Did the Bloomberg's story “The Big Hack” happen?

Probably not.

There's just too much that stinks about the story. As you mentioned, every company which was supposed to be involved has categorically denied Bloomberg's claims, some of those claims are suspiciously similar to material provided to them by sources as theoretical examples (like the suggestion that analog filters could conceal implanted logic), and Bloomberg never made any further attempts to substantiate their story.

Yes of course. Back in the mid to late 2000's there was another big hack, known then as the "Manchurian Microchip" hack, which resulted in Chinese penetration of many US national security projects including the F-22. It's very difficult to find good information about this anymore, thanks to a raft of fiction produced with the same name "coincidentally" around the same time.

I'm still wondering why they weren't sued. Some of the companies named had a massive drop in their share price.

I don't think we truly know. I'd bet on the story being not accurate, but I'm unsure to what degree: Did Bloomberg eat some total fabrication? The method described seemed questionable, but variations on it could be possible and be easily in the realm of "reporter doesn't understand source". Did something happen, was caught earlier and embellished (on the way to the journalists, or by the journalists?) and Bloomberg doesn't want to admit they didn't validate that properly? To my knowledge Bloomberg has not given any further statements about this, which IMHO doesn't look good. Neither is there any third-party information outside the denials, which also could be inaccurate or hiding behind technicalities.

I believe at least some part of the story must be true, because nothing else seems to justify the seemingly-coordinated push-back against the story and anyone who didn't want to just accept the claims of falsification. I can't recall seeing that kind of reaction to any story before or since.

e: I take it back, the unanimous denials of PRISM "direct access" felt very similarly-coordinated to the Big Hack denials: https://www.buzzfeednews.com/article/jwherrman/direct-access...

DISCLAIMER: This is entirely uninformed speculation. I have no inside information, nor any particular depth of knowledge in the subject. Please seek more qualified sources for discourse at a higher level than "Thanksgiving dinner political talk".

This is the best summary of issues I've seen: https://www.servethehome.com/investigating-implausible-bloom...

There are so many technical problems with Bloomberg's article that I find it hard to take it at face value.

Beyond technical issues, the graphics belie the lack of editorial oversight: the image of a penny with a chip next to it is labeled as "[m]icrochips found on altered motherboards in some cases looked like signal conditioning couplers", but the chip shown is not a signal conditioning coupler. It appears to be an artist's conception based on a google image search for "signal conditioning coupler".[0] This is not the sort of ambiguity one expects in a well-vetted piece.

And further absurdity is this circular reference in a follow-up article[1] they published:

>In response to the Bloomberg Businessweek story, the Norwegian National Security Authority said last week that it had been "aware of an issue" connected to Supermicro products since June. Trond Ovstedal, a spokesman for the agency, later added to that statement, saying the agency was alerted to the concerns by someone who had heard of them via Bloomberg's news gathering efforts. In its initial statement, the authority couldn’t confirm the details of Bloomberg's reporting, but said that it has recently been in dialogue with partners over the issue.

It's a game of telephone:

----

Bloomberg to 'A': could you tell us about ?

'A' to 'B': I was talking to Bloomberg about recently.

'B' to government: I heard about .

Government to Bloomberg: Yes, we have heard about .

Bloomberg to readers: Government confirmed they independently knew about !

----

All of this makes me suspect that (a) relatively minor event(s) were misinterpreted by the authors as evidence of a widespread attack. I do not doubt that intelligence agencies interdict hardware and add backdoors (Snowden amply demonstrated that the NSA does this -- even without cooperation from any manufacturer). But I also would not be surprised if Bloomberg confused an Amazon red team/blue team exercise for the real thing, or confused an internal report on the hypothetical risk of supply chain compromise for some real event.

[0]: https://twitter.com/marcan42/status/1047935859020902400

[1]: https://www.bloomberg.com/news/articles/2018-10-09/new-evide...

This is the big concern behind Intel Management Engine. I personally don't trust it one bit. It's a closed source blob that's been exploited before:

[1] https://www.trendmicro.com/en_us/research/17/k/mitigating-cv...