UK Cyber Security Agency Backs Apple, Amazon China Hack Denials

An anonymous reader quotes a report from Reuters: Britain's national cyber security agency said on Friday it had no reason to doubt the assessments made by Apple and Amazon challenging a Bloomberg report that their systems contained malicious computer chips inserted by Chinese intelligence services. "We are aware of the media reports but at this stage have no reason to doubt the detailed assessments made by AWS and Apple," said the National Cyber Security Centre, a unit of Britain's eavesdropping agency, GCHQ. AWS refers to Amazon Web Services, the company's cloud-computing unit.

"The NCSC engages confidentially with security researchers and urges anybody with credible intelligence about these reports to contact us," it said. Apple's recently retired general counsel, Bruce Sewell, told Reuters he called the FBI's then-general counsel James Baker last year after being told by Bloomberg of an open investigation into Super Micro Computer, a hardware maker whose products Bloomberg said were implanted with malicious Chinese chips. "I got on the phone with him personally and said, 'Do you know anything about this?," Sewell said of his conversation with Baker. "He said, 'I've never heard of this, but give me 24 hours to make sure.' He called me back 24 hours later and said 'Nobody here knows what this story is about.'" The U.S. Department of Homeland Security said on Saturday that it too had no reason to doubt statements from companies that have denied the Bloomberg report.

"The Department of Homeland Security is aware of the media reports of a technology supply chain compromise," DHS said in a statement. "Like our partners in the UK, the National Cyber Security Center, at this time we have no reason to doubt the statements from the companies named in the story," it said.

They contain Xeon chips

Therefore, their systems have backdoors.

Re:They contain Xeon chips

[infolation]

Yes, but. They're our backdoors.

Re:They contain Xeon chips

[ArchieBunker]

You know AMD has the exact same thing in their chips?

Re:They contain Xeon chips

[ArchieBunker]

There ya cheeky cunt https://en.wikipedia.org/wiki/...

The big short

Someone at Bloomberg shorting Supermicro stock?

Re:The big short

[cre1mer]

If Elon Musk can tank his stock with a tweet, Bloomberg can tank another company's stock with an article.

It's become clear

This "Chinese cyber attack" is just a fake story planted by the Trump administration. It's the first step in blaming upcoming election rigging on China instead of our good friend Putin, who will be doing all he can to subvert the outcome.

Expect more manufactured evidence in the near future. Yellowcake anyone?

Re:It's become clear

[hey!]

You're confusing issues here. Believe it or not, not everything is about Trump.

Now we have to assume any hostile country which *could* interfere with our elections would. The thing is nobody has produced any evidence that China has done so. We know for a fact that both psy-ops and hacking operations out of Russia have targeted US political systems. If evidence emerged that China was doing so we'd have to take it seriously, but all indications are that China remains focused on economic and technological espionage, which makes geopolitical sense.

Russia is a third rate power and third rate economy trying to maintain the status it had as the core of the old Soviet empire; and it's run by an old time KGB ratf*cker. China doesn't have to play that dangerous game; all it has to do is bide its time and build its strength, and it will displace the US as the dominant military and economic power on the planet.

Re: It's become clear

[reanjr]

Or, the Trump administration is trying to make Bloomberg look like fake news.

Re:It's become clear

[Plumpaquatsch]

You're confusing issues here. Believe it or not, not everything is about Trump.

But that's what Trump keeps saying. You mean he's lying?

Careful wording

[93+Escort+Wagon]

First - given the unusually specific, no-bones-about-it wording used by Apple in their denial, I believe their statement. Some of the other companies, though, seemed to be giving themselves a bit of maneuvering room.

But both the UK’s and US’s spy agency statements basically just say “we have seen no evidence as of yet”. It’s a very careful statement which doesn’t really mean much.

Re:Careful wording

[SNRatio]

In the US, can companies be granted immunity from civil suits if they lie to investors under direction of FBI, NSA, MIB, etc.? I know, warrant canaries. But if at some point the government became able to compel falsification of warrant canaries, would we ever know absent discovery in a shareholder lawsuit that was made public?

Re:Careful wording

[MikeMo]

I don’t think the FBI or any other agency can legally force a corporation to lie. IANAL, but I have seen that stated in the past.

Re:Careful wording

[AHuxley]

Even after PRISM a lot of trusted US brands gave "no-bones-about-it wording".

Re:Careful wording

Not quite. The wording with PRISM denials was a bit more ambiguous, e.g. we have never given government agencies "direct" access to data, etc. Google stated "From time to time, people allege that we have created a government ‘back door‘ into our systems, but Google does not have a ‘back door’ for the government to access private user data." Yeah that's because Google didn't create the back door, the government did.

Here Apple and Amazon seem to be much more categorically denying such allegations that their servers were hacked or that there's any evidence that there was a chip on the board was found by them or even that they were in contact with government intelligence agencies.

Anyways, it simply could be Trump trying to look better for the elections by getting Russia off his back, and saying to look at China and all the awful things they are doing. Not only are the Chinese fighting back when it comes to tariffs, they are trying to influence elections by taking out an op.ed. article out in a newspaper. Now they are saying that they are awful by hacking our major corporations. Of course the major corporations listed are the ones that Trump hates the most. Bezos's Amazon, which he hates because they own Wapo, and Apple. So he doesn't care if their stocks tank.

