Supermicro along with Apple and Amazon refute claims in Bloomberg story
Click here to post a comment for Supermicro along with Apple and Amazon refute claims in Bloomberg story on our message forum
vbetts
Moderator
So basically it seems like the equivalent to clickbait for Bloomberg.
JamesSneed
I would expect a lawsuit to be imminent as Super MIcro has a very good case for damages. Amazon just handed the case to them by saying we told Bloomberg reporters for months that this server espionage was not the case.
HawaiianBrian
Bloomberg = Fake news. I don't like Trump but he's right about the whole "fake news" thing in the media.
WareTernal
Not just for Bloomberg 😀...This is a totally recycled story we've got here. The original story clearly said 'Amazon, Apple, and Supermicro disputed summaries of Bloomberg Businessweek’s reporting.'
I'm not so sure about that. This sounds feasible to me. One chip can do a lot.
Nothing new here yet. We still know nothing for sure.
Right now we've allegedly got anonymous 17 sources confirming various parts of this story.
My faith in 'anonymous sources' = 0.
We've got no sample, or even picture, of the hardware in question.
The FBI's refusal to comment, and denials of knowledge by all of the parties involved would be normal for a 'secret FBI investigation'.
HeavyHemi
This is the danger. Taking one story like this and painting all of media with it. So, no he's isn't especially since what he's claiming is 'fake news' are factual articles about him. So lets be careful in how we describe things.
Back on topic.
This story smelled from the beginning to me simply from the lack of even one physical device being uncovered. Not a one.
tunejunky
actually, in cases like these, the chance of Bloomberg (or the traditional media) being "fake" with allegations like these is zero.
why zero? because every printed story naming names and companies have been triple verified to avoid libel.
Bloomberg is first and foremost a business media outlet.
the fact that we've heard from corporate public relations means nothing. if these allegations were false the lawyers would be talking, not P.R. hacks.
WareTernal
Next time, "let's be careful" and stay on topic in the first place...
There's just no logic to back that up. If by "every printed story naming names", you mean the one Bloomberg story that we're talking about, the one that didn't name any names, and you just going on the authors word that everything is super verified and double fact checked with a blue star, then you just missed the point.
The strength of your opinion doesn't ~= fact.
Fox2232
That's correct. With few wires, there is only feasible vector of attack. That's flash memory for BIOS or other part. There just 3 additional wires from GND and Vcc are needed.
But their description is so vague that this simple to describe attack vector is very likely out of question.
Noisiv
When was the last time you heard of Cease and Desist Order pulled over fake news? Ever...?
Lawsuit over what?
Reporting that "according to extensive interviews with government and corporate sources [...]" and quoting people "one official says [...]" is hardly illegal.
tunejunky
WRONG
they named the companies, who are able to sue for false claims, market interference, and a chilling effect.
and i'm not going on ANYBODY's WORD.
you are obviously unacquainted with business at the corporate level. "Bloomberg" is not just highly regarded, It Has Professional Standards that lead its industry.
i stand by every word i posted.
until the lawyers for Amazon, SuperMicro, and Apple speak i stand with Bloomberg.
and obtw, it is simplicity itself (not counting the actual device) for the Chinese to plant bugs in specific batches of mobo's.
they're in China, with Chinese workers, working for a Chinese company that is beholden to its repressive government.
i've spent the first 10 years of my career riding herd on Dual Use electronics (because of Cold War export controls) and i can testify factually on the pervasive attempts to buy, steal, copy, or borrow technology by the Russians and Chinese. it never stops...ever.
Astyanax
not just the lack of evidence of it, i asked a pcb engineer and she said the particular placement of the chip would make it impossible to tell actual data from electronic noise.
sykozis
Amazon's response wasn't from a "PR hack".... It was from the Chief Information Security Officer at AWS...
