UK Cyber Security Agency Backs Apple, Amazon China Hack Denials

An anonymous reader quotes a report from Reuters: Britain's national cyber security agency said on Friday it had no reason to doubt the assessments made by Apple and Amazon challenging a Bloomberg report that their systems contained malicious computer chips inserted by Chinese intelligence services. "We are aware of the media reports but at this stage have no reason to doubt the detailed assessments made by AWS and Apple," said the National Cyber Security Centre, a unit of Britain's eavesdropping agency, GCHQ. AWS refers to Amazon Web Services, the company's cloud-computing unit.

"The NCSC engages confidentially with security researchers and urges anybody with credible intelligence about these reports to contact us," it said. Apple's recently retired general counsel, Bruce Sewell, told Reuters he called the FBI's then-general counsel James Baker last year after being told by Bloomberg of an open investigation into Super Micro Computer, a hardware maker whose products Bloomberg said were implanted with malicious Chinese chips. "I got on the phone with him personally and said, 'Do you know anything about this?," Sewell said of his conversation with Baker. "He said, 'I've never heard of this, but give me 24 hours to make sure.' He called me back 24 hours later and said 'Nobody here knows what this story is about.'" The U.S. Department of Homeland Security said on Saturday that it too had no reason to doubt statements from companies that have denied the Bloomberg report.

"The Department of Homeland Security is aware of the media reports of a technology supply chain compromise," DHS said in a statement. "Like our partners in the UK, the National Cyber Security Center, at this time we have no reason to doubt the statements from the companies named in the story," it said.

They contain Xeon chips

Therefore, their systems have backdoors.

Re:They contain Xeon chips

[infolation]

Yes, but. They're our backdoors.

Re:They contain Xeon chips

U.S. and China are not our enemies but unwanted spies.

They enforced to insert backdoors to Intel and AMD chips that the consumers are not consent after paid by their chips.

The backdoors are the the back doors for entering malicious code.

Re:They contain Xeon chips

[ArchieBunker]

You know AMD has the exact same thing in their chips?

Re:They contain Xeon chips

AMD has Intel Management Engine too? crazy.

Re:They contain Xeon chips

[ArchieBunker]

There ya cheeky cunt https://en.wikipedia.org/wiki/...

The big short

Someone at Bloomberg shorting Supermicro stock?

Re:The big short

[cre1mer]

If Elon Musk can tank his stock with a tweet, Bloomberg can tank another company's stock with an article.

Re:The big short

You tanked your YouTube channel with 150 sock pocket accounts and about ten thousand comments on Slashdot.

Re:The big short

Did anyone else read that as "Elon Musk can yank his cock with a twink" and do a double take?

Re:The big short

You get that with the coffee mug and factory tour when you buy a high-end Tesla.

It's become clear

This "Chinese cyber attack" is just a fake story planted by the Trump administration. It's the first step in blaming upcoming election rigging on China instead of our good friend Putin, who will be doing all he can to subvert the outcome.

Expect more manufactured evidence in the near future. Yellowcake anyone?

Re:It's become clear

[hey!]

You're confusing issues here. Believe it or not, not everything is about Trump.

Now we have to assume any hostile country which *could* interfere with our elections would. The thing is nobody has produced any evidence that China has done so. We know for a fact that both psy-ops and hacking operations out of Russia have targeted US political systems. If evidence emerged that China was doing so we'd have to take it seriously, but all indications are that China remains focused on economic and technological espionage, which makes geopolitical sense.

Russia is a third rate power and third rate economy trying to maintain the status it had as the core of the old Soviet empire; and it's run by an old time KGB ratf*cker. China doesn't have to play that dangerous game; all it has to do is bide its time and build its strength, and it will displace the US as the dominant military and economic power on the planet.

Re: It's become clear

[reanjr]

Or, the Trump administration is trying to make Bloomberg look like fake news.

Re:It's become clear

[Plumpaquatsch]

You're confusing issues here. Believe it or not, not everything is about Trump.

But that's what Trump keeps saying. You mean he's lying?

