Revisiting the Super Micro Story

Checking in on our forecasts from “The Big Hack”

An extraordinary claim was published by Bloomberg in October of 2018:

The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.

I immediately organized a panel of 22 security professionals to elicit their beliefs about potential future events presented by this journalism. This resulted in a panel estimated belief of 44.82% (YES) that certain events would take place by January 1st 2020. If these events took place, it would largely confirm the article’s claims.

The Forecast Recapped

As discussed in the previous essay… any of the following four events needed to occur between October 2018 and January 1st 2020 for the article to confirm:

  • Official and on the record confirmation by an unnamed Bloomberg victim company that is linked to the attack.
  • Indictment or confirmation of the described incident from a government institution.
  • An officially published hardware forensic analysis of the described chip from a security vendor confirms this incident.

The Result: “NO”

I can’t find any of these four events taking place within the time frame and I’m happy to be corrected and pointed to anything that says otherwise. This means I’d judge the outcome of the forecast as a No which had a panel belief associated of 55.18% of occurring.

Examining Bloomberg’s claims as a hypothesis

Bloomberg’s claim is testable if viewed as a hypothesis. We can develop evidence that suggests aspects of the hypothesis as true or false. However, a claim of “was breached” is a very different standard than “wasn’t breached” and these need to be discussed individually.


The standard of evidence to prove a breach occurred is a very low bar to hit, compared to its alternative.


Any claim that something wasn’t breached is a certification of absence. That’s hard.


The panelist odds were about even at 55% NO to 45% YES. Which is near total uncertainty (50/50). The track record of the panels I have organized so far has been useful enough for me to be influenced by their aggregated beliefs as useful information for decision making and risk measurement when no other sources of measurement are available.

The Panel

The conclusion of this forecast adds one more data point of evidence informing the reliability of the panel now that the forecast has expired. Additionally, the absence of these four events occurring is also informative to a future panel about this journalism, if we wanted to follow up again.

Written by

Writing about risk, security, and startups.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store