Bloomberg claims that affected systems were sold to specific customers. The issue here is that the manufacturing plant in China would not know exactly what customers would get what boards, making it impossible to target specific companies. The manufacturing plant would also have to modify intended circuits and add a lot of new circuits to account for the functionality of these "smaller than a grain of rice" chips. When did China develop the technology to create such a small chip and all the traces necessary to pull off such a feat? The necessary traces alone would make the chip larger than a grain of rice.
tunejunky
you are forgetting that this is a state actor.
SuperMicro may or may not know where the shipments are bound, but China can easily manipulate that with export controls.
also, passive sensor technology has been progressing by leaps and bounds. who knows what the State Labs in China (or here) produce?
the U.S., back when only the U.S. and Japan made computer components, had back-doors into just about every hdd and a lot of the early networks. some of which were hardware, not software. i know this for a fact as i worked for the premier manufacturer of optical drives and optical technology and we had to operate under certain controls...and these were ROM.
every early laptop was essentially "bugged" until Chinese manufacturing came online.
this is not paranoia, it's fact of record so i'm very cynical.
fantaskarsef
Apparently, neither was a concrete case given where this alleged placement of chips really happened, nor who gave the information away. Fake news coming from the pentagon?
https://translate.google.at/translate?sl=de&tl=en&js=y&prev=_t&hl=de&ie=UTF-8&u=https%3A%2F%2Ffm4.orf.at%2Fstories%2F2940104%2F&edit-text=&act=url
Fox2232
"fact-free"
sykozis
The Chinese manufacturers have no way of knowing which SuperMicro customers are going to receive which boards unless SuperMicro ignores security protocols and tells the manufacturing plant.
I worked for a manufacturing plant. Due to potential security issues, we only knew what company commissioned the manufacture of parts, the design specifications, the number of units to produce and the production deadline. If anyone inquired as to who the parts were destined for, they were removed from the property by security personnel. We were even forbidden from discussing exactly what parts our particular departments were producing.
I find it hard to believe that a server company, selling products to the US Gov't, would not have similar security protocols in place to ensure the safety of their customers. I also find it hard to believe that SuperMicro would not verify their product designs upon receipt of said products. That's generally part of QA.
tunejunky
As this story has unfolded, another networking company...with it's CIO a former Mossad information tech officer, and the former head of the Mossad as it's CEO (Sepio systems) has found more evidence of Chinese hardware tampering.
"Unusual communications from a Supermicro server and a subsequent physical inspection revealed an implant built into the server’s Ethernet connector, a component that's used to attach network cables to the computer, Appleboum said.
The executive said he has seen similar manipulations of different vendors' computer hardware made by contractors in China, not just products from Supermicro. “Supermicro is a victim -- so is everyone else,” he said. Appleboum said his concern is that there are countless points in the supply chain in China where manipulations can be introduced, and deducing them can in many cases be impossible. “That's the problem with the Chinese supply chain,” he said."
Sykosis, i know you have a hard time with this, i do not.
i've worked in electronics and electronics manufacturing for almost 40 years and i know this is not just possible or even probable, it is Most Likely. the US has been doing stuff like this for decades (especially IBM, HP, WD, et al) so why do you think China, with it's new access to markets would not? seriously, you are quite smart, but you are also naive.
fantaskarsef
Do you maybe have a link for further reading into that?
tunejunky
https://www.bloomberg.com/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecom
again, Bloomberg verifies every story it prints from at least three sources. Unlike almost all internet news sites, but just like traditional journalism.
there are other articles but behind paywalls (The Economist, WSJ).
sykozis
So, you quote a company who's domain was registered in February 2016 (same year the company was founded) and claims to be a "pioneer" in their field.... The people running the company also have zero background in hardware, while trying to sell a "security suite"..... Everything about their claim screams either stock manipulation or scaremongering as a marketing tactic. They claim their "security suite" can stop "hardware level" attacks.... Please find a credible source of information. From the information I've found, this looks like another attempt at stock manipulation.
For a company that claims to have earned "global recognition", they appear to be pretty damn unknown globally. Every site I can find even mentioning the company, is all marketing BS.