Stock market scam?

Maybe the whole thing is an elaborate stock market scam. Disrupt stock prices, make big profit for self and friends, then pay whatever pittance the SEC sanctions them with. ... rinse and repeat ...

Right. And DoD Don't Touch Huwai/ZTE because

of nothing. Right. Even Trump ain't that stupid. Looses lots of money, but pappy Trump was always there to bail him out. But not stupid. Demented? Sure. He's an old fat toadstoo! fuck. Not as nutty as Pence. Have you ever listened to that guy? Old men. Should be put out to pasture. Same with old women. I'm talking to you Maine.

Careful wording

[93+Escort+Wagon]

First - given the unusually specific, no-bones-about-it wording used by Apple in their denial, I believe their statement. Some of the other companies, though, seemed to be giving themselves a bit of maneuvering room.

But both the UK’s and US’s spy agency statements basically just say “we have seen no evidence as of yet”. It’s a very careful statement which doesn’t really mean much.

Re:Careful wording

[SNRatio]

In the US, can companies be granted immunity from civil suits if they lie to investors under direction of FBI, NSA, MIB, etc.? I know, warrant canaries. But if at some point the government became able to compel falsification of warrant canaries, would we ever know absent discovery in a shareholder lawsuit that was made public?

Re: Careful wording

If you believe Apple's statements about anything, you've already proven yourself to be an idiot. That company lives and breathes by reputation.

Re:Careful wording

[MikeMo]

I don’t think the FBI or any other agency can legally force a corporation to lie. IANAL, but I have seen that stated in the past.

Re: Careful wording

No, there is no such exception when it comes to the market. The constitution protects everyone from compelled speech.

Re:Careful wording

[AHuxley]

Even after PRISM a lot of trusted US brands gave "no-bones-about-it wording".

Re:Careful wording

Not quite. The wording with PRISM denials was a bit more ambiguous, e.g. we have never given government agencies "direct" access to data, etc. Google stated "From time to time, people allege that we have created a government ‘back door‘ into our systems, but Google does not have a ‘back door’ for the government to access private user data." Yeah that's because Google didn't create the back door, the government did.

Here Apple and Amazon seem to be much more categorically denying such allegations that their servers were hacked or that there's any evidence that there was a chip on the board was found by them or even that they were in contact with government intelligence agencies.

Anyways, it simply could be Trump trying to look better for the elections by getting Russia off his back, and saying to look at China and all the awful things they are doing. Not only are the Chinese fighting back when it comes to tariffs, they are trying to influence elections by taking out an op.ed. article out in a newspaper. Now they are saying that they are awful by hacking our major corporations. Of course the major corporations listed are the ones that Trump hates the most. Bezos's Amazon, which he hates because they own Wapo, and Apple. So he doesn't care if their stocks tank.

Re:Careful wording

[thegarbz]

It’s a very careful statement which doesn’t really mean much.

No it's not. It's a specific statement which means exactly what it says. You won't get outright denials from anyone as it would be stupid to deny this as it falls into the classic category of trying to prove a negative.

Can you prove a negative? Can you say right now that your computer doesn't have any malware on it? I'm sure you can say that you've not seen any evidence of malware, but can you *prove* it?

Little Details

It's a totally true statement that Supermicro is not placing backdoors for the Chinese into their products.

For Western governments like the increasingly-Orwellian UK and the US hot on it's Big-Brother surveillance-State heels?

Not so much.

Re: Rape a Conservative today

But they have a gun and a CC permit by choice. By all means Darwin yourself, the gene-pool is in dire need of a good skimming to remove regressive scum.

No surprises

They will never admit their brand new Queen Elizabeth aircraft carriers have a Chinese kill switch or backdoor built into all of its servers. Never.

Apple will never admit they bought those things either.

Amazon is the same. They provide cloud services to the US DoD, therefore they will never admit it because it would terrible for business.

Letâ(TM)s just assume its true and wait until someone finds one of these to examine at one of those companies that sells used servers.