Re:Careful wording

[thegarbz]

It’s a very careful statement which doesn’t really mean much.

No it's not. It's a specific statement which means exactly what it says. You won't get outright denials from anyone as it would be stupid to deny this as it falls into the classic category of trying to prove a negative.

Can you prove a negative? Can you say right now that your computer doesn't have any malware on it? I'm sure you can say that you've not seen any evidence of malware, but can you *prove* it?

No, this IS a Trump related issue on that basis

"The thing is nobody has produced any evidence that China has done so" Yet Trump asserts it happened without evidence, continues to deny Putin meddled which directly put Trump in power. = Trump is beholden to Putin, period.

Re:No, this IS a Trump related issue on that basis

[hey!]

I'm not disputing that, but it has nothing to do with the chips in Apple's servers.

Need help from nerds

[TomGreenhaw]

I have a number of Supermicro servers. I spent Friday poring over Wireshark logs looking for evidence of any kind of a command and control connection. I found nothing.

I don't trust Bloomberg for technical issues like this.

Any ideas what I should be looking for?

Re:Need help from nerds

[BenJeremy]

The chips were for inserting exploitable code/backdoors into firmware. There will be no "command and control" going on unless somebody targets your box.

6 pins... PIC chips were used for something similar 20 years ago for Playstations - inserting a sequence along a serial line. In this case, probably intercepting/modifying something on a JTAG line or an I2C bus. It might even be sophisticated enough to return the original bit of code it was meant to replace on a flash memory read (if done serially). It requires explicit knowledge of the hardware and software, and likely was enabled by insiders (as was the design that allowed them to install the chip)

Re:Need help from nerds

[TomGreenhaw]

Thanks for the response. I'm looking for something specific to look for. I have Supermicro servers that I'm will to tear down and test. All I've heard so far is unsubstantiated theories.

Re:Need help from nerds

[dissy]

Without intimate knowledge on the circuit boards original design, it would be next to impossible to find anything differing from the original.
In other words you would need a before and after to compare with each other.

The SuperMicro systems you and I have were designed to be sold to the general public, so there's next to no way in hell SM will be giving out their board layout files.

That's part of the stories problem, it explicitly names a few huge cloud providers who ARE privy to such info.
Perhaps a more basic or even a special model, but Apple and Amazon make their own huge customization to those designs to send back to SM and essentially order millions of them to be made.

Bloomberg is claiming some of his anonymous sources are involved with those companies and designing their custom systems, so in those companies cases they do have a "before" cad file to start from.
The anonymous sources are making claims that the original custom cad file and the actual manufactured servers they order differ from each other by this one chip.

So unless you work at a company large enough to get this kind of treatment from manufacturers like super micro, there's no way for us to know. And if you are, go talk to your engineers, they likely already did this with numerous machines and beat you to the punch.

Super micro could know by comparing their cad files to what's being sold, presuming they aren't in on this officially. I'd say either option would destroy their reputation so badly however it's unlikely they would admit it even if they weren't involved but found out, and zero chance they would admit it if they were involved.

Re:Need help from nerds

[jtara]

As others have stated, it's nothing you're likely to discover.

It would be absolutely silly to establish a nailed-up (or even periodic) command-and-control connection. Too easy to find.

It would likely do something at a per-determined time, after so many hours of operation, etc. to insure it passed all pre-installation checks. Maybe e.g. on the 2nd firmware update, add a little something "extra".

Curious if your servers have a separate Ethernet port for the management processor? If not, that's a major security concern. I read in an article in EDN that many do not.

Haven't dealt with servers in a long time - I am a software developer. Last time I did, they were IBM servers, in the early 2000's. At the time, it was an optional management board, and had it's own Ethernet port. (As well as serial, for connecting to a modem.) If you disconnect the Ethernet cable from the management board, or remove the management board, you can be pretty sure there's no command-and-control implemented by that route! ;)

Anyway, from what I get from the Bloomberg article, you're looking for a small surface-mount component that looks like a capacitor, choke, filter, resister, transistor. A very small component that looks exactly like all the other very small components littering the circuit board.

I speculate it might be inductively coupled to an I2C bus, etc. through some clever circuit board mis-design.

Re:Need help from nerds

[AHuxley]

The "designed to ping anonymous computers on the internet for further instructions" and "computers to identify others who’d been affected" would allow US experts the discovery part.

That why most more advance nations use collection methods to get data out that will never get seen on the "internet".

Re:Need help from nerds

[TomGreenhaw]

Q) Curious if your servers have a separate Ethernet port for the management processor?
A) Yes, all our HP and SuperMicro Servers have a separate management port that we do not use. We don't have that many to manage.

In Other News

The ISIS news organization of Afghanistan vehemently agrees with the statements of the US corporations, saying: "Although we lack we capability of unobstructed travel to the said facilities where these systems have supposedly been installed and physical access to the affected systems boards, we see no reason not to vehemently agree with the statements made relating to this issue."