The Long Hack: How China Exploited a U.S. Tech Supplier (bloomberg.com) 104
Supermicro chips and software were tampered with by Chinese operatives in the past decade, Bloomberg reported Friday, doubling down on its 2018 report that was widely disputed by several tech giants and government agencies. Today's report says that U.S. security and defense officials knew of the hack but kept it secret in an effort to learn more about China's hacking capabilities. From the report: Bloomberg Businessweek first reported on China's meddling with Supermicro products in October 2018, in an article that focused on accounts of added malicious chips found on server motherboards in 2015. That story said Apple and Amazon.com had discovered the chips on equipment they'd purchased. Supermicro, Apple and Amazon publicly called for a retraction. U.S. government officials also disputed the article.
With additional reporting, it's now clear that the Businessweek report captured only part of a larger chain of events in which U.S. officials first suspected, then investigated, monitored and tried to manage China's repeated manipulation of Supermicro's products. Throughout, government officials kept their findings from the general public. Supermicro itself wasn't told about the FBI's counterintelligence investigation, according to three former U.S. officials. The secrecy lifted occasionally, as the bureau and other government agencies warned a select group of companies and sought help from outside experts. Some stories from 2018 that capture the reaction of the industry to Bloomberg's earlier piece:
Amazon Has Pulled Ads From Bloomberg Over Controversial 'Big Hack' Chinese Spy Story; Apple Has Not Invited Outlet's Reporters To a Product Event;
In an Unprecedented Move, Apple CEO Tim Cook Calls For Bloomberg To Retract Its Chinese Spy Chip Story;
Bloomberg is Still Reporting on Challenged Story Regarding China Hardware Hack.
With additional reporting, it's now clear that the Businessweek report captured only part of a larger chain of events in which U.S. officials first suspected, then investigated, monitored and tried to manage China's repeated manipulation of Supermicro's products. Throughout, government officials kept their findings from the general public. Supermicro itself wasn't told about the FBI's counterintelligence investigation, according to three former U.S. officials. The secrecy lifted occasionally, as the bureau and other government agencies warned a select group of companies and sought help from outside experts. Some stories from 2018 that capture the reaction of the industry to Bloomberg's earlier piece:
Amazon Has Pulled Ads From Bloomberg Over Controversial 'Big Hack' Chinese Spy Story; Apple Has Not Invited Outlet's Reporters To a Product Event;
In an Unprecedented Move, Apple CEO Tim Cook Calls For Bloomberg To Retract Its Chinese Spy Chip Story;
Bloomberg is Still Reporting on Challenged Story Regarding China Hardware Hack.
More like: (Score:1, Insightful)
How the US tech supplier fucked itself chasing easy money and now wants someone else to foot the bill of fighting better competition.
Looks like Apple are in bed with China tbh. (Score:3, Insightful)
If the hack is true, then basically it looked like China tried to apply pressure via Apple.
And if that is true, it shows you *exactly* the kind of company Apple actually is.
Re:Looks like Apple are in bed with China tbh. (Score:5, Interesting)
Bloomberg never provided any evidence that it was true, and as far as I know, nobody has backed them up on it. Meanwhile, the companies themselves and the US government have basically refuted it. Bloomberg lost a lot of credibility over refusing to admit they might be wrong.
Re: (Score:1)
Yeah, this is what I came here to say.
I'm willing to believe the report, but only after I see some evidence.
So far, zero evidence of this supposed hack has been presented to the public, and until I see some, I'm going to consider this to be a snowjob. Put up or shut up, Bloomberg.
Re:Looks like Apple are in bed with China tbh. (Score:5, Informative)
So far, zero evidence of this supposed hack has been presented to the public, and until I see some, I'm going to consider this to be a snowjob. Put up or shut up, Bloomberg.
Did you actually read the article [bloomberg.com] ? Or are you commenting on just the summary?
This quote was interesting:
The link is to the court record. The testimony in question starts on page 71. https://assets.bwbx.io/documen... [assets.bwbx.io]
The article also quotes a large number of people. Some of these are "name withheld", but quite a few of the people were willing to go on record and were quoted by name.
Re: (Score:2)
Nobody's saying this thing isn't happening as a concept, just that the Supermicro case appears to be bunk.
