The question I have is: is it possible that there was such an incredible threat to national security that even an auditor could be convinced by a federal agency to give a false report?
If it really didn't happen, how could a reputable news agency get a report so wrong? What exactly is going on here?
WRT the how could they get it so wrong question, I guess it's time for the obligatory link to Michael Crichton's essay "Why Speculate?" and his discussion of the "Murray Gell-Mann Amnesia Effect" [1]
Money quote: "You open the newspaper to an article on some subject you know well. In Murray's case, physics. In mine, show business. You read the article and see the journalist has absolutely no understanding of either the facts or the issues. Often, the article is so wrong it actually presents the story backward—reversing cause and effect. I call these the "wet streets cause rain" stories. Paper's full of them.
"In any case, you read with exasperation or amusement the multiple errors in a story, and then turn the page to national or international affairs, and read as if the rest of the newspaper was somehow more accurate about Palestine than the baloney you just read. You turn the page, and forget what you know."
There really are some publications where you can read an article on a topic you're familiar with and they get it right. For instance I have a subscription to The Economist and sometimes their coverage is a bit shallow. And sometimes it repeats an expert consensus I disagree with. But most of the time the coverage is as good as it can be in the number of paragraphs allotted and sometimes it's downright excellent[1]. You probably have to actually pay money for high quality reporting.
And I’m guessing a lot of people here conflate simplifying for a mainstream audience as getting it wrong because they’ve omitted a lot of details.
Mind you, simplifying with a degree of accuracy is difficult and top writers like those with the Economist do it better than most. With tech stuff, I find more poor and incomplete explanations than I do outright errors. Mind you, back when I provided commentary for a lot of news stories, there were some reporters I always dreaded calls from because I knew steering them in the right direction was going to take an hour out of my life.
Funny I’ve had the opposite experience with the economist. Whenever they touch my area of expertise they demonstrate their substantial ignorance and inability to fact check even the simplest things.
The Economist is good, but tiring. They are sort of like an old school “chamber of commerce” republican version of NPR.
The writing is good and interesting, until to read for a year and realize that formula is pretty much the same, and you can predict the arc of the article after reading a paragraph.
Not that Michael Crichton should be treated as an authority on truth in reporting. He believed there was a vast worldwide conspiracy to defraud poor innocent oil companies by manufacturing evidence of global warming.
AKA the Reddit Effect. Everyone on Reddit posts as if they know what they're talking about when, in reality, they only have a cursory knowledge of it and yet the entire site is somehow treated as a curated collection of high-quality, factual information.
This is right! I think there is another, perhaps unrelated Reddit effect. Blogs and some news sites pick up on Reddit and then feed them what they know will be popular on Reddit. The cycle continues. That's why Reddit is so good for astroturfing.
For whatever reason, HN is different to me because, when discussions center around the things that I actually have expertise in, the information tends to be mostly correct. Every now and then some nonsense slips in but, for the most part, keeping people from being able to downvote and upvote everything eventually leads to a pretty informed view of whatever the topic is. Even in instances where I disagree with something, there's usually a well-reasoned response that includes some support whereas, with Reddit, it's just a bunch of unfounded statements with no backup whatsoever.
HN is generally correct about established computer science and tech stuff. Anything frontier or controversial (e.g. bitcoin) or outside the narrow domain of typical Silicon Valley startups gets the exact same ignorant herd response. The point is that when the topic aligns with the expertise of the community you get quality, whereas when the topic varies you get ignorance and BS spoken just as authoritatively. Always be aware of the latter outcome!
I saw AskHistorians and thought that it was exactly that. I thought I would put together a small collection of subreddits that produce similar quality content. Little did I know that the rest of the website is memes and the same flavor-of-the- month jokes recycled on every post...
I would expect newspapers to be more knowledgable about politics and international relations than scientific topics like physics. The latter is too broad a category, the former is usually the paper's primary focus.
I wouldn't quite say that. Some aspects are opinions, but there's plenty of facts. Such as "House Reps A and B are cooperating on a bill regarding X" - that's a fact. What your position on X is, whether the bill is a good or bad idea, and why A and B are cooperating on it are opinions.
