Big Hack How China Used Tiny Chip to Infiltrate US Companies

Moderators: DrVolin, 82_28, Elvis, Jeff

Big Hack How China Used Tiny Chip to Infiltrate US Companies

Postby seemslikeadream » Thu Oct 04, 2018 10:35 am

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.

By Jordan Robertson and Michael Riley October 4, 2018, 4:00 AM CDT

In 2015, Inc. began quietly evaluating a startup called Elemental Technologies, a potential acquisition to help with a major expansion of its streaming video service, known today as Amazon Prime Video. Based in Portland, Ore., Elemental made software for compressing massive video files and formatting them for different devices. Its technology had helped stream the Olympic Games online, communicate with the International Space Station, and funnel drone footage to the Central Intelligence Agency. Elemental’s national security contracts weren’t the main reason for the proposed acquisition, but they fit nicely with Amazon’s government businesses, such as the highly secure cloud that Amazon Web Services (AWS) was building for the CIA.
To help with due diligence, AWS, which was overseeing the prospective acquisition, hired a third-party company to scrutinize Elemental’s security, according to one person familiar with the process. The first pass uncovered troubling issues, prompting AWS to take a closer look at Elemental’s main product: the expensive servers that customers installed in their networks to handle the video compression. These servers were assembled for Elemental by Super Micro Computer Inc., a San Jose-based company (commonly known as Supermicro) that’s also one of the world’s biggest suppliers of server motherboards, the fiberglass-mounted clusters of chips and capacitors that act as the neurons of data centers large and small. In late spring of 2015, Elemental’s staff boxed up several servers and sent them to Ontario, Canada, for the third-party security company to test, the person says.

Featured in Bloomberg Businessweek, Oct. 8, 2018. Subscribe now.PHOTOGRAPHER: VICTOR PRADO FOR BLOOMBERG BUSINESSWEEK
Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.
During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.
This attack was something graver than the software-based incidents the world has grown accustomed to seeing. Hardware hacks are more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get.
“Having a well-done, nation-state-level hardware implant surface would be like witnessing a unicorn jumping over a rainbow”
There are two ways for spies to alter the guts of computer equipment. One, known as interdiction, consists of manipulating devices as they’re in transit from manufacturer to customer. This approach is favored by U.S. spy agencies, according to documents leaked by former National Security Agency contractor Edward Snowden. The other method involves seeding changes from the very beginning.
One country in particular has an advantage executing this kind of attack: China, which by some estimates makes 75 percent of the world’s mobile phones and 90 percent of its PCs. Still, to actually accomplish a seeding attack would mean developing a deep understanding of a product’s design, manipulating components at the factory, and ensuring that the doctored devices made it through the global logistics chain to the desired location—a feat akin to throwing a stick in the Yangtze River upstream from Shanghai and ensuring that it washes ashore in Seattle. “Having a well-done, nation-state-level hardware implant surface would be like witnessing a unicorn jumping over a rainbow,” says Joe Grand, a hardware hacker and the founder of Grand Idea Studio Inc. “Hardware is just so far off the radar, it’s almost treated like black magic.”
But that’s just what U.S. investigators found: The chips had been inserted during the manufacturing process, two officials say, by operatives from a unit of the People’s Liberation Army. In Supermicro, China’s spies appear to have found a perfect conduit for what U.S. officials now describe as the most significant supply chain attack known to have been carried out against American companies.
One official says investigators found that it eventually affected almost 30 companies, including a major bank, government contractors, and the world’s most valuable company, Apple Inc. Apple was an important Supermicro customer and had planned to order more than 30,000 of its servers in two years for a new global network of data centers. Three senior insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards. Apple severed ties with Supermicro the following year, for what it described as unrelated reasons.

In emailed statements, Amazon (which announced its acquisition of Elemental in September 2015), Apple, and Supermicro disputed summaries of Bloomberg Businessweek’s reporting. “It’s untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental,” Amazon wrote. “On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server,” Apple wrote. “We remain unaware of any such investigation,” wrote a spokesman for Supermicro, Perry Hayes. The Chinese government didn’t directly address questions about manipulation of Supermicro servers, issuing a statement that read, in part, “Supply chain safety in cyberspace is an issue of common concern, and China is also a victim.” The FBI and the Office of the Director of National Intelligence, representing the CIA and NSA, declined to comment.
Read: Statements from Amazon, Apple, Supermicro and Beijing
The companies’ denials are countered by six current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government’s investigation. One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon; the official and one of the insiders also described Amazon’s cooperation with the government investigation. In addition to the three Apple insiders, four of the six U.S. officials confirmed that Apple was a victim. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks. The sources were granted anonymity because of the sensitive, and in some cases classified, nature of the information.
One government official says China’s goal was long-term access to high-value corporate secrets and sensitive government networks. No consumer data is known to have been stolen.
The ramifications of the attack continue to play out. The Trump administration has made computer and networking hardware, including motherboards, a focus of its latest round of trade sanctions against China, and White House officials have made it clear they think companies will begin shifting their supply chains to other countries as a result. Such a shift might assuage officials who have been warning for years about the security of the supply chain—even though they’ve never disclosed a major reason for their concerns.
How the Hack Worked, According to U.S. Officials

Illustrator: Scott Gelber
Back in 2006, three engineers in Oregon had a clever idea. Demand for mobile video was about to explode, and they predicted that broadcasters would be desperate to transform programs designed to fit TV screens into the various formats needed for viewing on smartphones, laptops, and other devices. To meet the anticipated demand, the engineers started Elemental Technologies, assembling what one former adviser to the company calls a genius team to write code that would adapt the superfast graphics chips being produced for high-end video-gaming machines. The resulting software dramatically reduced the time it took to process large video files. Elemental then loaded the software onto custom-built servers emblazoned with its leprechaun-green logos.
Elemental servers sold for as much as $100,000 each, at profit margins of as high as 70 percent, according to a former adviser to the company. Two of Elemental’s biggest early clients were the Mormon church, which used the technology to beam sermons to congregations around the world, and the adult film industry, which did not.
Elemental also started working with American spy agencies. In 2009 the company announced a development partnership with In-Q-Tel Inc., the CIA’s investment arm, a deal that paved the way for Elemental servers to be used in national security missions across the U.S. government. Public documents, including the company’s own promotional materials, show that the servers have been used inside Department of Defense data centers to process drone and surveillance-camera footage, on Navy warships to transmit feeds of airborne missions, and inside government buildings to enable secure videoconferencing. NASA, both houses of Congress, and the Department of Homeland Security have also been customers. This portfolio made Elemental a target for foreign adversaries.