No, this IS a Trump related issue on that basis

"The thing is nobody has produced any evidence that China has done so" Yet Trump asserts it happened without evidence, continues to deny Putin meddled which directly put Trump in power. = Trump is beholden to Putin, period.

Re:No, this IS a Trump related issue on that basis

[hey!]

I'm not disputing that, but it has nothing to do with the chips in Apple's servers.

Re:No, this IS a Trump related issue on that basis

Pretty sure that it is not Russia but ISRAEL that has the "goods" on Trump.
EVERYTHING that Israel wants, Israel has GOT from Trump.
Russia has got NOTHING.
If their are photos of Trump with urinating Russian girls it IS Israel that has them, not Russia !

Need help from nerds

[TomGreenhaw]

I have a number of Supermicro servers. I spent Friday poring over Wireshark logs looking for evidence of any kind of a command and control connection. I found nothing.

I don't trust Bloomberg for technical issues like this.

Any ideas what I should be looking for?

Re:Need help from nerds

[BenJeremy]

The chips were for inserting exploitable code/backdoors into firmware. There will be no "command and control" going on unless somebody targets your box.

6 pins... PIC chips were used for something similar 20 years ago for Playstations - inserting a sequence along a serial line. In this case, probably intercepting/modifying something on a JTAG line or an I2C bus. It might even be sophisticated enough to return the original bit of code it was meant to replace on a flash memory read (if done serially). It requires explicit knowledge of the hardware and software, and likely was enabled by insiders (as was the design that allowed them to install the chip)

Re:Need help from nerds

[TomGreenhaw]

Thanks for the response. I'm looking for something specific to look for. I have Supermicro servers that I'm will to tear down and test. All I've heard so far is unsubstantiated theories.

Re:Need help from nerds

[dissy]

Without intimate knowledge on the circuit boards original design, it would be next to impossible to find anything differing from the original.
In other words you would need a before and after to compare with each other.

The SuperMicro systems you and I have were designed to be sold to the general public, so there's next to no way in hell SM will be giving out their board layout files.

That's part of the stories problem, it explicitly names a few huge cloud providers who ARE privy to such info.
Perhaps a more basic or even a special model, but Apple and Amazon make their own huge customization to those designs to send back to SM and essentially order millions of them to be made.

Bloomberg is claiming some of his anonymous sources are involved with those companies and designing their custom systems, so in those companies cases they do have a "before" cad file to start from.
The anonymous sources are making claims that the original custom cad file and the actual manufactured servers they order differ from each other by this one chip.

So unless you work at a company large enough to get this kind of treatment from manufacturers like super micro, there's no way for us to know. And if you are, go talk to your engineers, they likely already did this with numerous machines and beat you to the punch.

Super micro could know by comparing their cad files to what's being sold, presuming they aren't in on this officially. I'd say either option would destroy their reputation so badly however it's unlikely they would admit it even if they weren't involved but found out, and zero chance they would admit it if they were involved.

Re:Need help from nerds

[jtara]

As others have stated, it's nothing you're likely to discover.

It would be absolutely silly to establish a nailed-up (or even periodic) command-and-control connection. Too easy to find.

It would likely do something at a per-determined time, after so many hours of operation, etc. to insure it passed all pre-installation checks. Maybe e.g. on the 2nd firmware update, add a little something "extra".

Curious if your servers have a separate Ethernet port for the management processor? If not, that's a major security concern. I read in an article in EDN that many do not.

Haven't dealt with servers in a long time - I am a software developer. Last time I did, they were IBM servers, in the early 2000's. At the time, it was an optional management board, and had it's own Ethernet port. (As well as serial, for connecting to a modem.) If you disconnect the Ethernet cable from the management board, or remove the management board, you can be pretty sure there's no command-and-control implemented by that route! ;)

Anyway, from what I get from the Bloomberg article, you're looking for a small surface-mount component that looks like a capacitor, choke, filter, resister, transistor. A very small component that looks exactly like all the other very small components littering the circuit board.

I speculate it might be inductively coupled to an I2C bus, etc. through some clever circuit board mis-design.

