Slashdot Mirror
China Infiltrated Apple, Amazon and Other US Companies Using Spy Chips on Servers, According To Bloomberg; Apple, and Amazon, Among Others Refute the Report (bloomberg.com)
Data center equipment run by Amazon Web Services and Apple were subject to surveillance from the Chinese government via a tiny microchip inserted during the equipment manufacturing process, Bloomberg BusinessWeek reported Thursday, citing 17 people at Apple, Amazon, and U.S. government security officials, among others. The compromised chips in question came from a server company called Supermicro that assembled machines used in the centers, the report added. The scrutiny of these chips, which were used for gathering intellectual property and trade secrets from American companies, have also been the subject of an ongoing top secret U.S. government investigation, which started in 2015, the news outlet reported. Amazon, which runs AWS, Apple, and Supermicro have disputed summaries of Bloomberg BusinessWeek's reporting.
The report states that Amazon became aware of a Supermicro's tiny microchip nested on the server motherboards of Elemental Technologies, a Portland, Oregon based company, as part of a due diligence ahead of acquiring the company in 2015. Amazon acquired Elemental as it prepared to use its technologies for what is now known as Prime Video, its video streaming service. The report adds that Amazon informed the FBI of its findings. From the report: One official says investigators found that it eventually affected almost 30 companies, including a major bank, government contractors, and the world's most valuable company, Apple. Apple was an important Supermicro customer and had planned to order more than 30,000 of its servers in two years for a new global network of data centers. Three senior insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards. Apple severed ties with Supermicro the following year, for what it described as unrelated reasons. [...] [Update: Some counterpoint: According to an earlier report by The Information, security concerns were indeed a reason why Apple and Supermicro parted ways.] A U.S. official says the government's probe is still examining whether spies were planted inside Supermicro or other American companies to aid the attack. Some background on Supermicro, courtesy of Bloomberg: Today, Supermicro sells more server motherboards than almost anyone else. It also dominates the $1 billion market for boards used in special-purpose computers, from MRI machines to weapons systems. Its motherboards can be found in made-to-order server setups at banks, hedge funds, cloud computing providers, and web-hosting services, among other places. Supermicro has assembly facilities in California, the Netherlands, and Taiwan, but its motherboards -- its core product -- are nearly all manufactured by contractors in China. The company's pitch to customers hinges on unmatched customization, made possible by hundreds of full-time engineers and a catalog encompassing more than 600 designs. Further reading: Amazon Offloaded Its Chinese Server Business Because it Was Compromised, Report Says.
The report states that Amazon became aware of a Supermicro's tiny microchip nested on the server motherboards of Elemental Technologies, a Portland, Oregon based company, as part of a due diligence ahead of acquiring the company in 2015. Amazon acquired Elemental as it prepared to use its technologies for what is now known as Prime Video, its video streaming service. The report adds that Amazon informed the FBI of its findings. From the report: One official says investigators found that it eventually affected almost 30 companies, including a major bank, government contractors, and the world's most valuable company, Apple. Apple was an important Supermicro customer and had planned to order more than 30,000 of its servers in two years for a new global network of data centers. Three senior insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards. Apple severed ties with Supermicro the following year, for what it described as unrelated reasons. [...] [Update: Some counterpoint: According to an earlier report by The Information, security concerns were indeed a reason why Apple and Supermicro parted ways.] A U.S. official says the government's probe is still examining whether spies were planted inside Supermicro or other American companies to aid the attack. Some background on Supermicro, courtesy of Bloomberg: Today, Supermicro sells more server motherboards than almost anyone else. It also dominates the $1 billion market for boards used in special-purpose computers, from MRI machines to weapons systems. Its motherboards can be found in made-to-order server setups at banks, hedge funds, cloud computing providers, and web-hosting services, among other places. Supermicro has assembly facilities in California, the Netherlands, and Taiwan, but its motherboards -- its core product -- are nearly all manufactured by contractors in China. The company's pitch to customers hinges on unmatched customization, made possible by hundreds of full-time engineers and a catalog encompassing more than 600 designs. Further reading: Amazon Offloaded Its Chinese Server Business Because it Was Compromised, Report Says.