I haven't read the Bloomberg article because it's paywalled. I'm not going to pay Bloomberg to read their unfounded conspiracy theories.
Click the link [Re:Looks like Apple are in bed...] (Score:2)
I haven't read the Bloomberg article because it's paywalled. I'm not going to pay Bloomberg to read their unfounded conspiracy theories.
Odd, I just clicked the link [bloomberg.com] and it opened.
When it opened, text did show up at the bottom of the article saying "you have 7 free articles left." Looks like you've been reading a lot of Bloomberg, odd considering how you think they print "unfounded conspiracy theories".
Re: (Score:2)
I haven't been to Bloomberg in ages, and when I tried to read the article I was presented with a paywall. This is probably because I have ublock, noscript etc. However, I'm not only not going to pay Bloomberg to read their shit, I'm also not going to trust them to run code on my computer.
Re: (Score:2)
I've not read an article on Bloomberg in recent memory. It's possible that an extension like ublock is interfering. I don't think I trust an organization that deals in sketchy conspiracy theories to run without some basic protections like that. Or maybe it's that I'm in Canada. Or maybe it's that I have a pseudo-static IP, and used up the free allocation a long time ago. Who knows, not my problem. Nobody takes them seriously anymore anyhow.
Comment without reading (Score:2)
I've not read an article on Bloomberg in recent memory.
In that case, you need to add the words "I am completely ignorant since I haven't read the subject we are talking about, but my uninformed opinion is" before your statement
the Supermicro case appears to be bunk.
Re: (Score:2)
"A large amount of Lenovolaptops were sold to the US military that had a chip encrypted on the motherboard that would record all the data that was being inputted into that laptop and send it back to China."
So how do you "encrypt" a chip on a motherboard? I wasn't taught that at uni. /sarcasm
Re: (Score:2)
Re:Looks like Apple are in bed with China tbh. (Score:5, Interesting)
Exactly this. Extraordinary claims require extraordinary evidence, but Bloomberg never provided any evidence of any kind.
Their original article was based on unnamed and unidentified sources. Amazon and Apple were claimed to have had their cloud infrastructure hacked via compromised Supermicro boards, but one company confirmed they had never even had Supermicro boards in use in their data centers, while the other confirmed that their last Supermicro boards had been phased out for unrelated reasons a few years prior to the date that the alleged hack began. (One of?) the only named sources in the article whose interview was used to outline potential hacking possibilities publicly reamed Bloomberg after the article was published because they misused his quotes to make it sound like the hypotheticals he was discussing were reality. Virtually every other major news outlet published reports indicating that they were unable to confirm any of the information via their own sources.
Perhaps most concerning, tens of thousands of these hacked boards supposedly exist and were delivered to numerous companies, yet not one person or company has ever produced the smoking gun or gone on the public record to say that they exist.
Bloomberg got taken for a ride, refused to retract the reporting, and now they’re doubling down on this increasingly outlandish conspiracy theory.
Re: (Score:2)
Those Supermicro boards were installed in the DVRs of the world's largest security hardware/software company (Lenel), which manages security for among other places the Pentagon (product now discontinued because of the move to IP video). Rather difficult to believe it would have been allowed.
Re: (Score:2)
Exactly this. Extraordinary claims require extraordinary evidence, but Bloomberg never provided any evidence of any kind.
Not to stoke the tinfoil hat crowd, but this is what you'd expect if two of the largest nation-states were involved, one being the instigator and the other being the victim/investigator. The US and China wield immense economic power over companies like Supermicro, Apple, etc. Likewise, if the US wanted to keep a counterintelligence op secret, any domestic sources going on the record risk arrest. It's the perfect storm for trying to present evidence. You can easily imagine a scenario where China threaten
Re: (Score:1)
Not saying this is what's going on, only that if it was going on, it would look exactly like this.
Absence of evidence is not evidence of presence.
Re: (Score:1)
Not saying this is what's going on, only that if it was going on, it would look exactly like this.
Absence of evidence is not evidence of presence.
If you go back and read what I posted you'll note I did not claim "evidence of presence." That's a fabrication on your part. I stated quite clearly that if China was involved in supply chain attacks, and if the US was actively working to keep it quiet, both parties would behave in ways to create the exact situation we find ourselves in. It's not a declaration; it's a hypothesis. Learn the difference.
