Apple CEO Tim Cook Is Calling For Bloomberg To Retract Its Chinese Spy Chip Story
"I feel they should retract their story. There is no truth in their story about Apple. They need to do the right thing."

Apple CEO Tim Cook, in an interview with BuzzFeed News, went on the record for the first time to deny allegations that his company was the victim of a hardware-based attack carried out by the Chinese government. And, in an unprecedented move for the company, he called for a retraction of the story that made this claim.
Earlier this month Bloomberg Businessweek published an investigation alleging Chinese spies had compromised some 30 US companies by implanting malicious chips into Silicon Valleyâbound servers during their manufacture in China. The chips, Bloomberg reported, allowed the attackers to create âa stealth doorwayâ into any network running on a server in which they were embedded. Apple was alleged to be among the companies attacked, and a focal point of the story. According to Bloomberg, the company discovered some sabotaged hardware in 2015, promptly cut ties with the vendor, Supermicro, that supplied it, and reported the incident to the FBI.
Apple, however, has maintained that none of this is true â in a comment to Bloomberg, in a vociferous and detailed company statement, and in a letter to Congress signed by Appleâs vice president of information security, George Stathakopoulos. Meanwhile, Bloomberg has stood steadfastly by its story and even published a follow-up account that furthered the originalâs claims.
The result has been an impasse between some of the worldâs most powerful corporations and a highly respected news organization, even in the face of questions from Congress. On Thursday evening, an indignant Cook further ratcheted up the tension in response to an inquiry from BuzzFeed News.
âThere is no truth in their story about Apple,â Cook told BuzzFeed News in a phone interview. "They need to do the right thing and retract it."
This is an extraordinary statement from Cook and Apple. The company has never previously publicly (though it may have done so privately) called for the retraction of a news story â even in cases where the stories have had major errors or were demonstratively false, such as a This American Life episode that was shown to be fabricated.
Reached for comment, Bloomberg reiterated its previous defense of the story. âBloomberg Businessweek's investigation is the result of more than a year of reporting, during which we conducted more than 100 interviews,â a spokesperson told BuzzFeed News in response to a series of questions. âSeventeen individual sources, including government officials and insiders at the companies, confirmed the manipulation of hardware and other elements of the attacks. We also published three companiesâ full statements, as well as a statement from Chinaâs Ministry of Foreign Affairs. We stand by our story and are confident in our reporting and sources.â
Bloomberg did not answer questions about evidence supporting its allegations or the public remarks of its named sources.
Help us expose more stories about the most powerful people in tech. If you want more reporting like this, become a BuzzFeed News supporter.
Although they are unusual, Cookâs comments highlight the CEOâs ongoing personal involvement in Appleâs response to the story, and his mounting frustration that the companyâs rebuttals to it have been ignored by Bloomberg.
âI was involved in our response to this story from the beginning,â said Cook.
âI personally talked to the Bloomberg reporters along with Bruce Sewell, who was then our general counsel. We were very clear with them that this did not happen, and answered all their questions,â said Cook. âEach time they brought this up to us, the story changed, and each time we investigated we found nothing.â
âThis did not happen. Thereâs no truth to this.â
In addition to disputing the report itself, Cook also took issue with the lack of evidence he said Bloomberg supplied to document its claims. Cook said the reporters never provided Apple with any specific details about the malicious chips it is alleged to have found and removed. He added that he thinks the allegations are undergirded by âvague secondhand accounts.â
âWe turned the company upside down,â Cook said. âEmail searches, data center records, financial records, shipment records. We really forensically whipped through the company to dig very deep and each time we came back to the same conclusion: This did not happen. Thereâs no truth to this.â
Asked if a scenario like the one Bloomberg described could occur without him knowing about it, Cook replied, âThe likelihood of that is virtually zero.â
Cookâs commentary only furthers a growing sense of intrigue around the story, which has been the subject of ongoing public debate among information security experts and journalists. The piece would have massive global security ramifications if it is indeed accurate. It was published by one of the most respected publications in the world, one thought to have high-level government sources. And yet government security agencies and people who lead them are also puzzled.
