Scythe Mugen 5 Rev.C CPU Cooler review
be quiet Pure Loop 2 FX 280mm LCS review
HP FX900 1 TB NVMe Review
Scythe FUMA2 Rev.B CPU Cooler review
SK Hynix Platinum P41 2TB M.2 NVMe SSD Review
Corsair K70 RGB PRO Mini Wireless review
MSI MPG A1000G - 1000W PSU Review
Goodram IRDM PRO M.2 SSD 2 TB NVMe SSD Review
Samsung T7 Shield Portable 1TB USB SSD review
DeepCool LS720 (LCS) review
Bloomberg: China broke into US companies by adding chip on server motherboards
Likely the story of the day. Bloomberg posted an extensive article where they claim that the Chinese government tried to infiltrate into US companies by adding chips on server motherboards.
First, off this, the companies involved and the Chinese government is denying the story, but it seems well investigated, and if true the implications would be enormous as server/mobo provider SuperMicro is involved. And adding a chip into a PCB, is not something you do without corporation of the server motherboard manufacturer.
So the story is that basically some core logic was added onto the motherboards, chips the sized as a single grain of rice that had it's own IO, a networking interface and even a micro CPU. The discovery was made at Amazon who researched Elemental Technologies, a maker of software for servers that the American company Super Micro Computer, or Supermicro, uses. During that investigation, Amazon stumbled on the extra chip on the motherboard. Initially sized slightly smaller than a fingernail and later on an even smaller version. This chip would be able to contact servers over the web and receive instructions, and it's claimed it would be able to modify the server software, a backdoor.
The stories get weird here; Apple and Amazon are denying any existence of the chip. "Apple has never found malicious chips, hardware manipulations or vulnerabilities that have been deliberately placed on a server, Apple has never had contact with the FBI or any other service about such an incident," Apple says it has 2000 servers from Supermicro, but denies that it has found the chips. Amazon says in its denial that it found four problems with the purchase of Elemental, a takeover that took place in 2015. None of those were in the hardware.
Have a read here, at bloomberg.
gx-x
Senior Member
Posts: 1519
Joined: 2007-03-18
Senior Member
Posts: 1519
Joined: 2007-03-18
#5592150 Posted on: 10/04/2018 03:52 PM
Bloomberg is fake news.
Bloomberg is fake news.
vbetts
Moderator
Posts: 15143
Joined: 2006-07-04
Moderator
Posts: 15143
Joined: 2006-07-04
#5592152 Posted on: 10/04/2018 03:53 PM
I just want to say something real quick, let's not make this into a political debate. I already got enough of that going around with all the freaking political ads everywhere!
I just want to say something real quick, let's not make this into a political debate. I already got enough of that going around with all the freaking political ads everywhere!
schmidtbag
Senior Member
Posts: 6680
Joined: 2012-11-10
Senior Member
Posts: 6680
Joined: 2012-11-10
#5592154 Posted on: 10/04/2018 04:03 PM
As an American, I can't say US-based companies are a whole lot more trustworthy than Chinese or Russian. But... I also don't really care if a government (domestic or foreign) is spying on me, so despite this news, I'll still gladly buy Chinese (or American) parts. All I care about is price and performance.
I was also thinking of just simply removing the chip. Or, take a screwdriver and a hammer and just give it a little tap to crush it. Surely, the chip is not crucial to the functionality of the board, so might as well ignore it.
As for the driver thing, there are plenty of hardware features that work without drivers. Drivers are nothing more than just basic code that allows the OS to have control/access over hardware. There is nothing preventing hardware from performing logic functions without the OS being aware of it. Take keyloggers for example, or the potential malware that takes advantage of Spectre and Meltdown.
That being said, I wouldn't be surprised if the chip sits somewhere between the storage controller, the chipset, and the NIC. It probably just listens in on the data and encodes it to be sent over the NIC. I'm sure it's completely isolated and undetectable by the rest of the system.
And this is why I get my servers and parts from small US company's. Its nice to have parts in your PC that say made in USA or Germany, UK and not china, Taiwan or something. But my wallet hates me for it :p
As an American, I can't say US-based companies are a whole lot more trustworthy than Chinese or Russian. But... I also don't really care if a government (domestic or foreign) is spying on me, so despite this news, I'll still gladly buy Chinese (or American) parts. All I care about is price and performance.
Anyway, a simple fix. take the chip off the board?
But a better questing, how does the chip work without drivers? What about OS support?
Or is the chip so simple (dumb) that it doesn't need anything from the OS and just passes info gathered form the onboard nic or hdd controllers to where ever?
But a better questing, how does the chip work without drivers? What about OS support?
Or is the chip so simple (dumb) that it doesn't need anything from the OS and just passes info gathered form the onboard nic or hdd controllers to where ever?
I was also thinking of just simply removing the chip. Or, take a screwdriver and a hammer and just give it a little tap to crush it. Surely, the chip is not crucial to the functionality of the board, so might as well ignore it.
As for the driver thing, there are plenty of hardware features that work without drivers. Drivers are nothing more than just basic code that allows the OS to have control/access over hardware. There is nothing preventing hardware from performing logic functions without the OS being aware of it. Take keyloggers for example, or the potential malware that takes advantage of Spectre and Meltdown.
That being said, I wouldn't be surprised if the chip sits somewhere between the storage controller, the chipset, and the NIC. It probably just listens in on the data and encodes it to be sent over the NIC. I'm sure it's completely isolated and undetectable by the rest of the system.
Denial
Senior Member
Posts: 13805
Joined: 2004-05-16
Senior Member
Posts: 13805
Joined: 2004-05-16
#5592161 Posted on: 10/04/2018 04:17 PM
^this.
I don't see why it would need to get political. This is more of issue of security more then anything.
I'd like to see how the server OS maintainers and how supermicro deal with this. Its not like you can always drop everything and get a new server right away.
It would get political because all the companies that Bloomberg said this happening to are outright denying the story. Typically if they want to keep shut they'll use boilerplate "No comment" but they are literally saying this didn't happen and it's entirely fabricated news story. Bloomberg itself posted a counter article summarizing it.
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond
So what exactly is going on here? Seems extremely weird for them to deny it like this because any indication of a real attack would open them to a massive legal liability after a denial like that.
^this.
I don't see why it would need to get political. This is more of issue of security more then anything.
I'd like to see how the server OS maintainers and how supermicro deal with this. Its not like you can always drop everything and get a new server right away.
It would get political because all the companies that Bloomberg said this happening to are outright denying the story. Typically if they want to keep shut they'll use boilerplate "No comment" but they are literally saying this didn't happen and it's entirely fabricated news story. Bloomberg itself posted a counter article summarizing it.
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond
So what exactly is going on here? Seems extremely weird for them to deny it like this because any indication of a real attack would open them to a massive legal liability after a denial like that.
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 2203
Joined: 2011-01-05
oh noes... them pesky Russians, err... Chinese are SPYING AGAIN!!!
"The stories get weird here; Apple and Amazon are
But of course, you can't believe any of those Commie Tech companies like Apple or Amazon... Still waiting for Trump to drain that swamp...