Re: (Score:3)
Perhaps most concerning, tens of thousands of these hacked boards supposedly exist and were delivered to numerous companies, yet not one person or company has ever produced the smoking gun or gone on the public record to say that they exist.
Don't know where you saw that. Bloomberg made no claims at all about the scale of the alleged hack. From the timescales involved, my assumption was there were only a tiny handful of compromised boards produced, targeted for delivery to specific OEM customers. There's no reason at all to believe that an entire production run of some board model was compromised. Bloomberg claimed a sophisticated nation-state level hack. The time and expense required to pull a handful of boards off the line and manually i
Re: (Score:2)
How would the factory making a Supermicro board for a generic Supermicro product know who was going to buy that board down the line? That board could go to Joe's Home Server Farm just as easily as it goes to Apple or Amazon.
Re:Looks like Apple are in bed with China tbh. (Score:5, Insightful)
Their claims are at least believable - the Chinese are basically accused of what the NSA was doing at the exact same time. Board level malware, hard to detect and difficult to remove. Supply chain attacks. Infected software updates. GCHQ was in on the act as well.
On the one hand there is zero evidence. On the other, it would be surprising if the Chinese, and the Russians, and the Israelis, and the Japanese, and the French and everyone else were not doing it.
Let's also not forget that this was during the time when an NSA contractor was able to walk off with large amounts of classified information. Apparently security was less than stellar.
Re: (Score:2)
Quick note : we both have lower user id's so we might have read the same stuff in our youth ( your ID dates you about 1998-2000 mine is 1999 or 2000, I forget with age LOL )
Anyway, In the mid 80's the Sci-Fi magazine Analog publishes a multiple part series that exactly covered this.
I am rather confident that outside of the public persona of Apple's top brass, when it comes to a hack on the main platform, Apple, will do whatever it takes to abolish the aberration-abnormality ( and I say those words with the
Re: (Score:1)
Re: (Score:2)
My understanding is that the NSA was intercepting already manufactured products that were making their way through the mail system and modifying them (which can be extremely targeted), while in this case the claim was that Supermicro boards were being compromised in the factory before they were even sent to Supermicro (which less less targeted). It's not quite the same.
Re: (Score:2)
The NSA sabotaged encryption standards, and it's widely believed that things like AES instructions and RNGs in CPUs were compromised by them at the design stage.
Re:Looks like Apple are in bed with China tbh. (Score:5, Insightful)
THIS! Also, in the 2018 article, they tried to make it more convincing by showing us pictures of the so-called spy chip that were actually just a common surface mount resistor pack that didn't have connections to anything that would even make the supposed spying actions possible. They even included "quotes" from experts who explicitly denied they had said any such thing.
Now they're doubling down, and even though they should know that there is a huge self-created credibility gap, they present their accusations again without a single shred of evidence to back it up. This time they claim it's malicious code implanted into a BIOS update. That's more credible by itself, but it should be easy enough to point to a particular BIOS update containing the malware and a disassembly of that malware. Perhaps a hexdump of the so-called beacon data. If it's really happening, they should be able to show us that.
Meanwhile, TFA doesn't even show an understanding that what they're claiming now is NOT the same things as they were claiming in 2018.
Re:Looks like Apple are in bed with China tbh. (Score:4, Insightful)
THIS! Also, in the 2018 article, they tried to make it more convincing by showing us pictures of the so-called spy chip that were actually just a common surface mount resistor pack that didn't have connections to anything that would even make the supposed spying actions possible. They even included "quotes" from experts who explicitly denied they had said any such thing.
Again, not to get all tinfoil hatty here, but it's totally possible to conceal a malicious device inside a package that looks identical to a surface mount resistor pack. Without testing the traces or doing an x-ray of the device in question, it could be anything. Indeed, a covert malicious device would be designed to look innocuous on purpose.
Likewise, if Bloomberg quoted an expert and that expert later declared "I said no such thing!" then something really weird is going on. Bloomberg is not some tabloid rag. To make up a quote on such a high-profile, sensitive topic would be extremely risky for them...and for what gain? A few more clicks? While it's not outside the realm of possibility, it would be incredibly irresponsible and risk a devastating blowback. While it may be possible, I don't see Bloomberg acting that stupidly. Another explanation is pressure was put on the "experts" to recant, and that's completely believable in the context of the current article, namely that China pressured Apple/etc. to deny any Chinese shenanigans and the US pressured domestic outlets to deny/suppress or risk uncovering a counterintelligence op. I wouldn't put such tactics beyond either the US or China.