đ¨ Something is wrong. Blanket denials from companies, NCSC and DHS are v. unusual. The only precedent for this is a 2014 Bloomberg article, by the same author, which claimed NSA exploited Heartbleed, and was vigorously knocked down with zero follow up by Bloomberg or correction. https://t.co/lRMiJlXD5G
The United States Department of Homeland Security, the UKâs National Cyber Security Center, NSA Senior Adviser for Cybersecurity Strategy Rob Joyce, former FBI general counsel James Baker, and US Director of National Intelligence Dan Coats have all said variously that they either have no reason to doubt the denials of the companies mentioned in the Bloomberg story or that they've seen no evidence supporting its claims. And some sources named in the story have raised questions about it and how their remarks were used. One of those sources, hardware security expert Joe Fitzpatrick, told the Risky Business podcast the story âdoesnât make any sense.â
Joyce: âWeâre befuddledâ about the Bloomberg article. Says he has great access to intel and hasnât found corroboration of the story last week or the new one on telcos, says there is âgreat frustrationâ in government about the stories.
One high-ranking national security official told BuzzFeed News that the story has the ring of truth, but stressed that he had no personal knowledge of the investigation detailed by Bloomberg. The official said that there is a highly classified effort in the US government to detect how adversaries implant devices like the one described in the Bloomberg story.
Meanwhile, other publications have been unable to advance or even match Bloombergâs reporting. And powerful voices from Silicon Valley to DC have publicly and privately questioned the validity of the story. Earlier this month, FBI Director Christopher Wray warned a hearing of the Senate Homeland Security Committee to âbe careful what you readâ in reference to the report. And a high-ranking executive at a publicly traded tech giant told BuzzFeed News that his company knew the supply chain in question in the Bloomberg story, and that a corporate investigation didnât turn up any evidence of tampering. âWe couldnât find anything,â he said. âOur assessment is that it didnât happen.â
Another high-ranking executive at a major Silicon Valley tech company echoed that assessment.
âI'm responsible for supporting many of the organizations that this touched, so this story was a âholy shitâ moment for me,â they told BuzzFeed News. âAnd we went and pulled every possible string â because god forbid something like this happened and you didn't know â and we found nothing.â
Amazon, which along with Apple was a major subject of Bloombergâs story, issued a similarly vehement denial on the day of its publication, and then went dark. The company has not responded to repeated requests for comment or interviews with CEO Jeff Bezos or general counsel David Zapolsky.
âPlease leave us out of this. We werenât mentioned and I donât want us to be. I donât know what the fuck is going on here.â
Meanwhile, companies that might possibly be among the 30 alleged to have been compromised are doing all they can to steer clear of the story. âWe investigated and we found nothing,â an executive at one Fortune 50 company told BuzzFeed News. âPlease leave us out of this. We werenât mentioned and I donât want us to be. I donât know what the fuck is going on here.â
According to numerous spokespeople and executives in positions to know about internal investigations, the following tech companies and banks are not members of the group of almost 30 that Bloomberg alleges were compromised: Google, Microsoft, IBM, Oracle, Dell, Hewlett Packard, Verizon, Comcast, AT&T, Twitter, Palantir, T-Mobile, Goldman Sachs, and Capital One.
For now, it seems that resolving the mystery around the story would require Bloomberg to open itself up â or be opened up. But moving from a dispute in public to a dispute in court is something none of the companies named in the report have signaled a desire to do.
With additional reporting by Ryan Mac and Kevin Collier
UPDATE
This story has been updated with additional quotes from our Thursday interview with Tim Cook.
-
John Paczkowski is a technology and business editor for BuzzFeed News and is based in San Francisco.
Contact John Paczkowski at john.paczkowski@buzzfeed.com.
Got a confidential tip? Submit it here.
-
Joe Bernstein is a senior technology reporter for BuzzFeed News and is based in New York.
Contact Joseph Bernstein at joe.bernstein@buzzfeed.com.