To be clear, this is not an actual 'effect' that anyone has done any research on to demonstrate it exists or has real implications. It's just something that some pop-science writer idly speculated about once, so I question why you would introduce it into this discussion.
An auditor would not have found anything because the alleged attack occurred several years ago and would most likely have been targeted at a limited number of boards, which would have been seized a long time ago.
The result of this audit does not inform about anything related to the allegations published by Bloomberg.
I think it's more about re-building confidence by showing that Supermicro products on sale now can be trusted.
It's rather easy for someone to mislead a BP reporter who understands little about the technical details but is very eager to publish something shocking.
The reporter may have emailed a few dozen security researchers to verify the story, but those who don't believe in the story are less likely to reply (and the reporter is more likely to ignore them), leading to a sampling bias.
And/or the people who did reply gave a response of something along the lines of “Its technically possibly but...” and the author ignored everything after the but.
I see how this could have happened yes. Especially if the reporter was not clear on the angle of the questions.
It's easy to see how security researchers could go off on a tangent about the insecurities of IMPI and other out of band management systems. Which'd sound like an endorsement to the reporter.
TBH if you’re talking to a reporter, thats a bad way to answer a question. “It’s technically possible” is the sort of sound bite someone will grab while ignoring the 5 minute spiel on IPMI and bus interfaces etc. that follows. Be very careful about giving short quotable statements in plain English that you don’t want to see in print.
That's fair, I think it's also fair to point out that the people with the technical know-how about these things aren't often talked to by the press. I mean how many stories do you see about hardware tampering like this? They might not be very well versed in how to communicate with them. Also I know that I have a tendency to enjoy talking through possibilities and scenarios and so could see myself (I'm not a hardware or security expert at all but the points stands) discussing at length how such a thing COULD work and just being excited to talk about a field I am well versed in. A reporter could then take that as my signing off on that it DID happen.
It’s definitely a skill. I’ve caught myself saying something juicy that was off on a tangent or a bit misleading. Usually I’ll realize it and ask the reporter not to use it and they’ll honor that.
But, yes, even reporters that you know want to write a story that will be interesting to readers. As a source, feel free to provide educational background but be really careful about speculating about things if you don’t want that speculation in print.
An on the record conversation isn’t the same as an informal background chat with the same person over drinks. And I’m a bit careful even then.
The problem with this line of reasoning -- "how do we know that each denial isn't just a sign of more coercion from powerful forces" -- isn't that it's impossible. It's that that it's unfalsifiable.
I got into a brief argument in comments here not too long ago about the saying "you can't prove a negative" which got bogged down in (what I considered to be) pedantic semantics; what we mean in practice is this kind of "negative." Instead of the conspiracy-minded folks providing proof that powerful, shadowy forces have come out in force against Bloomberg to discredit and suppress their reporting on an actual national security incident, they're demanding that skeptics prove that they haven't. And how can we do this? The complete lack of evidence for this happening might just mean that the shadowy, powerful forces are really good at hiding their tracks. We can posit that if they were really that powerful, they'd have suppressed the original reporting, but we can't prove that Bloomberg didn't just get lucky, or that their diligent, plucky reporters didn't somehow catch the Deep State off-guard for just a moment. We can point out that generally when we see this kind of story, other reporters in other organizations would have corroborated and even expanded the story by now, and that other reporters have said that they've tried and failed to do so. But that might mean the conspiracy is covering their tracks. That they've got to them. That the rest of the journalistic world is IN ON THE CONSPIRACY, MAN.
But it's also possible that the reason it increasingly looks like Bloomberg got played is that, well, Bloomberg got played. Like a cigar, sometimes a bad article is just a bad article.
The media falls for bullshit all the time, Weapons of mass destruction, incubator babies in Kuwait, etc. They are in the business of making money and not getting the story right and since there is hardley any consequences for them why would they care?
Bloomberg here will blame its source and take no responsibility.
> They are in the business of making money and not getting the story right
All business are "in the business of making money", that's what being a business is. What sets them apart is how they make it. In the case of media companies is, precisely, by getting the story right. A publisher that doesn't is more likely to lose influence and readership as time goes by. For a publication like Bloomberg, more so.
