Scythe Mugen 5 Rev.C CPU Cooler review
be quiet Pure Loop 2 FX 280mm LCS review
HP FX900 1 TB NVMe Review
Scythe FUMA2 Rev.B CPU Cooler review
SK Hynix Platinum P41 2TB M.2 NVMe SSD Review
Corsair K70 RGB PRO Mini Wireless review
MSI MPG A1000G - 1000W PSU Review
Goodram IRDM PRO M.2 SSD 2 TB NVMe SSD Review
Samsung T7 Shield Portable 1TB USB SSD review
DeepCool LS720 (LCS) review
Bloomberg: China broke into US companies by adding chip on server motherboards
Likely the story of the day. Bloomberg posted an extensive article where they claim that the Chinese government tried to infiltrate into US companies by adding chips on server motherboards.
First, off this, the companies involved and the Chinese government is denying the story, but it seems well investigated, and if true the implications would be enormous as server/mobo provider SuperMicro is involved. And adding a chip into a PCB, is not something you do without corporation of the server motherboard manufacturer.
So the story is that basically some core logic was added onto the motherboards, chips the sized as a single grain of rice that had it's own IO, a networking interface and even a micro CPU. The discovery was made at Amazon who researched Elemental Technologies, a maker of software for servers that the American company Super Micro Computer, or Supermicro, uses. During that investigation, Amazon stumbled on the extra chip on the motherboard. Initially sized slightly smaller than a fingernail and later on an even smaller version. This chip would be able to contact servers over the web and receive instructions, and it's claimed it would be able to modify the server software, a backdoor.
The stories get weird here; Apple and Amazon are denying any existence of the chip. "Apple has never found malicious chips, hardware manipulations or vulnerabilities that have been deliberately placed on a server, Apple has never had contact with the FBI or any other service about such an incident," Apple says it has 2000 servers from Supermicro, but denies that it has found the chips. Amazon says in its denial that it found four problems with the purchase of Elemental, a takeover that took place in 2015. None of those were in the hardware.
Have a read here, at bloomberg.
nhlkoho
Senior Member
Posts: 7757
Joined: 2005-12-06
Senior Member
Posts: 7757
Joined: 2005-12-06
#5592177 Posted on: 10/04/2018 04:47 PM
It would get political because all the companies that Bloomberg said this happening to are outright denying the story. Typically if they want to keep shut they'll use boilerplate "No comment" but they are literally saying this didn't happen and it's entirely fabricated news story. Bloomberg itself posted a counter article summarizing it.
There isn't exactly any penalty to publicly lie about stories like this anymore. I can't even count how many times a story came out in the past year (politically motivated or not) that was denied and then turned out to be true in the end.
It would get political because all the companies that Bloomberg said this happening to are outright denying the story. Typically if they want to keep shut they'll use boilerplate "No comment" but they are literally saying this didn't happen and it's entirely fabricated news story. Bloomberg itself posted a counter article summarizing it.
There isn't exactly any penalty to publicly lie about stories like this anymore. I can't even count how many times a story came out in the past year (politically motivated or not) that was denied and then turned out to be true in the end.
Denial
Senior Member
Posts: 13803
Joined: 2004-05-16
Senior Member
Posts: 13803
Joined: 2004-05-16
#5592189 Posted on: 10/04/2018 05:08 PM
You're right and it's definitely getting significantly more difficult to judge the accuracy of stories due to the increasing level of dishonesty across the board. Is Bloomberg outright fabricating this story? Are the six current/former white house officials lying? Are the companies lying that this didn't happen? I don't know - which is why I find this story so strange. Bloomberg is a fairly trusted news publication, it's rated typically as center/left center - most of the "conspiracy this is fake news" posts I see about this story are implying that it's a White House hit job on China designed to "promote" the ongoing trade dispute, in fact someone mentioned that here. I don't know why a slightly left leaning site (at worst) would fabricate or agree to fabricate a story about this. I'm also positive that if they didn't fabricate the story, they did some due diligence and vetted the sources - there is six of them from the white house and several "apple insiders" they are using as sources. That's like a fair number of sources - which would lead me to believe that there is some level of truth to the story. But even the company's responses are outright puzzling to me. In terms of PR you almost never outright deny a story like this - whether the story is true or false - it's just not worth the legal risk. Yet, despite the ongoing facebook saga, complete with multi-billion dollar fines due to them covering their hack up, all of these companies choose to outright deny this story.
I'm not really taking a side or saying who is lying or not but it's just extremely weird to me. None of the "conspiracyesque" narratives I've seen thus far really fit what's going on here.
There isn't exactly any penalty to publicly lie about stories like this anymore. I can't even count how many times a story came out in the past year (politically motivated or not) that was denied and then turned out to be true in the end.
