Renowned Twitter handle @pwnallthethings breaks down how Bloomberg again mistakes the FBI’s sources on the latest Supermicro article. Read on to see the full thread. [Breakdown Bloomberg SuperMicro FBIpwnAllTheThings]
Key Takes:
- Twitter handle @PwnAllTheThings criticizes Bloomberg’s article on Supermicro, claiming that the sources and claims in the article are unreliable
- @PwnAllTheThings breaks down four claims made in the Bloomberg article and points out the lack of evidence and reliability of the sources for each claim
- @PwnAllTheThings’ critical analysis of the Bloomberg article highlights the importance of verifying sources and claims before publishing news articles
@Pwnallthethings@mastodon.social is a Twitter account that analyzes news credibility and covers global politics and news. In recent news, Bloomberg shared an article titled, “The Long Hack: How China Exploited a U.S. Tech Supplier.” [Breakdown Bloomberg SuperMicro FBIpwnAllTheThings]
In that article, according to @pwnallthethings, many claims are wrong. Additionally, Bloomberg miserably failed to verify the claims, due to the lack of domain expertise and other reasons. The Twitter handle also says that it isn’t the first time since Bloomberg has been doing that.
At first, @pwnallthethings starts teaching the Bloomberg writers how to construct such articles, for instance, the methods necessary to not only put but also verify the sources. According to @pwnallthethings, sources, and claims are grouped in a way that they tell the whole story.
“The thing you are looking for with each claim is:
1) what is the specific claim
2) who is making the claim
3) What the source(s) basis for that claim is
4) the level of indirectness of that source from the claim (i.e. first-hand expert knowledge, second-hand, etc),” tweeted @pwnallthethings@mastodon.social.
This is the format that the Twitter handle gave us to check the credibility of a source.
Bloomberg’s false claims and Pwnallthethings’ Full Breakdown
Based on the set of rules to check the credibility of the sources, we are now going to take a closer look into how @pwnallthethings@mastodon.social took on the Bloomberg article, and how they pointed out the fake claims made in the article about China breaking the laws.
Claim 1: China exploits Supermicro products
The first claim that was pointed out to be wrong was China’s exploitation of Supermicro products. In the Bloomberg article, the writer claimed that the US company was under federal scrutiny for a long time. The article then mentioned the 14 former law enforcement.
“China’s exploitation of products made by Supermicro, as the US company is known, has been under federal scrutiny for much of the past decade, according to 14 former law enforcement and intelligence officials familiar with the matter,” reads the Bloomberg article.
What’s fishy in this claim is that the article doesn’t show or prove “How” China was exploiting Supermicro products. It only mentions that “China exploits” the products – to make such a bold claim, a news website as big as Bloomberg needs to recheck what they’re releasing to the public.
Claim 2: Supermicro workers were being surveilled by FBI agents under FISA
Bloomberg then again claimed that “five of the officials” revealed that the FBI agents were “monitoring the communications of a small group of Supermicro workers.” Not only that, these “agents” had warrants given under the Foreign Investigation Surveillance Act (FISA).
Now, again, who are these “five of the officials?” According to @pwnallthethings@mastodon.social, the five officials might be a former LE & IC group, and if it’s true, the IC/LE is in big trouble. Not one but “five” officials are leaking inside information, the results of which can get dirty. [Breakdown Bloomberg SuperMicro FBIpwnAllTheThings]
Claim 3: The FBI enlisted private-sector help in analyzing Supermicro
Now, that’s a big claim made in the Bloomberg article. The claim that the “FBI enlisted private-sector” to help analyze Supermicro chips is absurd.
“But as recently as 2018, the FBI enlisted private-sector help in analyzing Supermicro equipment that contained added chips, according to an adviser to two security firms that did the work,” reads the Bloomberg article.
Well, first of all, Bloomberg didn’t say who the advisor to the security firms was in the first place. And, the article didn’t accuse the security firm or even the FBI directly, but some advisor? @pwnallthethings also questions the relationship between this source and the information that’s been written in the article about the FBI’s actions.
It’s not clear how knowledgeable the person is who provided the information, or how many people the information went through before reaching them. So there’s a chance that the information could have been distorted or changed along the way.
Claim 4: FBI Briefing former Navy SEAL Mike Janke
In this paragraph, Bloomberg did mention a “credible” source, Mike Janke, a former Navy SEAL. According to Mike, two companies were briefed by the FBI about the Supermicro chips.