I want a screen-print of the chip pin-out on my desk by lunchtime.
Someone else can see your data in AWS, Azure, etc.
Chinese market poison as baby food. Nobody should be doing business with them.
Apple and other companies have responded. It would seem Bloomberg has done little to provide any evidence over the past year, while these companies have investigated and found nothing of substance to the claims. Apple's response in particular is strongly worded and makes it clear that they find these claims to be baseless. https://www.bloomberg.com/news...
China been doing this for years and it's only just coming out.
China.
Article says the hard hack caused the BMC to pull attack code from outside.
Apple sold out to the Chinese government. Of course they're going to say "nothing happened here."
Everyone involved on both sides has come out publicly to say Bloomberg is wrong. Why are we still talking about it?
All parties involved have it in their vested interest to deny this.
"That's the way to do it" - Punch
you mean everyone who has a financial stake in hiding the information... LOL
The pictures in the article show a 6-pin device. 2 Pins are required for Vss and GND, 4 pins left.
This chip should be able to manipulate network traffic and alter the operating system? How?
Where is this chip connected to with its 4 data pins?
Seriously, come on...
The U.S. government banned Lenovo some time ago because they don't trust the Chinese. This contractors and company just invite this spying! Any government contractor who did this need to lose their contracts!
Why did a Supermicro get kicked off the NASDAQ ?
For selling out to China
Let's assume the networking devices were compromised, and they were part of the private intranet on which trade secrets were transmitted. The data still has to be transmitted off of that network somehow. That would certainly raise major flags with these kinds of tech companies. Unless.... it required some physical connection to the device, such as inserting a USB drive to download data directly.
Better known as 318230.
Ok, with that many designs and older machines end of life, find some free machines to locate said chip.
If you find examples, post the results here so truth be known.
It is hard to imagine that a few of these motherboards are not scattered into used server bin areas around the United States.
Perhaps we may think that 600 designs without proper over sight is too many to review for cyber security.
Quality assurance failed to notice or was complicit with an extra chip from visual inspection?
Anybody find it? If so your first discovery may be bounty material for news outlets or security mavens out there.
http://www.aisnota.com/slashdot/ Welcome to Logic and the Future
I would not trust anything coming from the FBI or NSA or the US at the moment... Because talk is cheap and the US is NOT trustable now (it may not have been under previous president, but trump and co smeared it on our face until we could not breath the stink). Evidences are king. A photo of the chip as well as decoded code , or micrography of it with evidence of concealment and data transfer would go a long way toward that. until then it is just as much hot air.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Bloomberg better have evidence to back the claims they made against Supermicro.
Since Amazon has said that reports of it finding a chip or working with the FBI are false it does not look good for Bloomberg.
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
And I really though they just messed up their reporting.. It must suck to be in the Supermicro management at this point.
Auditing revealling financial irregularities that led to delayed SEC filings that predated even the earliest claims made in the Bloomberg article - ultimately it was about breaching SEC filing requirements, rather than the underlying financial issues, that led to the delisting.
UNIX? They're not even circumcised! Savages!
Every company denies, anon informants, no one from FBI interviewed.
Where'd the chips come from? They are physical things that exist. Do you think Bloomberg faked the paper trail all the way up the supply chain (..)
Bloomberg says A, Apple, Amazon etc say B. That's where you need to back up your claim.
If Bloomberg did its job, it should have some expert(s) on call that can tell you what motherboard, what chip / where on the board, what pinout, what it does, and how they arrived at those findings. That's the core of their story after all.
If Bloomberg does, just publish those technical details & call it a day. If Bloomberg doesn't, then yes they are talking out of their nose and Apple, Amazon & co have every right to criticize them.
Meanwhile, Super Micro stock has fallen nearly 36%. Anyone buying?
That's a weird name for a chink.
Remember when the USA did the same thing?
Acting evil. Need I say more? And I will get modded down to -5 because liberal fascists are so fascist.
Corporatism != Free Market
Asking for a friend.