Supermicro had been an obvious choice to build Elemental’s servers. Headquartered north of San Jose’s airport, up a smoggy stretch of Interstate 880, the company was founded by Charles Liang, a Taiwanese engineer who attended graduate school in Texas and then moved west to start Supermicro with his wife in 1993. Silicon Valley was then embracing outsourcing, forging a pathway from Taiwanese, and later Chinese, factories to American consumers, and Liang added a comforting advantage: Supermicro’s motherboards would be engineered mostly in San Jose, close to the company’s biggest clients, even if the products were manufactured overseas.
Today, Supermicro sells more server motherboards than almost anyone else. It also dominates the $1 billion market for boards used in special-purpose computers, from MRI machines to weapons systems. Its motherboards can be found in made-to-order server setups at banks, hedge funds, cloud computing providers, and web-hosting services, among other places. Supermicro has assembly facilities in California, the Netherlands, and Taiwan, but its motherboards—its core product—are nearly all manufactured by contractors in China.
The company’s pitch to customers hinges on unmatched customization, made possible by hundreds of full-time engineers and a catalog encompassing more than 600 designs. The majority of its workforce in San Jose is Taiwanese or Chinese, and Mandarin is the preferred language, with hanzi filling the whiteboards, according to six former employees. Chinese pastries are delivered every week, and many routine calls are done twice, once for English-only workers and again in Mandarin. The latter are more productive, according to people who’ve been on both. These overseas ties, especially the widespread use of Mandarin, would have made it easier for China to gain an understanding of Supermicro’s operations and potentially to infiltrate the company. (A U.S. official says the government’s probe is still examining whether spies were planted inside Supermicro or other American companies to aid the attack.)
With more than 900 customers in 100 countries by 2015, Supermicro offered inroads to a bountiful collection of sensitive targets. “Think of Supermicro as the Microsoft of the hardware world,” says a former U.S. intelligence official who’s studied Supermicro and its business model. “Attacking Supermicro motherboards is like attacking Windows. It’s like attacking the whole world.”
The security of the global technology supply chain had been compromised, even if consumers and most companies didn’t know it yet
Well before evidence of the attack surfaced inside the networks of U.S. companies, American intelligence sources were reporting that China’s spies had plans to introduce malicious microchips into the supply chain. The sources weren’t specific, according to a person familiar with the information they provided, and millions of motherboards are shipped into the U.S. annually. But in the first half of 2014, a different person briefed on high-level discussions says, intelligence officials went to the White House with something more concrete: China’s military was preparing to insert the chips into Supermicro motherboards bound for U.S. companies.
The specificity of the information was remarkable, but so were the challenges it posed. Issuing a broad warning to Supermicro’s customers could have crippled the company, a major American hardware maker, and it wasn’t clear from the intelligence whom the operation was targeting or what its ultimate aims were. Plus, without confirmation that anyone had been attacked, the FBI was limited in how it could respond. The White House requested periodic updates as information came in, the person familiar with the discussions says.
Apple made its discovery of suspicious chips inside Supermicro servers around May 2015, after detecting odd network activity and firmware problems, according to a person familiar with the timeline. Two of the senior Apple insiders say the company reported the incident to the FBI but kept details about what it had detected tightly held, even internally. Government investigators were still chasing clues on their own when Amazon made its discovery and gave them access to sabotaged hardware, according to one U.S. official. This created an invaluable opportunity for intelligence agencies and the FBI—by then running a full investigation led by its cyber- and counterintelligence teams—to see what the chips looked like and how they worked.
The chips on Elemental servers were designed to be as inconspicuous as possible, according to one person who saw a detailed report prepared for Amazon by its third-party security contractor, as well as a second person who saw digital photos and X-ray images of the chips incorporated into a later report prepared by Amazon’s security team. Gray or off-white in color, they looked more like signal conditioning couplers, another common motherboard component, than microchips, and so they were unlikely to be detectable without specialized equipment. Depending on the board model, the chips varied slightly in size, suggesting that the attackers had supplied different factories with different batches.

Officials familiar with the investigation say the primary role of implants such as these is to open doors that other attackers can go through. “Hardware attacks are about access,” as one former senior official puts it. In simplified terms, the implants on Supermicro hardware manipulated the core operating instructions that tell the server what to do as data move across a motherboard, two people familiar with the chips’ operation say. This happened at a crucial moment, as small bits of the operating system were being stored in the board’s temporary memory en route to the server’s central processor, the CPU. The implant was placed on the board in a way that allowed it to effectively edit this information queue, injecting its own code or altering the order of the instructions the CPU was meant to follow. Deviously small changes could create disastrous effects.
Since the implants were small, the amount of code they contained was small as well. But they were capable of doing two very important things: telling the device to communicate with one of several anonymous computers elsewhere on the internet that were loaded with more complex code; and preparing the device’s operating system to accept this new code. The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off.
This system could let the attackers alter how the device functioned, line by line, however they wanted, leaving no one the wiser. To understand the power that would give them, take this hypothetical example: Somewhere in the Linux operating system, which runs in many servers, is code that authorizes a user by verifying a typed password against a stored encrypted one. An implanted chip can alter part of that code so the server won’t check for a password—and presto! A secure machine is open to any and all users. A chip can also steal encryption keys for secure communications, block security updates that would neutralize the attack, and open up new pathways to the internet. Should some anomaly be noticed, it would likely be cast as an unexplained oddity. “The hardware opens whatever door it wants,” says Joe FitzPatrick, founder of Hardware Security Resources LLC, a company that trains cybersecurity professionals in hardware hacking techniques.
U.S. officials had caught China experimenting with hardware tampering before, but they’d never seen anything of this scale and ambition. The security of the global technology supply chain had been compromised, even if consumers and most companies didn’t know it yet. What remained for investigators to learn was how the attackers had so thoroughly infiltrated Supermicro’s production process—and how many doors they’d opened into American targets.
Unlike software-based hacks, hardware manipulation creates a real-world trail. Components leave a wake of shipping manifests and invoices. Boards have serial numbers that trace to specific factories. To track the corrupted chips to their source, U.S. intelligence agencies began following Supermicro’s serpentine supply chain in reverse, a person briefed on evidence gathered during the probe says.
As recently as 2016, according to DigiTimes, a news site specializing in supply chain research, Supermicro had three primary manufacturers constructing its motherboards, two headquartered in Taiwan and one in Shanghai. When such suppliers are choked with big orders, they sometimes parcel out work to subcontractors. In order to get further down the trail, U.S. spy agencies drew on the prodigious tools at their disposal. They sifted through communications intercepts, tapped informants in Taiwan and China, even tracked key individuals through their phones, according to the person briefed on evidence gathered during the probe. Eventually, that person says, they traced the malicious chips to four subcontracting factories that had been building Supermicro motherboards for at least two years.
As the agents monitored interactions among Chinese officials, motherboard manufacturers, and middlemen, they glimpsed how the seeding process worked. In some cases, plant managers were approached by people who claimed to represent Supermicro or who held positions suggesting a connection to the government. The middlemen would request changes to the motherboards’ original designs, initially offering bribes in conjunction with their unusual requests. If that didn’t work, they threatened factory managers with inspections that could shut down their plants. Once arrangements were in place, the middlemen would organize delivery of the chips to the factories.
The investigators concluded that this intricate scheme was the work of a People’s Liberation Army unit specializing in hardware attacks, according to two people briefed on its activities. The existence of this group has never been revealed before, but one official says, “We’ve been tracking these guys for longer than we’d like to admit.” The unit is believed to focus on high-priority targets, including advanced commercial technology and the computers of rival militaries. In past attacks, it targeted the designs for high-performance computer chips and computing systems of large U.S. internet providers.

