So if a newspaper wanted evidence that your company fucked up you would go and dismantle company property to discredit your employer knowing that it's likely to damage them and ruin you.
> So if a newspaper wanted evidence that your company fucked up you would go and dismantle company property to discredit your employer knowing that it's likely to damage them and ruin you.
The informant may have perfectly accurate information but be completely unable to provide physical evidence. For instance: they could have been briefed on the matter, but still have no physical access to the datacenter or to the ___location where the compromised servers were taken to.
A lot of the demands for physical proof make the false assumption that someone who knew about the spy chips and talked to Bloomberg would have had physical access to an example. That's simply not the case. How many of us work as software engineers in Fortune 500 companies, and how many of us could walk into one of our employer's datacenters and take a photo of the motherboard of a particular machine that we frequently work with? Not many, I'd imagine.
Well, if you're Apple/Amazon you have the SEC and your shareholders ready to ruin your life if you say anything that could even be interpreted as a lie. So, in this hypothetical you may not want to, but you will definitely feel forced to.
> You can also have the government out to ruin your life if you don't cooperate.
What if it's the Chinese government that's putting pressure on Apple and Amazon? What would Tim Cook do if he was told on no uncertain terms that Apple would be kicked out of China and its iPhone production lines shuttered if it confirmed this story? Even if the chance they'd go through with their threats is small, it's an enormous risk to Apple and taking it would be hard to justify to its shareholders. FAANG companies are clamoring for access to the Chinese market, and that gives the Chinese government a lot of leverage.
A possibility straight out of a thriller novel - and definitely exciting!
I don't think it likely though because such a nuclear option from the CN government would have the effect of basically destroying their position in the global supply chain.
I can't believe that the government would blackmail Tim Cook into writing such a strongly worded rebuttal and then, weeks later when the story is not making the front pages anymore, have him write a call for retraction which brings this story back in the news cycle. That makes zero practical sense. That's the problem with many conspiracy theories: they make it seem like the people pulling the strings are incredibly clever and powerful while at the same time completely clueless and coming up with extremely complex plans to achieve mundane goals.
I could believe it if the denials so far felt incomplete or ambiguously worded as if they were tiptoeing around something that they were not allowed to disclose. I could believe it if all we had coming from Apple and Amazon was the usual lawyer-speak "I won't confirm of deny" bullshit. Instead we've had completely unambiguous "this is completely false and never happened". If it turns out to be a lie it's going to be devastating for the trust in Apple or Amazon.
I mean think about it, if for some reason the US or Chinese agencies wanted to downplay or shift the blame they had so many easier ways to do it that would put them in an awkward position if somebody manages to prove the existence of these backdoored mobos. If the best spin they could come up with was "just deny everything and make sure to do so at a regular interval so people are constantly aware of our denial" they really need better PR people.
> I could believe it if the denials so far felt incomplete or ambiguously worded as if they were tiptoeing around something that they were not allowed to disclose. I could believe it if all we had coming from Apple and Amazon was the usual lawyer-speak "I won't confirm of deny" bullshit. Instead we've had completely unambiguous "this is completely false and never happened".
Well, at this point everybody is watching for weasel words, so a categorical denial is the only thing the government can demand that wouldn't provoke suspicion.
> If it turns out to be a lie it's going to be devastating for the trust in Apple or Amazon.
Oh, please. Companies have had millions of credit card numbers stolen, and nothing happens.
Apple and Amazon would get a bit of bad press. The tech folks wouldn't trust them any less than they already do. And it would blow over in a couple weeks at worst.
At this point, my Bayesian priors are lowering on Bloomberg, but they are not necessarily going up on Amazon or Apple.
If you want to blow a whistle, yes. If not dismantle, at least photograph the object. If your employer retaliates, you can make good money in speaker fees retelling the story, or get a job at a company that wants to be known for good hardware security.
Getting a job is not necessarily a reason to jeopardize a whole career in the intelligence community. People in public service sometimes have feelings about serving their country.
I don't know what brave new world we have entered where journalists, or even online users for that matter, make confident claims about things for which there is no physical evidence.
A very close friend of mine led customer support for a large American IT company in the middle east where US federal agents were posed as support staff.
I worked at a large high-tech firm with business in the middle east, including content-filtering solutions and we were basically 'required' to work with Western governmental entities of a 'security nature'.
The US has massive clandestine projects in this regard and some of them are not so secret - consider the recent Wikileaks: [1]
"The US intelligence agency has been involved in a concerted effort to write various kinds of malware to spy on just about every piece of electronic equipment that people use. That includes iPhones, Androids and computers running Windows, macOS and Linux."
All countries with active spy/clandestine agencies are spying on one another using malware, spyware, hardware hacking, phishing, social engineering, whatever. And many firms are complicit to one degree or another.
That Apple or AWS etc. may have been compromised with a specific attack makes for a really weird story - but that this is happening in general is a non-story - of course it is. It's not about this specific attack really.
I promise you that my dad works at microsoft and he has a chip I add to my ps4 to make it play Xbox games, you can't see it because it's too small becaise he also secretly works for the new. He taught me how to program the chips and I can do anything with them.