Classified my ass. Intel's ME engine is much bigger and more complicated. It is not super secret to name the alleged ping address and IDS sigs. Stray pings would be a dead giveaway - highly unlikely.The photo looks like 6 pins -so a bus based execution it is not. A decent designer would use it to leverage flaws in the ME chip, and steal/bypass signing keys, and/or alter CPU flags.This would suggest ME and Spectre and Meltdown and TB lookasides were known to state actors for a very long time, and the fix is more complicated than disabling the chip. Revealing it now, suggests that future CPU firmware errata could be tampered with. Which implies our overlords do not want us disabling ME and firmware upgrades. Now why is that so?
this is just another bullshit attempt at attacking China because they dominate a large market, namely mother- and server-boards. It's funny because nothing of what they claim has ever been proven, but we have numerous cases where it has been revealed this is exactly what the American counterparts Cisco and Juniper etc. are doing.
What? You're just now learning about it and act all surprised...please.
There was never any question what price U.S. manufacturer's were willing to pay outsourcing to Asia. It was just a question how long.
Apple et. al. are not stupid clucks, they went over motherboards with a microscope. They saw exactly how true to their design finished goods matched. Amazon paid a 3rd party due diligence and its public. SO, we have the answer now.
...let's hear more from people whinging about Trump's 'trade war' with China.
China's been a shitty actor on the world stage since they bred themselves out of irrelevancy.
Foreign companies have to establish a Chinese business, owned 51% by Chinese who almost always end up being a front for the PLA. ...and yet we should curry their favor so we can keep buying $9 folding chairs?
Draconian censorship laws. No free speech. No freedom of religion.
Currency manipulation and disregard for norms of international economic (and other) reporting.
Military occupation and absorption of neighbors it deems "were *actually* China anyway".
Sorry Hong Kongers, I guess you don't get to keep democracy and nobody cares...
An arbitrary, dangerously confrontational foreign policy including sweeping territorial claims.
Environmental destruction with impunity.
I don't like Donald Trump for a number of reasons, but the US confrontation with China is LONG past due; waiting any longer would likely make it military when China finally gets brazen enough to try to grab Taiwan.
-Styopa
He was 41 and a marathon runner. He was probably killed off by his ChiCom overlords.
Most definitely suspicious -- middle-aged marathon runners never die of sudden heart attacks.
I still remember all the WMD that the US Army found in Iraq, those weapons were everywhere in Iraq even in the toilets.
Because governments NEVER EVER LIE, if the government wants to initiate a conflict with another country, it can do it without lying.
I don't know to what degree "China" (it's government, it's people, or it's corporations, state owned or otherwise) are spying, but I do know it's not 0, not even close to 0. I have been close to accusations and convictions, they are absolutely spying using any available means. That's not surprising. If it made any sense to do it, adding stray hardware/software to a PC is definitely a viable approach to compromising it.
The real issue is technical. How do we create a secure compute environment? Apple has taken the route on its phones of building a very effective and secure trust chain. It is pretty hard for an unauthorized user to slip in stray firmware on their phones, I don't want to say impossible because there are some known and pretty exotic exploits. But very hard. Their design is such that even their MFGs cannot sneak in stray code to spy on you. The weakest point is still the single authorized user, and their ability to protect their passwords and biometrics. Apple's route also makes you, the owner, a perpetual customer rather than an owner. If they choose to lock you out, there's nothing you can do about it, your $1k phone is a paperweight.
PCs (I'm including desktops, servers and laptops) on the other hand are pretty much a free for all. The MFG can sneak on just about anything in their BIOS/EFI implementation, and anyone up and down the chain can do so without much oversight. It's a pretty open and competitive market, with many small players of little to no account, all trying to make the sale. Each of them provides their own hardware, and some EFI implementation they probably bought and then tailored to their implementation. Someone could also have added backdoors. That in turn hands off to my choice of OSes, which themselves could easily be compromised and I wouldn't know better until something happened. I am unquestionably the owner of this system, and can do anything I would like, but I also cannot rely on anything up and down the system. I'm the owner of a very leaky boat.
What we need is a system that can both be trustworthy and robust to middle-man attackers who may, at times, have direct hardware access, but still allows me to be the absolute owner of my hardware. I may make bad choices, those bad choices may compromise my system, but I need a foolproof way of knowing when I'm making a bad choice. It's not that easy of a problem in the current ecosystem, and we're waiting for someone to get caught doing something bad that forces our hand.