Re: (Score:2)
Again, not to get all tinfoil hatty here, but it's totally possible to conceal a malicious device inside a package that looks identical to a surface mount resistor pack. Without testing the traces or doing an x-ray of the device in question, it could be anything. Indeed, a covert malicious device would be designed to look innocuous on purpose.
Sure, but if it's supposed purpose is to inject malware, it would need to be connected to the data lines. Given the small number of connections on a credible resistor pack, about the only place to stick it for code injection would be the LPC ISA bus.
Given such an explosive claim, it's odd that it was denied by all parties including the experts interviewed and nobody anywhere corroberated the story with a photo of the actual spy device" in-situ or anything. Nobody came out with a hexdump of unauthorized data
Re: (Score:3, Informative)
Sure, but if it's supposed purpose is to inject malware, it would need to be connected to the data lines. Given the small number of connections on a credible resistor pack, about the only place to stick it for code injection would be the LPC ISA bus.
I agree...mostly. It's impossible to say definitively that a surface-mount device is only connected to what you see on the surface when you're dealing with a multilayer motherboard. While it would be an engineering challenge, the possibility of traces below the surface layer cannot be discounted. A full disassembly of the motherboard would reveal this, one way or the other. Yes, putting hidden traces on a motherboard would be a very involved process, but look at it this way: China has the means (both ec
Re: (Score:3)
If they had an actual board in hand, they could easily get someone to do the examination. You could potentially mount a chip directly on vias or better, tuck the vias under the chip, but that would easily be revealed with a hot air gun and a strong flashlight. No need for a big expensive setup, many hobbyists have a sufficient workbench to do the analysis.
You wouldn't even have to trace the connections all the way back, just place an interposer between the board and the chip and see if a digital scope shows
Re: (Score:3)
Some systems permit boot loading via I2C FLASH ROMs. Depending on what you are trying to attack, you only need access to 2 pins.
Also, the nuances of a story can get lost in journalists simplifications.
It could be that the BIOS ROMs contained the actual malware. The hardware modification may have enabled delayed payload activation. Thus, the computers would not be detected as compromised when being first installed. The chip would make the computer wait for a preset number of reboots, or for when a part
Re: (Score:2)
But PC style hardware attaches the FLASH via LPC ISA. If I wanted delayed activation, I would put the counter in the main flash so I wouldn't have to add suspicious extra hardware. Flash can only be erased in blocks, but you can change a 1 bit to a zero bit by bit. For a counter, just use a block of addresses and use 0 bits as tally marks.
The flaws in the 2018 story weren't nuances. It was a snow job using pictures of common components with deceptive captions to lend fake credibility.
Re: (Score:2)
Without testing the traces or doing an x-ray of the device in question, it could be anything.
Then they should have done the trace and x-ray. Neither is difficult.
Circuit board x-ray machines are common. They are used to verify the proper soldering of BGAs.
Following the traces is even easier. Just delaminate the board and look at them under a 30x scope. Or use a cheap continuity probe.
Even easier, remove the resistor pack from the board with a $5 soldering iron, then test it with a $10 ohm-meter to see if it really is a resistor pack.
Or use a 5 cent sheet of sandpaper to remove the top of the pac
Re: (Score:2)
The US government under Trump was doing everything it could to show that China was bad. Do you really think that the US government as well as other five eyes governments would be denying any information that there was a hack?
Absolutely.
"Well, Chairman, as I said in my statement, it was inappropriate -- it was improper for the president to request -- to demand and investigation into a political opponent, especially a foreign power where there's, at best, dubious belief that this would be a completely impartial investigation. And that this would have significant implications if it became public knowledge and it would be perceived as a partisan play. It would undermine our Ukraine policy and it would undermine our national security."
-- LtCol Alexander Vindman.