Provided details of Businessweek’s reporting, China’s Ministry of Foreign Affairs sent a statement that said “China is a resolute defender of cybersecurity.” The ministry added that in 2011, China proposed international guarantees on hardware security along with other members of the Shanghai Cooperation Organization, a regional security body. The statement concluded, “We hope parties make less gratuitous accusations and suspicions but conduct more constructive talk and collaboration so that we can work together in building a peaceful, safe, open, cooperative and orderly cyberspace.”
The Supermicro attack was on another order entirely from earlier episodes attributed to the PLA. It threatened to have reached a dizzying array of end users, with some vital ones in the mix. Apple, for its part, has used Supermicro hardware in its data centers sporadically for years, but the relationship intensified after 2013, when Apple acquired a startup called Topsy Labs, which created superfast technology for indexing and searching vast troves of internet content. By 2014, the startup was put to work building small data centers in or near major global cities. This project, known internally as Ledbelly, was designed to make the search function for Apple’s voice assistant, Siri, faster, according to the three senior Apple insiders.
Documents seen by Businessweek show that in 2014, Apple planned to order more than 6,000 Supermicro servers for installation in 17 locations, including Amsterdam, Chicago, Hong Kong, Los Angeles, New York, San Jose, Singapore, and Tokyo, plus 4,000 servers for its existing North Carolina and Oregon data centers. Those orders were supposed to double, to 20,000, by 2015. Ledbelly made Apple an important Supermicro customer at the exact same time the PLA was found to be manipulating the vendor’s hardware.
Project delays and early performance problems meant that around 7,000 Supermicro servers were humming in Apple’s network by the time the company’s security team found the added chips. Because Apple didn’t, according to a U.S. official, provide government investigators with access to its facilities or the tampered hardware, the extent of the attack there remained outside their view.

Microchips found on altered motherboards in some cases looked like signal conditioning couplers.PHOTOGRAPHER: VICTOR PRADO FOR BLOOMBERG BUSINESSWEEK
American investigators eventually figured out who else had been hit. Since the implanted chips were designed to ping anonymous computers on the internet for further instructions, operatives could hack those computers to identify others who’d been affected. Although the investigators couldn’t be sure they’d found every victim, a person familiar with the U.S. probe says they ultimately concluded that the number was almost 30 companies.
That left the question of whom to notify and how. U.S. officials had been warning for years that hardware made by two Chinese telecommunications giants, Huawei Corp. and ZTE Corp., was subject to Chinese government manipulation. (Both Huawei and ZTE have said no such tampering has occurred.) But a similar public alert regarding a U.S. company was out of the question. Instead, officials reached out to a small number of important Supermicro customers. One executive of a large web-hosting company says the message he took away from the exchange was clear: Supermicro’s hardware couldn’t be trusted. “That’s been the nudge to everyone—get that crap out,” the person says.
Amazon, for its part, began acquisition talks with an Elemental competitor, but according to one person familiar with Amazon’s deliberations, it reversed course in the summer of 2015 after learning that Elemental’s board was nearing a deal with another buyer. Amazon announced its acquisition of Elemental in September 2015, in a transaction whose value one person familiar with the deal places at $350 million. Multiple sources say that Amazon intended to move Elemental’s software to AWS’s cloud, whose chips, motherboards, and servers are typically designed in-house and built by factories that Amazon contracts from directly.
A notable exception was AWS’s data centers inside China, which were filled with Supermicro-built servers, according to two people with knowledge of AWS’s operations there. Mindful of the Elemental findings, Amazon’s security team conducted its own investigation into AWS’s Beijing facilities and found altered motherboards there as well, including more sophisticated designs than they’d previously encountered. In one case, the malicious chips were thin enough that they’d been embedded between the layers of fiberglass onto which the other components were attached, according to one person who saw pictures of the chips. That generation of chips was smaller than a sharpened pencil tip, the person says. (Amazon denies that AWS knew of servers found in China containing malicious chips.)
China has long been known to monitor banks, manufacturers, and ordinary citizens on its own soil, and the main customers of AWS’s China cloud were domestic companies or foreign entities with operations there. Still, the fact that the country appeared to be conducting those operations inside Amazon’s cloud presented the company with a Gordian knot. Its security team determined that it would be difficult to quietly remove the equipment and that, even if they could devise a way, doing so would alert the attackers that the chips had been found, according to a person familiar with the company’s probe. Instead, the team developed a method of monitoring the chips. In the ensuing months, they detected brief check-in communications between the attackers and the sabotaged servers but didn’t see any attempts to remove data. That likely meant either that the attackers were saving the chips for a later operation or that they’d infiltrated other parts of the network before the monitoring began. Neither possibility was reassuring.
When in 2016 the Chinese government was about to pass a new cybersecurity law—seen by many outside the country as a pretext to give authorities wider access to sensitive data—Amazon decided to act, the person familiar with the company’s probe says. In August it transferred operational control of its Beijing data center to its local partner, Beijing Sinnet, a move the companies said was needed to comply with the incoming law. The following November, Amazon sold the entire infrastructure to Beijing Sinnet for about $300 million. The person familiar with Amazon’s probe casts the sale as a choice to “hack off the diseased limb.”
As for Apple, one of the three senior insiders says that in the summer of 2015, a few weeks after it identified the malicious chips, the company started removing all Supermicro servers from its data centers, a process Apple referred to internally as “going to zero.” Every Supermicro server, all 7,000 or so, was replaced in a matter of weeks, the senior insider says. (Apple denies that any servers were removed.) In 2016, Apple informed Supermicro that it was severing their relationship entirely—a decision a spokesman for Apple ascribed in response to Businessweek’s questions to an unrelated and relatively minor security incident.
That August, Supermicro’s CEO, Liang, revealed that the company had lost two major customers. Although he didn’t name them, one was later identified in news reports as Apple. He blamed competition, but his explanation was vague. “When customers asked for lower price, our people did not respond quickly enough,” he said on a conference call with analysts. Hayes, the Supermicro spokesman, says the company has never been notified of the existence of malicious chips on its motherboards by either customers or U.S. law enforcement.
Concurrent with the illicit chips’ discovery in 2015 and the unfolding investigation, Supermicro has been plagued by an accounting problem, which the company characterizes as an issue related to the timing of certain revenue recognition. After missing two deadlines to file quarterly and annual reports required by regulators, Supermicro was delisted from the Nasdaq on Aug. 23 of this year. It marked an extraordinary stumble for a company whose annual revenue had risen sharply in the previous four years, from a reported $1.5 billion in 2014 to a projected $3.2 billion this year.
One Friday in late September 2015, President Barack Obama and Chinese President Xi Jinping appeared together at the White House for an hourlong press conference headlined by a landmark deal on cybersecurity. After months of negotiations, the U.S. had extracted from China a grand promise: It would no longer support the theft by hackers of U.S. intellectual property to benefit Chinese companies. Left out of those pronouncements, according to a person familiar with discussions among senior officials across the U.S. government, was the White House’s deep concern that China was willing to offer this concession because it was already developing far more advanced and surreptitious forms of hacking founded on its near monopoly of the technology supply chain.
In the weeks after the agreement was announced, the U.S. government quietly raised the alarm with several dozen tech executives and investors at a small, invite-only meeting in McLean, Va., organized by the Pentagon. According to someone who was present, Defense Department officials briefed the technologists on a recent attack and asked them to think about creating commercial products that could detect hardware implants. Attendees weren’t told the name of the hardware maker involved, but it was clear to at least some in the room that it was Supermicro, the person says.
The problem under discussion wasn’t just technological. It spoke to decisions made decades ago to send advanced production work to Southeast Asia. In the intervening years, low-cost Chinese manufacturing had come to underpin the business models of many of America’s largest technology companies. Early on, Apple, for instance, made many of its most sophisticated electronics domestically. Then in 1992, it closed a state-of-the-art plant for motherboard and computer assembly in Fremont, Calif., and sent much of that work overseas.
Over the decades, the security of the supply chain became an article of faith despite repeated warnings by Western officials. A belief formed that China was unlikely to jeopardize its position as workshop to the world by letting its spies meddle in its factories. That left the decision about where to build commercial systems resting largely on where capacity was greatest and cheapest. “You end up with a classic Satan’s bargain,” one former U.S. official says. “You can have less supply than you want and guarantee it’s secure, or you can have the supply you need, but there will be risk. Every organization has accepted the second proposition.”
In the three years since the briefing in McLean, no commercially viable way to detect attacks like the one on Supermicro’s motherboards has emerged—or has looked likely to emerge. Few companies have the resources of Apple and Amazon, and it took some luck even for them to spot the problem. “This stuff is at the cutting edge of the cutting edge, and there is no easy technological solution,” one of the people present in McLean says. “You have to invest in things that the world wants. You cannot invest in things that the world is not ready to accept yet.”
Bloomberg LP has been a Supermicro customer. According to a Bloomberg LP spokesperson, the company has found no evidence to suggest that it has been affected by the hardware issues raised in the article. ... -companies
- trump May 17, 2017