No evidence, fake news, reporters are not scientists or engineers and both companies have plenty of top employees.
Who really thinks Amazon and Apple are both lying? Nobody.
If you read the responses from Amazon, Apple, and Supermicro, they are pretty damning. This is as close to outright calling Bloomberg liars as I have seen in a long time.
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond
Having personally dealt with the company on similar things, I have a far dimmer view of their ethics than the above piece, I have personally seen them ignore direct contrary evidence to a story from the source in order to run a high profile piece. Someone should be fired for this.
-Charlie
Supermicro doesn't have any motherboards made in Russia.
The Joke is You Probably Already Bought Them!
Https://www.youtube.com/embed/cROY4m4Ftiw
Oh, right! When we do it we're spreading freedom whereas when they do it it's malicious!
Ok, explain this to me...
How is a single chip on a motherboard going to do the following and do it without someone noticing:
1: Intercept data on the server without knowledge of what OS is running and/or without a driver to facilitate OS access?
2: Send that data to some 3rd party, through a firewall, without the bandwidth usage being noticed?
I know someone is going to answer #1 by saying "it'll just send everything in memory / traveling over the bus", but then you wind up hitting #2 because that would use a crap ton of bandwidth.
This looks very improbable and much like another "China is the boogeyman" story. I want hard proof before I believe this. The hysteria around this is like BadUSB all over again, and we all know where that went.
Why can't we just nuke them? Hell, we could probably pay Russia to do it.
Seriously, I expect that trump will push major changes in the west over this. And yes, it is time to get control back due to security issues.
I prefer the "u" in honour as it seems to be missing these days.
This is why we need open-source hardware:
https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/
It sounds to me like the corporations named denied the report. They're a long, long way from refuting it.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
Bloomberg published responses from the companies involved. Here are some excerpts that give you a sense of how they responded...
Amazon:
It’s untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental. It’s also untrue that AWS knew about servers containing malicious chips or modifications in data centers based in China, or that AWS worked with the FBI to investigate or provide data about malicious hardware. [...]
And they go on to say a lot more that categorically denies Bloomberg's claims while making a mention of an unrelated firmware incident from 2016.
Apple:
Over the course of the past year, Bloomberg has contacted us multiple times with claims, sometimes vague and sometimes elaborate, of an alleged security incident at Apple. Each time, we have conducted rigorous internal investigations based on their inquiries and each time we have found absolutely no evidence to support any of them. We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg’s story relating to Apple.
On this we can be very clear: Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement. [...]
And they go on to say a lot more that categorically denies Bloomberg's claims while suggesting that Bloomberg may be confused about the 2016 firmware incident.
Super Micro:
While we would cooperate with any government investigation, we are not aware of any investigation regarding this topic nor have we been contacted by any government agency in this regard. We are not aware of any customer dropping Supermicro as a supplier for this type of issue.
And they go on to say a lot more that categorically denies Bloomberg's claims, including denying that they even make the chips that were allegedly compromised and that these companies supposedly purchased from them.
Meanwhile, here's a complete list of Bloomberg's sources who were willing to speak on the record:
*crickets*
Seriously, just the tooling involved. Someone has to feed the pick-and-place machine.
My datacenter provides me with decomm'd hardware purchased from Facebook. SuperMicro is one of the vendors. If I knew what to look for, I would. My SuperMicro server has BMC functionality tied to the main nic. It's conceptually possible to have the same vulnerability in my platform
...in 2014.
I didn't come with a VPN because I wanted to see what my students saw. Sometimes it's not China blocking access, by the way. And before China, in Saudi Arabia, I was monitored by some entity who believed Slashdot was worth automatically downloading and my account was suspended for a time.
China does not conduct foreign wars, and its territorial disputes are slow, negotiated processes. I have never heard as much hawkish, red-scare nonsense as I have for the past year. But such cycles are not new. The loudest, bullying voices are largely the same types asserting weak people hide behind victimhood only a few years ago.