Re:Need help from nerds

[AHuxley]

The "designed to ping anonymous computers on the internet for further instructions" and "computers to identify others who’d been affected" would allow US experts the discovery part.

That why most more advance nations use collection methods to get data out that will never get seen on the "internet".

Re:Need help from nerds

The animation in the blumberg article looks like a blade-style mobi, so if you have those, then watch the animation and follow along. Otherwise...? Just look for something fishy? Lol good luck with that.

Re:Need help from nerds

Still waiting for Super Micro's response to this. I really don't care about Apple or Amazon or the US-UK agency response to this. All their responses have been pretty vague to avoid any legal justification, just in case they were compromised (With these worded responses, it seems likely they were compromised sometime in the past).

After all, it's their damn product that's in question here and none of these responses are making me any more comfortable with their product line being compromised on the factory floor and management level. So far, SuperMicro's response to this has been nill. China has more than enough technical knowledge to pull this off and they have complete access to SuperMicro's factory without letting anyone know about it, because everyone in China is afraid of government officials, so employees are easy to manipulate or bribe.

I've been to China, been inside factories and I know how easy it is to compromise any corporate security, especially if you're government or have friends in high places. You can have the best security in the world over there, but when that person shows up, they ALL back off and let you do whatever you want. It's literally like royalty has arrived. And unless they have some westerners in the facility to be able to call and complain back home (And safely leave the country), no one will ever know.

Re:Need help from nerds

[TomGreenhaw]

Q) Curious if your servers have a separate Ethernet port for the management processor?
A) Yes, all our HP and SuperMicro Servers have a separate management port that we do not use. We don't have that many to manage.

In Other News

The ISIS news organization of Afghanistan vehemently agrees with the statements of the US corporations, saying: "Although we lack we capability of unobstructed travel to the said facilities where these systems have supposedly been installed and physical access to the affected systems boards, we see no reason not to vehemently agree with the statements made relating to this issue."

Of course, what alternative do they have?

This is pure PR spin. Ignore the issue, and it will die in time. If true then Amazon and Apple have some explaining to do...not the least of which would be a loss of CIA money, and exposing themselves to huge class action lawsuits. Nothing to see hear, what chips, what information..., Mueller..., Mueller..., Mueller.

CISCO hates competition

https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/

Apple & Amazon

While their assertions are hard to verify, if found contrary they would be in a heap of trouble. Plausible denial perhaps. But if anyone knows and Snowden scenario leaks then lawyers get richer.

Heat + lines + bollocks

"find anything differing from the original"

It's supposed to be a signal conditioner with network access and processor in it, an XRay should reveal it, as should a heat camera even without tracing lines on the PCB. If there are 50 of these, you're looking for the one with power lines and according to BenJeremy, I2C lines, but then how does it get network access or modify the OS to 'make it modifiable' (as per the article) if its I2C?

This is supposed to be a known thing for the last 3 years by the major companies, and yet the leak goes to Bloomberg and once the story is broke, everyone continues to hush up?

"Super micro could know by comparing their cad files to what's being sold... "
If its not on every board, YOU or I could simply compare two boards for the difference, if it IS on every board YOU or I could grab one of these Supermicro boards and take a look for the chip.

IMHO, you comment seeks to pretend it would be too difficult to find this chip, which is bollocks.

Re: Rape a Conservative today

You know, this kind of overreaction and twisting of reality is what got us Trump to start with. Keep it up, candyass, and we'll end up with his retarded ass for another 6 years instead of two.

For now

Till they decide otherwise, and brick all the already repaired and currently working MacBooks

malicious product

Only it is not Supermicro servers or imaginary Chinese spy chips but Bloomberg news

Even more reason to doubt them then

The UK is the dirty deep state.

Unless it was Tyan...

Supermicro already had a big issue with their Quad and maybe Dual G34 boards when running full banks of memory. They would either fail to detect or fail to run with all memory slots in use due to issues in the motherboard design. Given that people buying those boards wanted them for the 512GB/1TB of memory capacity they offered, it was a pretty big issue.