super Micro Computer Inc , a hardware maker whose products Bloomberg said were implanted with malicious Chinese chips.
“I got on the phone with him personally and said, ‘Do you know anything about this?,” Sewell said of his conversation with Baker. “He said, ‘I’ve never heard of this, but give me 24 hours to make sure.’ He called me back 24 hours later and said ‘Nobody here knows what this story is about.’”
The same theme continues when talking with insiders at Apple. BuzzFeed talked to multiple senior Apple executives and no one knew of any such incident and were confused by the report from earlier this week. The report cites some “very senior executives who work on the security and legal teams.”
“We tried to figure out if there was anything, anything, that transpired that’s even remotely close to this,” a senior Apple security executive told BuzzFeed News. “We found nothing.”
Another senior Apple security engineer who was a part of the internal investigation said he had never seen a chip like this and he was not even sure if it existed in the first place. The sources also declined Apple ever contacting the FBI about this or any other similar incident. Similarly, the FBI, CIA, NSA, or any other government agency never contacted Apple with any such incident.
The report says Apple’s infosec team is horrified by the claims in the report.
“This did not happen,” a senior Apple security executive told BuzzFeed News. This person insisted, vehemently, that there is no dissembling in the company’s response, that it didn’t secretly remove compromised servers, or discover compromised servers during the acceptance process and stop short of deploying them. “We have literally seen nothing like this.”
Apple executives also vehemently denied lying to the public in the interest of national security.
It is interesting to see both Apple and Bloomberg stand with their respective statements. Despite the strong denial from all accused tech giants in the report, Bloomberg continues to stand by its report which it says was the result of an investigation conducted over the period of one year and involved interviews with multiple Apple and government executives.
For now, it looks like we will have to believe Apple’s words as it is rare for the company to come out so strongly and deny any such report.