Help Us! Our elections are not safe! And it's not our fault! A Blue-wave is coming, finally, and Putin's control of our Commander-in-chief will be stopped...Just in Time! Russia is to blame! Their hackers are in control! All Russian hackers are so powerful, Zuckerberg is helpless! Jeff Bezos seems like a responsible robber baron! Twitter is necessary for democracy! And Freedom! And collecting, collating, and correlating consumer patterns to maintain quarterly projections, debt mechanisms, supremacy and exceptionalism to continue to police the world of its weapons we sold them! Mass shooting drill in the high school cafeteria! Russia causes acne! China invented wrinkles! Buy American Only! Cheap, foreign labor is not responsible for low inflation! I like three-car garages, a Winnebago, and a Jet-ski! My per-capita usage of energy, water, and sugar is ordained in Thessalonians 13:4! Gay people should still be forced to hide! Women once ruled the world and tortured men and this is the lesson of animal husbandry! The White Goddess won't let you smoke a cigar in the house! Young people might should lose their lives, or at least a limb, or two, for a reasonable capital gains tax! Elon Musk has gone too far! Alcohol may be more harmful than marijuana, but I go to work with a hang-over instead of taking a day off to *quote* smell the roses *end quote*
Would were! Should is! Could be! And live a hundred times three.
This article implies that China has the technology to implant tiny microchips during the manufacturing process. If China can do this then the NSA certainly can. And if the NSA can do it, then they are doing it already. There is a bigger story here than mere China bashing.
The government should give incentives for manufacturing chips in the USA instead of worrying about coal jobs.
Oh, just shut the fuck up you ignorant moron.
Yeah, well, nobody should be doing business with the US either, it's not like they don't do stuff like this.
In the US we are more likely to see an employee inform the press if an employer is doing stuff like this. In China, not so much.
I'd expect Bloomberg would make sure they were bulletproof on the facts, because the article has lots of potential downsides for them. They must have hardware evidence at a minimum.
For one, it will surely anger the Chinese government, an entity which holds grudges better than anyone. This story burned a lot of bridges.
For another, the various named businesses who are reported to have knowingly operated penetrated services will need to clear their reputations with their customers.
Lastly, Supermicro is very damaged by this and may get put out of business, they will be fighting for survival and will pull no punches.
Afaik, retired intelligence personnel is still bound by their oath to not disclose classified information. That makes it challenging to mount a defense, so the hardware will have to provide the needed proofs.
If you want to take credit, you have to take blame. I give 2 shits about Hilllary. What does her being a completely worthless piece of shit have to do with the current President and others in charge of the country doing everything they can to undermine American democracy and the livelihood of the American citizenry?
I wish they had shared the model of the board(s) that were compromised. It'd be interesting to see independent researchers get their hands on a few examples and look for this magic chip, maybe even reverse it.
There are tons of Supermicro boards on eBay with IPMI/BMCs, but are any of them the same as the compromised model(s)?
See Apple's Statement here: https://www.bloomberg.com/news...
Looks like Bloomberg only believes their reporter's secret sources and refuses to believe Apple when they investigate when consulted for comments and refute repeatedly the allegations.
Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
Coincidence?
Oh wait, it was actually lame.
Those aren't mutually exclusive things you know. And you posted no supporting links or data. Why am I even responding, this parent was one lazy-ass POS!
What else would they do? "Oh hey we're totally pwned guys, sorry about that." *record scratch, everyone Market Crash chicken-with-head-cut-off-to-find-non-Pwnd-servers-starts*
Not that I buy the report. But I mean, OBVIOUSLY the companies would refute it to try to save face until they have the means of going "ok, so we WERE hacked, but these hardware servers we just bought don't have the back door. OH GOD PLEASE CONTINUE TO USE OUR BUSINESS!~"
They told us we were too dumb to make our own stuff.
Then they told us that people are too expensive to make our own stuff.
Then they told us after automating the factory floor, making labor costs insignificant we have to have a monopoly or we can't compete.
I wonder what their excuse will be now why we can't make our own stuff?
Got Geometrodynamics? Awe, too hard to figure out? Too bad.
News sourced from people who knows someone familiar with the process.
Not practically possible at OEMs to large companies that design their own hardware.