"Dotard is a 'Bulger' Rat

Why we do think that Mr. Trump owes a debt to Mr. Putin? Here are fifty reasons
User avatar
Posts: 30329
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Big Hack How China Used Tiny Chip to Infiltrate US Compa

Postby Karmamatterz » Fri Oct 05, 2018 12:58 pm

Important to get another angle to this "story." ... f95b00b68a

Apple on Thursday morning said, “Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.”

Amazon, which in 2015 acquired a company, Elemental, whose servers reportedly were affected by the Chinese operation, said in a statement Thursday, “At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems. Nor have we engaged in an investigation with the government. There are so many inaccuracies in this article as it relates to Amazon that they’re hard to count.”

This story looks like an obvious plant in order to use as a negotiation point in trade talks. But I'm sure the Chinese Communist Party had all the best of intentions if they actually did plant spy chips on hardware used by Americans.

No doubt Apple and Amazon would never want to publicly acknowledge if this actually happened. If they made no comment the media would run with it like wildfire and publish:

Apple and Amazon Don't Deny Spy Chips Planted by Chicomms - It MUST have Happened.
Posts: 635
Joined: Sun Aug 19, 2012 10:58 pm
Blog: View Blog (0)

Re: Big Hack How China Used Tiny Chip to Infiltrate US Compa

Postby DrEvil » Fri Oct 05, 2018 3:26 pm

It wouldn't exactly shock me the to learn that this story is true. It's basically the same stunt that the NSA have been pulling for years.

The very specific denials from Apple and Amazon are a little strange though. Apple has even stated that they are not under a gag order.

It would open them up to some pretty hefty lawsuits if it turns out they're lying, unless they have been helping the government with a disinfo campaign against the Chinese or something, and have bulletproof legal guarantees that they can lie in the name of national security.

There's also this little tidbit from Hacker News (anonymous, so metric ton of salt required):

The reason Bloomberg is so sure about this is because chips/'infected' Supermicro boards were originally found at Bloomberg. They noticed odd web traffic coming from a server, took a look, found nothing, looked closer, and finally found a hardware exploit.

What you're seeing in the Bloomberg piece is a bunch of half-truths backed by soild data. It is a BMC exploit, and they are doing it through the BMC EPROM, and even the position of the 'exploit' in the article's graphics is accurate. This is obfuscated because of an ongoing investigation. It's real, but there's purposeful misinformation, combined with a journalistic game of telephone or chinese whispers.

It's also about the worst possible way to drop and 0-day, but whatever.

Either way, we will hopefully know within the next few days as people are frantically checking their servers for extra parts.
"I only read American. I want my fantasy pure." - Dave
User avatar
Posts: 2532
Joined: Mon Mar 22, 2010 1:37 pm
Blog: View Blog (0)

Re: Big Hack How China Used Tiny Chip to Infiltrate US Compa

Postby seemslikeadream » Sat Oct 06, 2018 1:41 am

Apple Insiders Say Nobody Internally Knows What’s Going On With Bloomberg’s China Hack Story

“I don’t know if something like this even exists.”

John Paczkowski
Posted on October 5, 2018, at 8:20 p.m. ET

Justin Sullivan / Getty Images
Multiple senior Apple executives, speaking with BuzzFeed News on the condition of anonymity so that they could speak freely all denied and expressed confusion with a report earlier this week that the company’s servers had been compromised by a Chinese intelligence operation.

On Thursday morning, Bloomberg Businessweek published a bombshell investigation. The report — the result of more than a year of reporting and over 100 interviews with intelligence and company sources — alleged that Chinese spies compromised and infiltrated almost 30 U.S. companies including Apple and Amazon by embedding a tiny microchip inside company servers.

