Bloomberg: China broke into US companies by adding chip on server motherboards
Click here to post a comment for Bloomberg: China broke into US companies by adding chip on server motherboards on our message forum
Typhoon2097
Riiiiight... It's not the russians this time, now it's the chinese again... And coincidentally this is published in the middle of US-China trade war 😀
poornaprakash
If we see things as a whole China now exactly behaving like the old US were. Karma retaliation 😛
Brasky
5$ says typhoon is a bot. any takers?
msotirov
Typhoon2097
Valken
oh noes... them pesky Russians, err... Chinese are SPYING AGAIN!!!
"The stories get weird here; Apple and Amazon are denying any existence of the chip. "Apple has never found malicious chips, hardware manipulations or vulnerabilities that have been deliberately placed on a server, Apple has never had contact with the FBI or any other service about such an incident," Apple says it has 2000 servers from Supermicro, but denies that it has found the chips. Amazon says in its denial that it found four problems with the purchase of Elemental, a takeover that took place in 2015. None of those were in the hardware."
But of course, you can't believe any of those Commie Tech companies like Apple or Amazon... Still waiting for Trump to drain that swamp...
gx-x
Bloomberg is fake news.
vbetts
Moderator
I just want to say something real quick, let's not make this into a political debate. I already got enough of that going around with all the freaking political ads everywhere!
schmidtbag
Denial
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond
So what exactly is going on here? Seems extremely weird for them to deny it like this because any indication of a real attack would open them to a massive legal liability after a denial like that.
It would get political because all the companies that Bloomberg said this happening to are outright denying the story. Typically if they want to keep shut they'll use boilerplate "No comment" but they are literally saying this didn't happen and it's entirely fabricated news story. Bloomberg itself posted a counter article summarizing it.
tunejunky
and i thought I was cynical...lol
anyhow, Denial is on point about the liability issues.
Amazon Cloud Services and Apple Cloud...
that's a lot of liability right there without bringing in government contracts.
SuperMicro, wow, i had such a high opinion of them.
one of the reasons (other than cheap labor and a huge market) tech companies produce in China is political stability. this is a gut punch to every American tech company with eyes on the fat wallets of the Pentagon.
nhlkoho
Denial
Fox2232
Bloomberg being hacked with fake article? Or is that real article?
In-Q-tel? Good name for company... intel "Q"estion/ery/...
Secondly, I really want to see real photo of those microchips and to what components they were connected.
There are very few specific places where some chip can affect anything.
No way to affect code being executed in CPU, that's simply not possible as chip would have to intercept, analyze and change data going from memory/storage in real time.
(crazy computational capacity required, a lot of traces overriden, And a lot of hacking-chip-on-board-storage required to actually have reference on what to intercept.)
Maybe possible to send fake read and writes to storage controller, but again very complicated for anything this small without a lot of onboard memory and traces.
Most feasible way would be this having access to BIOS chip, simply parsing and altering/inserting modules. So basically rootkit deploy chip.
- reason here would be to survive BIOS update
But then following description is way too incorrect:
"⑤ When a server was installed and switched on, the microchip altered the operating system’s core so it could accept modifications. The chip could also contact computers controlled by the attackers in search of further instructions and code."
= = = =
And then there is that F*ing Big Important thing:
IIRC, US made some legislation changes which classify foreign cyber-attack as Act of War. I have no clue if it went through and under which conditions it should have apply. US guys will probably know.
HeavyHemi
All that is missing is one PHYSICAL example of this. I find it impossible to believe that these are installed all over the planet yet nobody can find one? That not one single person in years has come forward and said 'hey look at this'. This story fails my basic sniff test for that basic reason.
Denial
Koniakki
Size_Mick
What's really sad is that SuperMicro used to be the only company who made their boards in the USA.
nhlkoho
I agree the way the denials are written are odd. Amazons in particular:
So all they are saying is they didn't know of any malicious chips being installed. There could have been, they just didn't know of any.
They also aren't saying that one of these chips was installed in every server. If this is true, they could be in 1 in every 1000 or something. Of course it would then be harder for them to find.
Caesar
Operation CLOUDHOPPER
Since 2017