Buying chips offshore is a national security risk and always has been. If you're stupid enough to think that the Chinese military won't exploit chips/software/tech products bound for the USA for their own benefit, I have a bridge I can sell you.
Of course, as always, profits before country. Can't restrict Northrop Grumman, ya know. And you can bet the current crop of republican technopeasants don't have this on their radar.
Please do not read this sig. Thank you.
Orwell was an optimist. Nation states are all posturing to see who can create the culture most similar to 1984 without anyone raising the alarm. "Boil the frog" is the new mantra for this effort - take away freedoms and security in small bites and before you know it you've lost everything.
Organization? You must be joking..
Everyone involved on both sides has come out publicly to say Bloomberg is wrong. Why are we still talking about it?
All parties involved have it in their vested interest to deny this.
All parties are required by law to deny this. It's a classified investigation which Bloomberg says is still open. According to Bloomberg's reporting, they don't just want to deny it—they have to deny it. With the Supermicro boards in question in use by the DOD and the CIA, it's quite literally a matter of national security.
LOL.
Actually, that was pretty good.
. Have to admit that I will be happy when he is booked for treason, but for dealing with China, he has done more than any president since Kennedy.
I prefer the "u" in honour as it seems to be missing these days.
I'd like to hear about mitigation. Would simply not configuring an IP address on the BMC be enough?
I generally configure whatever kind of BMC I have available on a server (such as HPE iLO or Dell iDRAC) because I like the idea of low-level remote access, but in truth I can't recall ever having used it to solve a problem.
Sorry, your annual software license has expired & you are locked out of all your files.
Please renew your annual subscription to regain access to the data files you created.
Ethnic Chinese whom have come to the USA have come primarily for financial reasons. Their loyalty to their home country remains. Some Americans refuse to acknowledge this truth.
Except for Jim Fixx.
But I agree that the Elemental thing is suspicious.
China has sodomized the US long enough. There was an interesting article on CNBC today about how this goes beyond trump. There is a Cold War and the countries of the world will eventually have to choose to be Chicom centric or US centric.
And as unlikely as it sounds, I predict a military skirmish in the South or East China Sea soon. I read yesterday we are planning on making a big show of force in the pacific, carrier battle groups transiting the straights of Taiwan and even countries in South America where the chicoms are setting up shop.
The US, a few years ago, put chips in top end printers, under the assumption that when they were exported that foreign governments would be the typical purchaser. So if you were in Iraq and wondered why that smart bomb picked your chimney it was due to the printer sending the address. Sometimes what goes around comes straight down right at your noggin.
All parties involved have it in their vested interest to deny this.
Bloomberg have vested interest to provide more than a computer animation too.
From Wikipedia.
The Associated Press reported in 2018 that "Xi is waging the most severe systematic suppression of Christianity in the country since religious freedom was written into the Chinese constitution in 1982.", which has involved "destroying crosses, burning bibles, shutting churches and ordering followers to sign papers renouncing their faith
46137
Here's the thing about an existence proof: you don't need to show the derivation, just the instance.
Pull one supermicro board with one chip that you can rev-eng, and there's proof, whether or not there are Voices Of Authority willing to admit it.
Since this BMI-interfacing chip didn't fall out of a hairnet, but was carefully placed on the boards in the manufacturing process: regardless of what actors are involved, THIS IS A SUPPLY CHAIN COMPROMISE. Anything saying otherwise is misinformation. Bloomberg might have the actors wrong (eg. USA interests could well hire Chinese nationals to make those initial bribes), but not the nature of it.
Because we remember when 'everyone involved' came out and said that the NSA wasn't spying on phone and internet traffic.
And we remember when 'everyone involved' said that ATT did not have a special room that the NSA connected into the major telco fibers all across the US.
And we remember when the government gave 'everyone involved' retro active immunity for spying on all the phone calls and internet traffic.
Like Cisco, they innovated and were great at one point, then it went to their heads and while they were politicizing everything, the other world's super power infiltrated them at the hardware level.
All they need is a DNS 'proxy' to pull that code. How many organizations fully protect and monitor their DNS infrastructure?