Note that I am not suggesting _anything_ about what Trump did, did not do, or the propriety thereof. However, I think the above quote is quite indicative because you have someone ultimately saying that Trump's action's "undermine our Ukraine policy" and this is a widely held view. It was quite commonly stated by both congressmen and media personalities during the (first) impeachment. However, foreign policy is, constitutionally, the purview of the president. It is
Re: (Score:2)
I am leery of this logic you are suggesting, because it gives a President (any President) way too much latitude. How the U.S. interacts with other countries - diplomacy and how that plays into a wider international strategy - does largely fall to the
Re: (Score:2)
Damn markup chewed up the point I was trying to make. Vindman spoke of two things - Ukraine policy and national security - and I think it is important to keep both in mind, and not only focus on "foreign policy".
Re: Looks like Apple are in bed with China tbh. (Score:3)
Re: (Score:1)
Re:Looks like Apple are in bed with China tbh. (Score:5, Insightful)
This is all going to be largely conjecture until someone breaks his clearance and a Wikileaks style reveal occurs. Regardless of the veracity of this particular story, however, it is factual that China (and others) have the access and the technical capability to perform this type of attack, and in the current Cold War 2.0 environment, the US (and Europe) needs to do a lot more to bring its supply chain under full scrutiny and control - minimally for military and infrastructure, but since both those groups use so much consumer equipment outside the inner security circles, also potentially wider than just those limited markets.
Re:Looks like Apple are in bed with China tbh. (Score:5, Insightful)
If the hack is true, then basically it looked like China tried to apply pressure via Apple.
And if that is true, it shows you *exactly* the kind of company Apple actually is.
Well, to quote the Spartan ephors in their letter to Philip of Macedon: "IF" ... Where did you get that information? From a Q-Anon post? When they discovered these spy chips as the summary states, Apple & Amazon would have reported them to US intelligence because that's what they are required to do by US law. US signals intelligence people then decided to allow this Chinese signals intelligence operation to continue for intelligence gathering purposes. Monitoring and manipulating hostile intelligence operations rather than breaking them up is standard intelligence gathering procedure and has been since at least the Bronze Age. If Apple and Amazon issued denials I'll bet you cash money that they did so at the behest of US signals intelligence and not, as you are insinuating, because Apple and Amazon (which you omitted from your accusations for some curious reason) are in league with the Chinese Communist Party.
Re: (Score:2)
Well, considering that Amazon doesn't have any Supermicro boards installed in their data centers I think it's unlikely that any other denial would have been necessary on their part, and undermines Bloomberg's credibility.
Re: (Score:2)
Well, considering that Amazon doesn't have any Supermicro boards installed in their data centers...
Can you back that authoritative claim up with some actual evidence or is this another nugget you found in a Q-Anon post?
Re: (Score:2)
AWS runs custom hardware in its servers, the doesn't buy commodity boards on the open market. That might not be common knowledge even though they've gone to lengths to publicize the fact.
https://www.geekwire.com/2017/... [geekwire.com]
Re: (Score:2)
You realize that makes Amazon really easy to target, right?
You know the equipment is going to Amazon because it's custom, so it's a great place to put your $EVIL_CHIP.
Re: (Score:2)
You realize that makes Amazon really easy to target, right?
You know the equipment is going to Amazon because it's custom, so it's a great place to put your $EVIL_CHIP.
Cuz ... Q-Anon says so!!!
Re: (Score:2)
The claim is "They're safe because it's custom hardware!!!", not that this story has the best sourcing.
Re: (Score:2)
Reading carefully I can see when a nation state could do mischief. And the reason is rather simple. Even the biggest of companies rely on outside suppliers. AWS bought an Israeli company for some of it. But there's a lot of hardware that makes up a cloud. Even wiring. Security as I'm reminded is the victim getting it right every time. While the enemy gets it right once.
Re: (Score:3)
The goal of security is not to prevent every attack, since that's impossible. It's to make an attack inconvenient/expensive enough to discourage attackers, and to set systems up in such a manner that a successful attack is detected. (That's probably not what executives and the public think, but that's the practice for those of us who actually make our living in the field.)
Re: (Score:2)
It's funny that anyone would think China would be stupid enough to believe they hadn't been caught red handed and still continue trusting the data.
Why would the people who planted the devices, believe the denials? They'd already know it's not true.