“We tried to figure out if there was anything, anything, that transpired that's even remotely close to this. We found nothing.”

According to Bloomberg’s reporting, an attack of this caliber isn’t just elaborate but “the most significant supply chain attack known to have been carried out against American companies.” The security ramifications for the businesses (and consequently millions of Americans) are likely dizzying.

Both Amazon and Apple issued uncharacteristically strong and detailed denials of Bloomberg’s claims.

Reached by BuzzFeed News multiple Apple sources — three of them very senior executives who work on the security and legal teams — said that they are at a loss as to how to explain the allegations. These people described a massive, granular, and siloed investigation into not just the claims made in the story, but into unrelated incidents that might have inspired them.

“We tried to figure out if there was anything, anything, that transpired that's even remotely close to this,” a senior Apple security executive told BuzzFeed News. “We found nothing.”

A senior security engineer directly involved in Apple’s internal investigation described it as “endoscopic,” noting they had never seen a chip like the one described in the story, let alone found one. “I don’t know if something like this even exists,” this person said, noting that Apple was not provided with a malicious chip or motherboard to examine. "We were given nothing. No hardware. No chips. No emails."

Equally puzzling to Apple execs is the assertion that it was party to an FBI investigation — Bloomberg wrote that Apple “reported the incident to the FBI." A senior Apple legal official told BuzzFeed News the company had not contacted the FBI, nor had it been contacted by the FBI, the CIA, the NSA or any government agency in regards to the incidents described in the Bloomberg report. This person’s purview and responsibilities are of such a high level that it’s unlikely they would not have been aware of government outreach.

Reached for comment, Apple directed BuzzFeed News to its Thursday blog post.

Apple’s broad, categorical denial is essentially unprecedented in its detail. For example, when the Washington Post revealed the government's PRISM program in 2013, Apple, Google and Facebook all issued very precise denials noting that none gave government agencies "direct access to our servers." In this case, however, Apple’s statement leaves little room for interpretation or alternate explanations. Apple not only denies the direct claims about its involvement with the FBI, but goes further to deny that "anything like this" happened. It went on to state that "we are not under any kind of gag order or other confidentiality obligations."

Bloomberg’s defense of its story is equally forceful. On Friday, the publication stood by its reporting. "Bloomberg Businessweek's investigation is the result of more than a year of reporting, during which we conducted more than 100 interviews," a spokesperson told BuzzFeed News in response to a series of questions. "Seventeen individual sources, including government officials and insiders at the companies, confirmed the manipulation of hardware and other elements of the attacks. We also published three companies' full statements, as well as a statement from China's Ministry of Foreign Affairs. We stand by our story and are confident in our reporting and sources."

The result is an unusual stalemate that’s left onlookers baffled.

“We are not restrained in any way."
The story has clearly rattled Apple, a notoriously private company, and one that has long touted its strong commitment to privacy. Sources say the company’s infosec team is aghast at its allegations. “This did not happen,” a senior Apple security executive told BuzzFeed News. This person insisted, vehemently, that there is no dissembling in the company’s response, that it didn’t secretly remove compromised servers, or discover compromised servers during the acceptance process and stop short of deploying them. “We have literally seen nothing like this.”

Particularly vexing for Apple, say company sources, is the suggestion it might be lying to the public to protect national security interests. The company has said on record that it is under no gag order, but Congress has on occasion granted retroactive immunity to companies aiding U.S. intelligence efforts. However, a senior Apple legal official who spoke with BuzzFeed News said the company is bound by no confidentiality order or agreement. “We are not restrained in any way,” this executive said. Asked point blank if Apple is lying to the public in the interests of national security, this executive replied, "no."

For Apple, the investigation into the Bloomberg allegations appears to be over. Multiple sources tell BuzzFeed News that the company believes it’s done everything it can, pulled all the threads, talked to everyone and examined every corner of its business. It’s reached a what-else-can-we-do impasse.

What happens next isn’t exactly clear. Those with a vested interest — security professionals, government officials, and Amazon and Apple’s millions of customers — are left with questions that are currently unanswerable as Bloomberg and the subjects of its story continue to square off. ... -spies-fbi
- trump May 17, 2017

"Dotard is a 'Bulger' Rat

Why we do think that Mr. Trump owes a debt to Mr. Putin? Here are fifty reasons
User avatar
Posts: 30329
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Big Hack How China Used Tiny Chip to Infiltrate US Compa

Postby seemslikeadream » Tue Oct 09, 2018 7:54 am

Risky Business Feature: Named source in "The Big Hack" has doubts about the story
"Big Hack" technical source Joe Fitzpatrick has concerns about Bloomberg's reporting...
09 Oct 2018 » Risky Business
In this podcast hardware security expert Joe Fitzpatrick, a named source in Bloomberg’s “Big Hack” piece, explains why he felt uncomfortable reading the story when it was published.

He also provided Risky.Biz with emails he sent to Bloomberg, prior to the hstory’s publication, that said the hardware back-dooring the article described “didn’t make sense”.
- trump May 17, 2017

"Dotard is a 'Bulger' Rat

Why we do think that Mr. Trump owes a debt to Mr. Putin? Here are fifty reasons
User avatar
Posts: 30329
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Big Hack How China Used Tiny Chip to Infiltrate US Compa

Postby JackRiddler » Tue Oct 09, 2018 11:37 pm


After motherboard story, see comment by Larisa Alexandrovna, below. I don't take either without reading critically, but both seem spot-on here.

This story stinks every way. It's been adopted by the Regime in its fight with the Establishment over whether the Enemy is Eastasia or Eurasia. Regime also says Eastasia is about to fake the midterm elections. (Eurasia will only be faking the elections if the results come out unexpectedly.) Also, TRADE WAR PROPAGANDA BOOSTER, obviously.

The lone source for the story is an Mossad or ex-Mossad front company. And unlike the Russians, the Trump campaign actually did collaborate with the Israeli state to influence the U.S. election results. ... apple-hack
The Cybersec World Is Debating Who to Believe in This Story About a Massive Hack

Hacking | by Jason Koebler, Joseph Cox, and Lorenzo Franceschi-Bicchierai | Oct 9 2018, 1:25pm

On Tuesday, Bloomberg doubled down on its bombshell report from last week, which alleged China had surreptitiously implanted tiny chips into the motherboards of servers to spy on US companies such as Apple and Amazon. If true, this would be one of the worst hacks in history.

In its new story, Bloomberg reports that a US telecom discovered and removed “manipulated hardware” in its servers. The article does not name the telecom and the key claims are all attributed to one source, Yossi Appleboum, co-CEO of security consultant Sepio Systems. Bloomberg reports Appleboum provided “documents, analysis, and other evidence,” but does not publish those or provide more information about what types of documents or evidence it has.