[comment in companion post on this topic, repeated here]: The Bloomberg link is worth reading, grain of rice -sized HW backdoor and all. Things have progressed quite a bit since 2005, when I opened up an Averatec laptop and noticed a stealth CastleNet mini comm board -- no, it wasn't on any bus or otherwise part of the architecture, it was "in the air", GLUED to the underside of the top cover, with just a cable running to the Ethernet port! Most likely injection somewhere in the supply chain. How crude, huh. What a difference 10 years can make.
And the sad part is, we knew all this 5+ years before Snowden. Everyone, even on here, flat out denied it could be happening. Now everyone is happy to upload all their data to China.
Well the article goes back to 2015.
Like they have no skin in the game, right? Their denial is fairly worthless.
I have a few Supermicro motherboards. How can I check if they are compromised? Is there some audit tool available?
https://finance.yahoo.com/char...
It might indeed be possible to require companies to deny this. But, have you read their denials? The denials are beyond complying with a legal requirement and extend to outright condemnation of Bloomberg's reporting on the matter. Have a particular look at Apple's statement and tell me again that you think they're coerced to publish that.
I'm usually very open to believing this kind of thing, but the detail of the refutations are hard to ignore in this case.
Trolls do what they do for a reaction. If you donâ(TM)t react they get bored and stop.
Some power supply chips seem to have a simple dipole antenna and receiver that works in the GHz range. It appears that the right signal would cause it it shift data into a shift register and if that matches what it is looking for, it disables the regulator feedback causing over voltage with as much current as the chip can deal with. A 200 watt transmitter in space could fry the device in a way that makes it unrepairable if it is outdoors. A 30 second burst at 20 kw from a micro-satellite transmitter would get to anything most anywhere that a GPS or mobile phone would get reception including inside computer cases.
SMCI 12,60 USD -8,80 (41,12 % down)
Unless Bloomberg comes up with hard proof this looks more like a classical crash&cash that should be awarded with RL jail time...
If they have chips embedded between the PCB layers, then there is a chip to be found, along with traces (if the chip is to be of any use). Those things are easy to detect. Something hard would be if the chips themselves were modifies, but even that is possible to detect with fuzzing. That is, the chips were modified to do *something* and you can figure out what that was (just like people have been finding "secret" opcodes on Intel chips).
"First they came for the slanderers and i said nothing."
Not everyone. You keep using that word.
"First they came for the slanderers and i said nothing."
I would have thought higher of your readership than to be sucking on those Harry Potter conspiracy lollypops. Anyone with any marginal technical prowess knows the NSA Bloomberg story is a hoax right down to the fake photos.
The simple fact is that there has never been a rice-sized microcontroller chip on a motherboard. Apple, Amazon, Super Micro have never participated in any FBI or Gov investigation in regard to Bloomberg's claim.
What is amusing, if such a device existed and it doesn't the worst possible place to send them would be Apple and Amazon where every server board is examined and bench checked and all data is analyzed. If you are going to send them someplace send them to a place that doesn't know anything.
What is Apple and Amazon doing with the servers? Selling music and apps. That environment would be useless to a spy.
Then we have the big fiction... that Government workers at the NSA are the smartest Tech heads in the world. Yikes. If you are top in your engineering class at MIT, you are not going to go to work for the NSA but you might work for Apple, Amazon, or Super Micro. Remember it was the NSA and CIA that complacently and ineptly watched the Twin towers fall to the ground on 911. Suddenly from stupid, they are now geniuses in technology and espionage. Yeah, that's how it works.
I realize that in most of your classes the Asian students are kicking your butts because your math skills suck but that is no reason to suddenly arrive at the conclusion that Asians can do the impossible with some CAD software and a soldering iron. Bloomberg's story is so past the plausible that it is intellectually insulting.
Of course, that hasn't stopped the fleas from riding the bandwagon and implying that this Bloomberg garbage is real. Yeah so are the Wizards in Harry Potter stores once you suspend reason.
When you become prone to conspiracy theories then your mind is no longer working.
In other news: phayes ( 202222 ) is an authoritarian who believes whatever someone in a position of power dictates, and brushes off any view that doesn't match the dictated view from their chosen one. Rather than form their own conclusion based on the evidence. Of which, it's too early to call on this one.
Turn in your geek card, you're done.