So yeah, they do care. That doesn't mean they don't fall for scams or bad reporting. They do, but it's in their best interest not to do so. In this case, I'm sure Bloomberg is already frantically calling all the reporter sources. They should have done it before the piece was published, sure, and they'll sure blame the reporter and the sources, but I think it's disingenuous to think they just shrug these things off.
> What sets them apart is how they make it. In the case of media companies is, precisely, by getting the story right.
Ideally yes, but nowdays it seems to be rather; by getting the story framed exactly as their corporate owner wants them to frame it.
Yes, they'll slowly loose credibility and in fact that is happening, but the process takes decades and is not likely to affect current reporters, if they lied in service of the status quo.
Bloomberg makes money (a lot of!) from selling terminals, not news. There is literally no point in losing credibility on a story like this. Credible third-party information is the core of the business model and the news department takes that very seriously.
Bloomberg News is not a newspaper. The company makes money from selling terminals not news (although the terminal contains news, but it's easy to see that sensationalism is not what the customers pay for).
I think the most likely explanation is that Bloomberg got played by the sources who perhaps wanted to trade on the price action the story would obviously cause.
We don't really know anything about Bloomberg's sources we do know the nature of all the parties denying any of this is true.
I find that highly unlikely. Since Supermicro was kicked out of the NASDAQ, I would expect their trading to be much thinner. It would be trivial for regulators to spot some inside trades. And if the sources are indeed intelligence officials, I'd expect their financials to be under special scrutiny.
Nope. The only named source in the article said on Twitter that the journalist reported speculation about possible attacks as facts. The story was fabricated by the journalist. How it got through fact-checking, I don't know.
When your writers are rewarded for stories that move the market[1], it's going to be tempting to go for the sensational and to omit information that weakens the story.
I think this might just be another case of unintentional consequences from incentives.
I think this is very realistic. These days prices move purely on speculation much more than they do on metrics like P/E. A source could have been in a short position, then after taking profit after the article was released could have bought up cheap shares. Thinking about the readership of Bloomberg, anything they publish will have a much larger market impact than an article in Ars. I think Bloomberg was played like a fiddle.
When I worked as an attorney for a bank one of my jobs was to "manage" the audit engagements. When an audit has serious findings you can almost guarantee that's just the tip of the iceberg. On the other hand, an audit or review without any findings just means the company under review had some combination of good lawyers and friendly auditors.
In my experience, there are two types of firms you can almost always find "friendly" auditors: law firms and small specialized "boutique" firms (accounting, consulting, etc). Who conducted this review? A boutique law firm.
Plausible deniability? Perhaps the ramifications were so huge (maybe for Apple and others) they would have gone bankrupt in lawsuits. So maybe this is a easier way to bail them out. Just using a tinfoil hat here.
It's definitely easier for a reporter to be a little over eager with a story and run it before being fully vetted than it is to co-opt federal agencies and independent auditors.
I'm not saying that it's not possible for the situation you described to have happened, just that it would be an extreme outlier.
Given the nature of their doubling down upfront about it, it could be quite problematic for them to admit they were Very Wrong.
It's also possibly permanently going to be unclear whether this is factually accurate unless someone discovers a compromised system or the sources for the reporters provide enough information on why they believe what they do to actually investigate.
If they were to publicly say they were wrong then suddenly that would be News the way the original reporting was. If they don't then only specialty publications will cover the failure to pan out.
Bloomberg rewards their "journalists" for moving markets and use the promise of market leading scoops as the carrot to win subscriptions. An admission of generating fake news hurts their core business deeply.
Could a TLA have silenced the real results? Sure, but that seems pretty unlikely. The US Government is not afraid to call out China for real or perceived threats right now (see tariffs). So the government itself silencing this would be pretty counter-intuitive.
I'd believe more that Super Micro is trying to save it's stock value, more than I'd believe government intervention. Of course, it could also just be faulty intelligence. Guess we'll have to wait and see what Bloomberg does with respect to whether they can get their sources on the record.