“In early 2018, two security companies that I advise were briefed by the FBI’s counterintelligence division investigating this discovery of added malicious chips on Supermicro’s motherboards,” says Mike Janke.
The person’s description matches the “advisor to the private sector firms” source from earlier, and there’s no mention of a second source. He is upset about the claim but isn’t directly involved in the situation or highly technical. Last but not least, it is also unclear if he’s getting this information from a credible, first-hand source. His information is most likely coming from “multiple layers” before it reaches him.
@pwnallthethings’ Critical Analysis of the Bloomberg Article
According to @pwnallthethings, and we agree, many of the sources mentioned in the Bloomberg article are unreliable. Even so, their existence can also be questioned.
“This story is drawn from interviews with more than 50 people from law enforcement, the military, Congress, intelligence agencies, and the private sector,” says one of the paragraphs of the Bloomberg article claiming that China is breaking laws.
Now, again, who are these 50 people are they talking about? You can’t just say that 50 anonymous people are saying something and have the public believe that blindly. And, they don’t even tell you which person told which part of the story.
Bloomberg again fails to identify between Senior and Technical Officials
Read this paragraph written in the article.
Source: Bloomberg article
Seven senior officials were informed that China can hack devices. However, they were not technical experts and were only receiving the information. It’s important to keep in mind that technical details may have been lost or misunderstood in the communication. For instance, the officials may not have known whether the Chinese were using physical chips or firmware implants, according to @pwnallthethings on Twitter.
“This was espionage on the board itself…There was a chip on the board that was not supposed to be there that was calling home – not to Supermicro but to China,” said Mukul Kumar and reads in the Bloomberg article. [Breakdown Bloomberg SuperMicro FBIpwnAllTheThings]
Now, this is an example of using a real, reliable source to mention in such a critical news article. However, the information we have is based on a chain of communication that we can’t see, so there’s a lot of uncertainty about what exactly happened.
We don’t know if the information was misunderstood or miscommunicated at any point before it reached Kumar. There’s still a lot of ambiguity, raising concerns about the Bloomberg article.
Source: Bloomberg article
A cybersecurity executive at Cisco Systems Inc. named Mike Quinn was also briefed and said that the chips were not just added, but rather they were blended into the hardware. This means that the hardware was backdoored. When we put all the information together, it seems like the device firmware was backdoored, and then the information went through many people, which can cause misunderstandings.
A Big Dispute between the BFI, DHS, ODNI & the NSA “Befuddled” by Bloomberg report
Source: Bloomberg article
Another counterstatement was found and highlighted by Bloomberg itself. The paragraph above clearly proves that the FBI, ODNI, NSA, and DHS are disputing their statements. What’s even funnier is that the NSA stated that they were “befuddling” with the claims made by Bloomberg.
It’s not only the national security companies that were affected. Back in 2018, Facebook and Apple made counterstatements and called such claims BS. [Breakdown Bloomberg SuperMicro FBIpwnAllTheThings]
Apple says Bloomberg’s claims were False
“We are deeply disappointed that in their dealings with us, Bloomberg’s reports have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs,” Apple reported as asked by CNBC for comment.
Here, Apple just did call Bloomberg’s report “wrong” and “misunderstood” and they believed that Bloomberg had confused an incident in 2016 that was not a targeted attack and was not related to “tiny chips.”
Amazon Web Services says something similar
“As we shared with Bloomberg BusinessWeek multiple times over a couple of months, at no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in Super Micro motherboards in any Elemental or Amazon systems,” stated AWS telling CNBC, and directly denying Bloomberg’s report and false claims about Supermicro.
Final Words
@PwnAllTheThings analyzed Bloomberg’s article on Supermicro and found multiple false claims. The lack of evidence and unreliable sources for each claim was pointed out in a Twitter thread featuring a series of tweets by the owner; the audience did engage.
The false/unverified claims included China’s exploitation of Supermicro products, FBI surveillance of workers, private-sector help in analysis, and a former Navy SEAL being briefed by the FBI. According to @PwnAllTheThings, the article’s claims lack sufficient evidence and credibility to be reported as news.
Also Read:
Trump Twitter Twitterkastrenakes, Trump Permanently Banned from Twitter, TwitterKastrenakes on TheVerge