It is not clear in the article that Bloomberg knows which telecom is apparently affected; it notes that Appleboum is covered by an non-disclosure agreement. Motherboard has reached out to 10 major US telecom providers, and the four biggest telecoms in the US have denied to Motherboard that they were attacked: In an email, T-Mobile denied being the one mentioned in the Bloomberg story. Sprint said in an email that the company does not use SuperMicro equipment, and an AT&T spokesperson said in an email that "these devices are not a part of our network, and we are not affected." A Verizon spokesperson said: "Verizon's network is not affected.”

A CenturyLink spokesperson also denied that the company is the subject of Bloomberg's new story. A Cox Communications spokesperson said in an email: "The telecom company referenced in the story is NOT us." Comcast also said it's not the company in the Bloomberg story.

On Monday, Apple also doubled down, with a new strong denial sent to multiple Congressional committees. The company sent a letter refuting the first story, published in Bloomberg's Businessweek, which said China had planted hardware backdoors onto motherboards made by a company called SuperMicro used by multiple US companies, including Apple and Amazon.

The letter is the strongest signal yet from a growing array of government agencies, companies, and technical experts who are calling the Bloomberg story into doubt. (The new story does not directly address these denials.)

If you know anything about this story, please send us a tip. To contact Jason Koebler on Signal: +1 347 513 3688. To Contact Joseph Cox on Signal: +44 20 8133 5190. To contact Lorenzo Franceschi-Bicchierai on Signal: +1 917 257 1382

“You should know that Bloomberg provided us with no evidence to substantiate their claims and our internal investigations concluded their claims were simply wrong,” the letter, signed by George Stathakopoulos, vice president of information security at Apple, reads.

“Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposefully planted in any server. We never alerted the FBI to any security concerns like those described in the article, nor has the FBI ever contacted us about such an investigation,” the letter continues.

Bloomberg's blockbuster piece published last week promised to be our worst fears about supply chain attacks realized. The article claimed the Chinese government had managed to plant tiny, extra chips onto the motherboards of SuperMicro, a computer parts supplier that produces server parts for Apple, Amazon, and many others. Those chips could have given Chinese hackers privileged access to those companies’ systems, the piece said.

“Hardware is a nightmare. We can barely validate software, and all our assumptions rely on the hardware working correctly. Pull away that assumption, it’s like removing the screws from a piece of IKEA furniture,” Matthew Green, associate professor at Johns Hopkins University, previously told Motherboard in an online chat. The article itself was based mostly on anonymous sources, both inside impacted companies and those who had been briefed on the incident.

The fallout, or rather backlash, against the Businessweek piece has been dramatic.

First, Apple, Amazon, and SuperMicro all issued largely unambiguous statements pushing against the story; it is a relatively unusual move to have such robust, refuting statements that provide little wiggle room for a story’s claims to hold up. Next, the UK’s National Cyber Security Centre (NCSC), the defensive arm of the country’s signals intelligence agency GCHQ, issued its own statement saying it had no reason to doubt Apple’s and Amazon’s denials. The US Department of Homeland Security (DHS) swiftly followed up, saying much the same thing. Apple’s recently retired general counsel even called his FBI equivalent last year after being told by Bloomberg of an investigation into SuperMicro: “Nobody here knows what this story is about,” James Baker, the FBI’s then-general counsel, said, according to a report from Reuters.

In a statement to Motherboard sent on Monday, a Bloomberg spokesperson reiterated that it stands by the story, “and are confident in our reporting and sources.” (Bloomberg did not immediately respond to a request for comment Tuesday after the new story was published. One of the co-authors did not respond to a Twitter direct message. )

Image: Creative Electron

An Apple employee with direct knowledge of the company’s internal investigations who spoke on condition of anonymity told Motherboard that “none of the most consequential portions” of the original Bloomberg story as they relate to Apple are true. They said the company did not find malicious chips in its servers, it did not remove or dispose of those servers, and added that Apple did not inform the FBI nor frustrate an investigation into this incident .

“In early 2016, our Information Security department identified an infected Windows server in one of our labs. An investigation revealed the infection to be the result of malware-infected software drivers downloaded from the Super Micro site,” the Apple employee told Motherboard. “No infected firmware was found. The infection of the drivers was determined to be accidental—the result of poor system hygiene by the vendor—not a targeted attack against Apple. Following our discussions with them, we severed the relationship last summer.”

The employee said Apple launched an internal investigation to look into the allegations Bloomberg brought to the company.

“It was cross-disciplined, detailed and rigorous,” the source said of the investigation, explaining that it involved reviewing purchase orders, finance documents, logs, security records, and interviews with employees who would have known or been involved in such an incident. No Apple employee “had ever heard of anything even loosely matching what Bloomberg was describing,” the employee said.

Because the allegations made in the Bloomberg story would be world-shifting, the story has dominated the discourse in the cybersecurity world. Though proactively detecting a malicious chip in the supply chain is very difficult and time consuming, security experts say that detecting one after the fact should be trivially easy.

“I think a lot of information is missing,” Omer Shvartz, a security researcher at Israel’s Ben Gurion University who showed a proof-of-concept supply chain hack involving a malicious chip in his research last year, told Motherboard in an email. Shvartz said the Bloomberg story is certainly plausible but that he has lots of questions.

“I would like to see a decapped chip (the exposed silicone structure after dissolving or scraping the plastic envelope) or at least some sort of radiographic image of the contents,” Shvartz told Motherboard. “This is standard procedure for analysis of suspected electronics and will allow us to understand what are the capabilities of the device.”

Bill Cardoso, the CEO of Creative Electron, a company that sells x-ray machines that are designed, in part, to detect malicious chips in electronics, told Motherboard that it has developed technology that can identify this sort of hack pretty easily after the fact.

As early as 2016 “we were doing work with a commercial organization to provide them with an x-ray system to inspect boards coming from different vendors,” Cardoso said. “The x-ray system we sold them was powered with an artificial intelligence engine that learned what a good board look like, and over time was able to pick up even the smaller of foreign objects.

But, as Zack Whitaker wrote at TechCrunch, reporting on national security issues using largely anonymous sources makes it difficult for Bloomberg to prove to its readers how it knows what it knows, which has led to widespread doubts about the original article’s veracity when faced with such strong denials from nearly every company involved and the intelligence community. Because of the sensitive nature of the reporting, we don’t have a chip, or photos of it, and Bloomberg wasn’t able to publish any of the source documents that it said it has seen.

On Monday night, former White House cybersecurity czar, and now NSA advisor Rob Joyce added his own grain of salt soliciting more information about the story on Twitter: “Still interested if someone is directly connected to a discovery of adulterated hardware-DM me”—implying that he’s not aware of a China-led supply chain attack such as the one reported by Businessweek.

