Supermicro along with Apple and Amazon refute claims in Bloomberg story
Click here to post a comment for Supermicro along with Apple and Amazon refute claims in Bloomberg story on our message forum
tunejunky
fantaskarsef
What I'm most curious now at this point is, that if the story is not true, will Supermicro sue Bloomberg for putting preasure on their stock and making them lose millions in stock worth over night? Not to mention a damage in reputation that's pretty hard to put into numbers they'd have to put into a lawsuit to claim further damage?
Because if this happens, I don't want to know what a judge says about Bloomberg's keeping their sources "secret".
tunejunky
Embra
@austin865 : A litle info for you about Bloomberg: https://en.wikipedia.org/wiki/Bloomberg_L.P.
They are highly reputable.
tunejunky
fantaskarsef
So all in all there is little chance to prove this story either true or false, as well as even if they are true, they will never get who did it? And they can't change the fact that the demand for infrastructural hardware can't be met by any manufacturing outside China?
Seems like there is little choice but to go on the way it is, right?
tunejunky
fantaskarsef
Still those other choices would cost more money for manufacturing, even though China's wages (and probably taxes / costs for the infrastructure) have risen. Not that it wouldn't make sense for high sensibility markets like servers, I still don't thing they will flash out billions to avoid this risk, or it would have happened 5 to 10 years ago already...
And I wouldn't trust Singapore either, since they're more or less Chinese, and I wouldn't count on the Chinese to not have their fingers (agents) there too. If you want to be totally secure, I guess there's little choice but to bring manufacturing to domestic soil.
moo100times
I am inclined to agree with you tunejunky.
At the end of the day, espionage is big business, allows you to harvest information, manipulate your own and also foreign populations potentially with ease, and is still economical relative to outright war. There are many large scale data harvesting and manipulation schemes, and countries always have used whatever they have at their disposal. The fact that this has not been done before is perhaps more surprising to me. I mean there was this leak https://www.businessinsider.com/russia-claims-china-bugged-tea-kettles-2013-10 a few years ago and some others rumoured prior to this. Whilst I am sure not everything is an outright hack, I would not doubt that there is something going on regularly, and why the Chinese government would not use manufacturing to get something into hardware is beyond me. It really falls to the companies and the countries trying to save money and outsourcing their security through manufacturing elsewhere, and these are the subsequent risks taken by doing so. The fact that China has done custom deals with AMD, they are pushing their own CPU development and this seems to have been an upswing since the whole Meltdown/Spectre reveal. I remember this story https://www.techpowerup.com/241024/intel-warned-china-of-meltdown-and-spectre-before-the-us-government and whilst this may be "true", it assumes that the US government did not know about it which I still consider highly unlikely (for a variety of reasons - can Intel really be that incompetent for >15 years and over multiple new designs of CPU, integration of their hardware into security, tech, research industries and few others). US government agencies have requested overrides to security (Apple and the FBI) and the integration of back doors into new products and integration of existing services into data harvesting projects like PRISM, and countries like the UK have had legal data tapping and information collection enshrined in law since WW2 (and has companies large mobile telecom companies like vodafone).
I would say this is simply the new standard of espionage to any country that has the infrastructure to implement it. Whether this specific case is true or not, I am sure there is an interesting game afoot. Denying it however is in the interest of all parties involved, as companies are libel for more data breaches and failure to check their hardware if it is true, and in the face of current rising tensions, could push countries towards outright conflict which will harm everyone in the long run, though with current posturing things may well end up that way anyway.
Fox2232
tunejunky
there is an adage "a little knowledge is a dangerous thing"...
mainly meaning those with expertise elsewhere who dabble in deep waters are adrift.
frankly it's adorable how naive so many of you are. and the naive ignorance of what can and cannot be done, just because it's outside your experience.
i have experience of decades working for multinationals and government contractors from the beginning of the pc revolution and my late brother was one of the men in gov't handling technology transfers to South Korea (hello IC manufacturing). i lived in Japan and Hong Kong
and currently consult in aerospace (satellites).
the allegations of Chinese tampering are far from imaginary or political (other than the long range plan for supremacy).
this stuff is real and it happens every day.
and again the U.S. has done and has been doing this for decades.
one of the selling points for E.U./Russian/Japanese/Indian launch vehicles is that they're not launched from the U.S. on American rockets.
and there is a reason for that...
tunejunky
and oh yes...
go look up Plausible Deniability
Noisiv
This story is getting better by the day.