You're right and it's definitely getting significantly more difficult to judge the accuracy of stories due to the increasing level of dishonesty across the board. Is Bloomberg outright fabricating this story? Are the six current/former white house officials lying? Are the companies lying that this didn't happen? I don't know - which is why I find this story so strange. Bloomberg is a fairly trusted news publication, it's rated typically as center/left center - most of the "conspiracy this is fake news" posts I see about this story are implying that it's a White House hit job on China designed to "promote" the ongoing trade dispute, in fact someone mentioned that here. I don't know why a slightly left leaning site (at worst) would fabricate or agree to fabricate a story about this. I'm also positive that if they didn't fabricate the story, they did some due diligence and vetted the sources - there is six of them from the white house and several "apple insiders" they are using as sources. That's like a fair number of sources - which would lead me to believe that there is some level of truth to the story. But even the company's responses are outright puzzling to me. In terms of PR you almost never outright deny a story like this - whether the story is true or false - it's just not worth the legal risk. Yet, despite the ongoing facebook saga, complete with multi-billion dollar fines due to them covering their hack up, all of these companies choose to outright deny this story.
I'm not really taking a side or saying who is lying or not but it's just extremely weird to me. None of the "conspiracyesque" narratives I've seen thus far really fit what's going on here.
Fox2232
Senior Member
Posts: 11809
Joined: 2012-07-20
Senior Member
Posts: 11809
Joined: 2012-07-20
#5592196 Posted on: 10/04/2018 05:19 PM
Bloomberg being hacked with fake article? Or is that real article?
In-Q-tel? Good name for company... intel "Q"estion/ery/...
Secondly, I really want to see real photo of those microchips and to what components they were connected.
There are very few specific places where some chip can affect anything.
No way to affect code being executed in CPU, that's simply not possible as chip would have to intercept, analyze and change data going from memory/storage in real time.
(crazy computational capacity required, a lot of traces overriden, And a lot of hacking-chip-on-board-storage required to actually have reference on what to intercept.)
Maybe possible to send fake read and writes to storage controller, but again very complicated for anything this small without a lot of onboard memory and traces.
Most feasible way would be this having access to BIOS chip, simply parsing and altering/inserting modules. So basically rootkit deploy chip.
- reason here would be to survive BIOS update
But then following description is way too incorrect:
"⑤ When a server was installed and switched on, the microchip altered the operating system’s core so it could accept modifications. The chip could also contact computers controlled by the attackers in search of further instructions and code."
= = = =
And then there is that F*ing Big Important thing:
IIRC, US made some legislation changes which classify foreign cyber-attack as Act of War. I have no clue if it went through and under which conditions it should have apply. US guys will probably know.
Bloomberg being hacked with fake article? Or is that real article?
In-Q-tel? Good name for company... intel "Q"estion/ery/...
Secondly, I really want to see real photo of those microchips and to what components they were connected.
There are very few specific places where some chip can affect anything.
No way to affect code being executed in CPU, that's simply not possible as chip would have to intercept, analyze and change data going from memory/storage in real time.
(crazy computational capacity required, a lot of traces overriden, And a lot of hacking-chip-on-board-storage required to actually have reference on what to intercept.)
Maybe possible to send fake read and writes to storage controller, but again very complicated for anything this small without a lot of onboard memory and traces.
Most feasible way would be this having access to BIOS chip, simply parsing and altering/inserting modules. So basically rootkit deploy chip.
- reason here would be to survive BIOS update
But then following description is way too incorrect:
"⑤ When a server was installed and switched on, the microchip altered the operating system’s core so it could accept modifications. The chip could also contact computers controlled by the attackers in search of further instructions and code."
= = = =
And then there is that F*ing Big Important thing:
IIRC, US made some legislation changes which classify foreign cyber-attack as Act of War. I have no clue if it went through and under which conditions it should have apply. US guys will probably know.
HeavyHemi
Senior Member
Posts: 6954
Joined: 2008-10-27
Senior Member
Posts: 6954
Joined: 2008-10-27
#5592200 Posted on: 10/04/2018 05:22 PM
All that is missing is one PHYSICAL example of this. I find it impossible to believe that these are installed all over the planet yet nobody can find one? That not one single person in years has come forward and said 'hey look at this'. This story fails my basic sniff test for that basic reason.
All that is missing is one PHYSICAL example of this. I find it impossible to believe that these are installed all over the planet yet nobody can find one? That not one single person in years has come forward and said 'hey look at this'. This story fails my basic sniff test for that basic reason.
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 2522
Joined: 2017-08-18
and i thought I was cynical...lol
anyhow, Denial is on point about the liability issues.
Amazon Cloud Services and Apple Cloud...
that's a lot of liability right there without bringing in government contracts.
SuperMicro, wow, i had such a high opinion of them.
one of the reasons (other than cheap labor and a huge market) tech companies produce in China is political stability. this is a gut punch to every American tech company with eyes on the fat wallets of the Pentagon.