Even sources used in the original story are confused about what’s going on. The cybersecurity podcast Risky Business interviewed one of the few named sources in the original Businessweek article, hardware security expert Joe Fitzpatrick, who expressed doubts about the article, and said he had never been contacted by any Bloomberg fact-checker. Fitzpatrick was used as an expert source to comment on the technical details of what Bloomberg described and does not have any firsthand knowledge of the actual alleged hack.

“I have the expertise to look at the technical details and I have the knowledge to look at the technical details and see that they’re jumbled. They’re not outright wrong, but they are theoretical.” Fitzpatrick, a well known hardware security trainer, told Risky Business founder and host Patrick Gray. “I see a lot of details that I gave out of context, so I’m not an expert judge on quality of journalism, but I definitely have my doubts on this one.”

The prospect of this kind of attack is very real, but the fact that both Bloomberg and the companies named in the story are doubling down is confusing everyone, and a sign that we are probably not done hearing about this story anytime soon.

A Bloomberg spokesperson said in a statement: "As is typical journalistic practice, we reached out to many people who are subject matter experts to help us understand and describe technical aspects of the attack. The specific ways the implant worked were described, confirmed, and elaborated on by our primary sources who have direct knowledge of the compromised Supermicro hardware. Joe FitzPatrick was not one of these 17 individual primary sources that included company insiders and government officials, and his direct quote in the story describes a hypothetical example of how a hardware attack might play out, as the story makes clear."

Update: This article has been updated to clarify that the first Bloomberg article was published in Businessweek and the second article was published only on Bloomberg's website. Both articles were written by the same journalists. This article has also been updated to add the Bloomberg statement on Joe FitzPatrick, and telecom companies statements.

Larisa Alexandrovna Horton on FB, October 9 wrote: ... 3744241881

There is something crazy going on with the China-is-hacking-the-US story. First of all, it seems to be bullshit (see last link at bottom). [Motherboard story, above]

For the record, I am not reporting or conveying anything I have been told by sources. This is just my own speculation

Secondly, it appears to be bullshit that I keep finding on Trumpists' websites and even repeated as fact by their dear leader.

That kind of instantaneous unity from people that normally believe that the earth is flat and that Trump won the popular vote is suspicious.

I suspect that this is that a political intelligence op (carried out by a foreign government) rather than an actual foreign intelligence op carried out for their own benefit. Here is the bit that got me:

"In its new story, Bloomberg reports that a US telecom discovered and removed “manipulated hardware” in its servers. The article does not name the telecom and the key claims are all attributed to one source, Yossi Appleboum, co-CEO of security consultant Sepio Systems. Bloomberg reports Appleboum provided “documents, analysis, and other evidence,” but does not publish those or provide more information about what types of documents or evidence it has."

So as snoopy journalists do, I went straight to looking into Yossi Appleboum and of course as turns out, he is former Israeli intelligence. So I looked up the rest of the company leadership - which you can read for yourself in this link: - and it turns out they are all Israeli intelligence. In fact, on the company's board of directors is the current Mossad director.

Now we know that two Israeli spy fronts have either been approached (…/rick-gates-robert-mueller-ted-…) or were actually hired (…/black-cube-inside-shadowy-israeli…) by the Trump campaign.

And now both Trump and his minions are running around spreading a story from a third Israeli spy front about Chinese hacking Amazon (Trump's obsession) and Apple.

No one seems to be pointing out the Israeli intelligence connection or their previous work on behalf of team Trump and so no one is actually asking the right questions about this. Of course I am speculating, so this maybe nothing to ask about to begin with.

How is a POTUS who is so resistant to any evidence of Russian hacking so entirely on board with a hacking story being laundered through Israeli intelligence? Especially given that team Trump has been knee deep using Israeli intelligence for domestic policies (Iran) and attempting to use their services (2016 election) for election meddling?

Is there a connection here? Did team Trump hire Sepio Systems to plant this bogus story? Why?

We can speculate and I surely am when I say that this has something to do with the mid-terms. But I don't know what. Could this be laying the groundwork for the legitimacy of the Trumpist defeat (and there will be a defeat) in the mid-terms? Plant the doubt in America's collective mind that the failure of Trumpism is really a foreign attack? Or am I giving these clowns too much credit? If that is the case, this would be the second time a foreign government has meddled in US elections on Trump's behalf.
We meet at the borders of our being, we dream something of each others reality. - Harvey of R.I.

To Justice my maker from on high did incline:
I am by virtue of its might divine,
The highest Wisdom and the first Love.

TopSecret WallSt. Iraq & more
User avatar
Posts: 14214
Joined: Wed Jan 02, 2008 2:59 pm
Location: New York City
Blog: View Blog (0)

Re: Big Hack How China Used Tiny Chip to Infiltrate US Compa

Postby JackRiddler » Wed Oct 10, 2018 12:51 pm


This is a strong contender for an October Surprise propaganda operation. It doesn't require covert exotica, the White House can just pick up what's out there and push panic about China hacking the election.

On Larisa's last sentence, of course this isn't "the second time" a foreign government has interfered in U.S. elections. This is what many foreign nations try to do, generally as adjuncts or in collaboration with U.S. citizen elements. The longest known histories of it belong to Israel and Saudi Arabia. Whether and what the Russian state did in 2016 remains an open question.
We meet at the borders of our being, we dream something of each others reality. - Harvey of R.I.

To Justice my maker from on high did incline:
I am by virtue of its might divine,
The highest Wisdom and the first Love.

TopSecret WallSt. Iraq & more
User avatar
Posts: 14214
Joined: Wed Jan 02, 2008 2:59 pm
Location: New York City
Blog: View Blog (0)

Re: Big Hack How China Used Tiny Chip to Infiltrate US Compa

Postby JackRiddler » Wed Oct 10, 2018 4:35 pm


Now if the Chinese government arrests an American, it can escalate.

Chinese Spy Arrested and Is First Brought to U.S. for Prosecution ... rrest.html

By Katie Benner
Oct. 10, 2018

WASHINGTON — A Chinese intelligence official was arrested in Belgium and brought to the United States to face espionage charges, Justice Department officials said on Wednesday, in a dramatic escalation of the Trump administration’s effort to crack down on Chinese spying.

The extradition on Tuesday of the officer, Yanjun Xu, a deputy division director in a regional office of China’s Ministry of State Security, was the first time that a Chinese intelligence official was brought to the United States to be prosecuted. He tried to steal trade secrets from GE Aviation, according to law enforcement officials.

“This unprecedented extradition of a Chinese intelligence officer exposes the Chinese government’s direct oversight of economic espionage against the United States,” William Priestap, the F.B.I.’s assistant director for counterintelligence, said in a statement.