First the anonymous sources accused specific companies, and now the specific source (Yossi Appleboum) is accusing anonymous companies.
Mr. Yossi Appleboum, CEO of Sepio Systems, previously worked for Israeli intelligence, the only state entity beside the US that's known to be involved in the case of destructive hacking, and then went to brag about it!
Foxnews called it 21st century James Bond, and reported it as "Stuxnet. Shaken, not stirred."
Sepio Systems’ board includes Chairman Tamir Pardo, former director of the Israeli Mossad, the national defense agency of Israel, and its advisory board includes Robert Bigman, former chief information security officer of the U.S. Central Intelligence Agency.
Somewhat surprisingly Mr. Yossi Appleboum went into great length to absolve Supermicro of any guilt, and instead is pointing finger at... well EVERYONE.
According to him the problem is wide spread and the entire industry is affected. And the most common way to hack you is... they send you a malicious serviceman or you already have a compromised employee... :
I want to be quoted. I am angry and I am nervous and I hate what happened to the story. Everyone misses the main issue.
The problem is that when you get the hardware how can you make sure the product was not compromised?
Someone can replace modules that validate hardware with other modules that say it is okay.
We are spending $100B on software related attacks, but near zero for hardware attacks. That is irresponsible and that is the problem that we need to fix.
PS
If you visit Sepio's website you are greeted with:
VALIDATING YOUR HARDWARE ASSETS
Protecting Organizations Against Malicious Hardware Device Attacks
TAGS:
zero specifics, zero proofs
no legal liability
impossible to disprove
'do unto others'
free marketing
tunejunky
sykozis
Andrew LB
Nikki Haley resigned over the Brett Kavanaugh appointment even though she had planned on leaving for many months. They also reported china was banning bitcoin, and the completely fabricated a story about getting free upgrades to 1st class, just to name a few. Calling Bloomberg an industry leader doesn't say much considering the current state of journalism.
And i'm not sure if you ever took a civics class, or have any concept of the law, but this recent trend of making outlandish accusations and then demanding the accused prove their innocence is not how our system works. The burden of proof is on the accuser and the accused is given the presumption of innocence.
If Supermicro, Apple, and Amazon are lying, then its easily provable. Bloomberg needs to put up or shut up. Let's see some motherboards with this secret chip on it, and proof that it is what they claim. Because if they went and printed a story with such far reaching implications without a shred of evidence... well.... hate to break it to you but freedom of the press does not legalize slander/libel.
The days of objective, ethical journalism are long dead. Hardly anyone does actual investigative journalism anymore. They just repeat rumors that are phoned in as if they're fact. Or they flat out fabricate stories out of whole cloth.
Bloomberg has published all kinds of fake news lately. They claimed that tunejunky
Andrew LB, you are conflating different things to come up with your desired point.
no news agency is 100% accurate all of the time. but there's a huge difference between financial rumors (which Bloomberg has to cover as a financial news outlet read by every player on Wall Street) and investigative reporting.
i could care less about domestic politics on this point and claims of "fake news" put out by proven liars.
what amazes me is the arrogant ignorance of those who think this is either not possible, not plausible, or political.
it is entirely possible in the realm of Plausible Deniability that the Chinese didn't do this, but for anybody to say that they couldn't do this is for them to be either fooling themselves or talking up something with absolutely no knowledge of the subject.
fantaskarsef
I tell you, it smells. I'd bet that the least of all the hardware is de facto compromised right now. But the point of compromised service technicians is probably the most prominent. But that's quality reassurance, and that's actually a thing that the institution or company that gives out their orders is supposed to do...
So instead of making everybody crazy they should just stfu and manage their own processes better so that they'd know what's happening. End of story. No need to make the public crazy about it.
Fox2232
tunejunky