Looking back at this after the Huawei scandal, it seems very likely it was a preliminary step to create a negative impression regarding Chinese manufacturing. Bloomberg could have been lied to, or been chosen to deliver false stories for propaganda.
Of course it could be irrelevant (there were tensions regardless) but given how everything looks weird, it probably wasn't.
Because no matter what the audits say, this article caused a widespread feeling of mistrust towards Chinese-manufactured electronics.
>is it possible that there was such an incredible threat to national security that even an auditor could be convinced by a federal agency to give a false report?
Absolutely possible, even somewhat plausible but unlikely. Conspiracies are hard to maintain "2 can keep a secret if 1 of them is dead".
You could outright threaten someone with any number of means to get them to comply with your wishes, this is how espionage often works at a state level "ho ho, you like underage boys Mr. Smith, we have these photos of you, you will help us spy on your government!" or "You owe us much monies from your gambling, you can give us information or we make your life very difficult", simply using sex to ease someone into complying (sexpionage both as blackmail and as reward/entrapment. A possible famous case of the blackmail route was with the NSA in 1960, see: https://en.wikipedia.org/wiki/Martin_and_Mitchell_defection ), finding actual irregularities in someone's finances and threatening to go after them for it etc.
Again, possible and somewhat plausible but probably just a journalist fabricating a source or being misled by one. Yellow Journalism is a thing after all https://en.wikipedia.org/wiki/Yellow_journalism and if you look at papers in the 19th century you see all sorts of outright fabrications just to sell papers, like the Great Moon Hoax https://en.wikipedia.org/wiki/Great_Moon_Hoax
A US intelligence agency nowadays would just issue a National Security Letter and force you to not say anything otherwise you go to jail. Most people really don't want to go to jail. An intelligence agency would really only resort to blackmail or extortion if they were operating in a foreign country where they couldn't outright bribe someone.
I imagine that is defeated by simply saying "I refuse to lie", which could be career suicide but it's still an option. I can see how legally they could say "you can't reveal that information, it's a matter of national security" but I don't quite think we're at the point in America where they can go "Say this or go to prison".
It didn't stay too secret, Soviet atomic spies penetrated the program.
Emil Julius Klaus Fuchs for example was convicted of supplying information from the American, British, and Canadian Manhattan Project to the Soviet Union during and shortly after the Second World War https://www.wikiwand.com/en/Klaus_Fuchs
What bothers me most about this article is that it's based around what "Super Micro says" -- why would I care about what Supermicro says? They are the ones being accused of having backdoors in their chips.
I would've liked to hear this directly from the company doing the audit, without Super Micro's own "interpretation".
The second thing that bothers me about this story is that it was Supermicro that paid for the audit. Maybe there was no one else going to do it, or maybe they just thought to get ahead of anyone else trying to review their chips. I don't know, but it doesn't sit well with me.
Only recently we saw at least two major tech companies skirt FCC's privacy monitoring by paying themselves for the audits: Google and Facebook. Both had multiple major privacy scandals in the past couple of years, but somehow all of these privacy issues were completely missed by the companies auditing them.
"A person familiar with the analysis told Reuters it had been conducted by global firm Nardello & Co and that customers could ask for more detail on that company’s findings."
So I guess yes you can bypass Super Micro if you're a customer.
I saw that, but it's not nearly enough. Why isn't the report made public? Why do we have to take Super Micro's word for it?
I seem to remember a very hostile and skeptical attitude from HN against Binance doing exactly this sort of thing when they announced the results of their paid-for "audit" of Tether financials. Why aren't we treating Super Micro's report of the audit the same way?
I keep asking the same thing "how could a reputable news agency get a report so wrong?" They said they have many sources, they double checked things. But the denials from the various places have been SO 100% unbelievably "NO NEVER HAPPENED" that it's hard to know what's going on. If it really never did happen, why did so many people lie about this to reporters? What was the end game? It seems impossible that the reporters just made it all up, doesn't it? But maybe someone paid them to make it all up!
If it really didn't happen, how could a reputable news agency get a report so wrong? What exactly is going on here?