American law enforcement officials view Chinese espionage as one of their top concerns. China has for years used spycraft and cyberattacks to steal valuable corporate, academic and military information that it can use to bolster its growing economic power and political influence.

The administration also outlined on Wednesday new restrictions on foreign investment that are aimed at keeping China from gaining access to American companies. American officials will be able to block more foreign transactions believed to be a threat to national security, including in technology, telecommunications and other sensitive industries.

Mr. Xu was arrested in Belgium on April 1 after being lured there in the hopes of obtaining information about GE Aviation.

Justice Department officials said they waited until Mr. Xu was extradited to unseal charges of committing economic espionage against the United States and attempting to steal corporate trade secrets from American aviation companies. His transfer will allow prosecutors to try him in federal court in Cincinnati, where he made an initial appearance on Wednesday.

The Justice Department is pursuing other thefts of trade secrets for prosecution, said John C. Demers, the head of the Justice Department’s National Security Division. Together, he said, they show that China has a policy of developing its economy “at America’s expense.”

“This case is not an isolated incident,” Mr. Demers said. “It is part of an overall economic policy of developing China at American expense. We cannot tolerate a nation’s stealing our firepower and the fruits of our brainpower.”

Even more than Russia, China “represents the most complicated, most long-term counterintelligence threat we face,” the F.B.I. director, Christopher A. Wray, said on Wednesday at a hearing of the Senate Homeland Security Committee.

Kirstjen Nielsen, the director of homeland security, told lawmakers that Chinese officials are “bringing everything they have to bear” to influence the U.S. “in every way possible.”

In a speech last week, Vice President Mike Pence characterized China’s economic development strategy as a national security threat, prompting Chinese officials to say his remarks could portend a new cold war.

China’s Ministry of State Security collects domestic and foreign intelligence via a large network of intelligence gatherers inside and outside of the country. Some members are attachés and academics who harvest information overtly. Others work secretly as spies.

We meet at the borders of our being, we dream something of each others reality. - Harvey of R.I.

To Justice my maker from on high did incline:
I am by virtue of its might divine,
The highest Wisdom and the first Love.

TopSecret WallSt. Iraq & more
User avatar
Posts: 14214
Joined: Wed Jan 02, 2008 2:59 pm
Location: New York City
Blog: View Blog (0)

Re: Big Hack How China Used Tiny Chip to Infiltrate US Compa

Postby Karmamatterz » Sat Oct 20, 2018 8:58 am

A follow up on this story that provides better insight with more detail on the malware aspect. Also note the admission by Apple in the Mashable link. Apple says there was a malware problem. Even with the crappy reporting and citing anonymous sources there appears to be tampering.

This still does not mean the story wasn't used for trade talks propaganda or industrial espionage by companies seeking to discredit Supermicro.

The Erratasec blog has a few other good nuggets to browse in addition to this article if you're interested in tech. ... upply.html

Thursday, October 04, 2018
Notes on the Bloomberg Supermicro supply chain hack story
Bloomberg has a story how Chinese intelligence inserted secret chips into servers bound for America. There are a couple issues with the story I wanted to address.

The story is based on anonymous sources, and not even good anonymous sources. An example is this attribution:
a person briefed on evidence gathered during the probe says
That means somebody not even involved, but somebody who heard a rumor. It also doesn't the person even had sufficient expertise to understand what they were being briefed about.

The technical detail that's missing from the story is that the supply chain is already messed up with fake chips rather than malicious chips. Reputable vendors spend a lot of time ensuring quality, reliability, tolerances, ability to withstand harsh environments, and so on. Even the simplest of chips can command a price premium when they are well made.

What happens is that other companies make clones that are cheaper and lower quality. They are just good enough to pass testing, but fail in the real world. They may not even be completely fake chips. They may be bad chips the original manufacturer discarded, or chips the night shift at the factory secretly ran through on the equipment -- but with less quality control.

The supply chain description in the Bloomberg story is accurate, except that in fails to discuss how these cheap, bad chips frequently replace the more expensive chips, with contract manufacturers or managers skimming off the profits. Replacement chips are real, but whether they are for malicious hacking or just theft is the sticking point.

For example, consider this listing for a USB-to-serial converter using the well-known FTDI chip. The word "genuine" is in the title, because fake FTDI chips are common within the supply chain. As you can see form the $11 price, the amount of money you can make with fake chips is low -- these contract manufacturers hope to make it up in volume.

The story implies that Apple is lying in its denials of malicious hacking, and deliberately avoids this other supply chain issue. It's perfectly reasonable for Apple to have rejected Supermicro servers because of bad chips that have nothing to do with hacking.

If there's hacking going on, it may not even be Chinese intelligence -- the manufacturing process is so lax that any intelligence agency could be responsible. Just because most manufacturing of server motherboards happen in China doesn't point the finger to Chinese intelligence as being the ones responsible.

Finally, I want to point out the sensationalism of the story. It spends much effort focusing on the invisible nature of small chips, as evidence that somebody is trying to hide something. That the chips are so small means nothing: except for the major chips, all the chips on a motherboard are small. It's hard to have large chips, except for the big things like the CPU and DRAM. Serial ROMs containing firmware are never going to be big, because they just don't hold that much information.

A fake serial ROM is the focus here not so much because that's the chip they found by accident, but that's the chip they'd look for. The chips contain the firmware for other hardware devices on the motherboard. Thus, instead of designing complex hardware to do malicious things, a hacker simply has to make simple changes to software, and replace the software.

Thus, if investigators are worried about hacking, they'll look at those chips first. When they find fake ones, because some manager tried to skim $0.25 per server that was manufactured, then they'll find evidence confirming their theory.

But if that were the case, investigators can simply pull the malicious software off the chip, reverse engineer it, and confirm its maliciousness. The Bloomberg story doesn't verify this happened. It's like a story of UFOs the rely upon the weight of many unconfirmed reports rather than citing a single confirmed one.

This story could be true, of course. And even if it's not true in this one case, there are probably other cases. The manufacturing process is so lax it's probable that somewhere some intelligence organization has done this. However, the quality of reporting is so low, quoting anonymous sources that appear not to have sufficient expertise, focusing on sensationalistic aspects, and not following up on background, that I have to question this story. ... fi.ORykGqJ

In a departure from Amazon and Apple's denial over the previous reports, Apple confirmed that it found malware on their Supermicro servers.

Apple says it discovered malware on a single server in 2016. This does not conflict with its denial of hardware attack; in fact, it bolsters it, because Apple cites the malware as the reason it dropped Supermicro as a vendor in its official statement — not the presence of malicious microchips in servers.
Posts: 635
Joined: Sun Aug 19, 2012 10:58 pm
Blog: View Blog (0)

Return to Current Events

Who is online

Users browsing this forum: No registered users and 1 guest