Anyone good enough to do what is claimed. Obviously would be keeping a close eye out for exactly this kind of thing, so they know if they have been discovered yet. It makes absolutely
Re: (Score:3, Insightful)
Backing China has been the default, obvious stance for decades. Limitless cheap labor and an iron-clad fixed exchange rate meant that outsourcing US jobs overseas was a no brainer. No more pesky high wages and labor rights. Communist China can do away with all that, and as time went by the quality of their swelling industrial base outclassed the rotting remains of US manufacturing.
But now Washington is sending out mixed messages
Re: (Score:1, Insightful)
Excellent points. There's a lot of contradictory forces at work here. Trump and the neocons both supported Cold War v2 against China, but Trump actually tried to pull back from the neocon's disastrous endless wars.
Most Dems bought the Bountygate stories (despite the total lack of proof), putting them on the side of neocons and endless warriors. Biden is making noise about China's human rights violations, but if he's truly the status quo leader he wants us to believe he is, then he will look the other way a
Re: Looks like Apple are in bed with China tbh. (Score:2)
ROFL. So Trumpers are interested in "proof" all of a sudden.
Re: (Score:1)
Bit of a self-own that you read my comment and immediately rush to defending the Dems' credulity and willingness to be played by the endless warriors/military-industrial complex/deep state/whatever you want to call them. Liz Cheney, is that you?
Re: (Score:1)
>> The intelligence wasn't proved to me. It was proved enough to worry me. It wasn't proved enough that I'd take it to a court of law. That's often true in battlefield intelligence -- Gen. Frank McKenzie
Tell me why should I believe General Frank McKenzie or the rest of the revolving parade of losers than have dumped trillions into Afghanistan and Iraq, with hugely negative results for both the occupiers and the occupied? The "proof" is that they found some Taliban guys with a bunch of cash...in a coun
Re: (Score:2)
Amazon had to be pressured to keep silent about hacked boards that they've never installed. Seriously? They don't use the hardware, so Bloomberg's claim that AWS was hacked through it seems dubious at best.
Re: (Score:2)
honestly, it's not the pressure from China. More likely the NSA pressured apple and amazon to keep quiet. The spy game is about keeping your opponents in the dark about what you know. If they don't know what you know, it makes it easier.
Keep quiet before the story came out maybe.
But after that, what's the point? Whoever planted any spy devices would already know they'd been caught. Denials or not.
Re: (Score:2)
Huawei (Score:4, Insightful)
Kinda of explains why the US Government is so against Huawei and other Chinese manufacturers. I always figured they had some knowledge that they were not sharing. Seems China has become good at supply chain attacks.
Re: (Score:1)
It seems more likely that since Huawei is miles ahead of Cisco and the US telecoms, is eating their business, created much of the 5G standards, and is laying the groundwork for 6G that the ossified Old Tech in the US is doing the only thing they can to try to maintain their market share; bribe government officials.
Re: (Score:3)
Re: (Score:2)
Kinda of explains why the US Government is so against Huawei and other Chinese manufacturers. I always figured they had some knowledge that they were not sharing. Seems China has become good at supply chain attacks.
When you own the entire supply chain, it would be difficult not to be good at attacking it.
Show me the money (Score:5, Insightful)
Just tell us which chip to decap and compare to untampered ones.
Re: (Score:2)
Looks like Bloomberg has decided that if you've already shot off one foot, you might as well reload, blow off the other foot, and hope you'll end up levitating.
The idea of China putting "spy chips" onto motherboards has never made one ounce of sense. Why should they use hardware that provides a perfect smoking gun pointing right back to them, when they have been so incredibly successful getting what they want by other means? As the recent Sol
what's new? (Score:2)
Re: (Score:1)
That's why to be truly secure, you need a chain of firewalls, Huawei to block the NSA backdoors, Cisco to block the CCP backdoors, etc...etc...
Re: (Score:2)
Cisco built the original Great Firewall of China. When I was in college in the '90s everyone laughed when China declared they were going to spend $4 billion to upgrade their creaking antiquated telecom infrastructure, it wasn't even clear at the time where they were going to get that much foreign exchange dollars to spend. They loaned Cisco money (through cut outs in Hong Kong and IIRC London) to expand their manufacturing capability, and in exchange Cisco built a factory in China and sold them all the ha
Re: (Score:1)
Can you point to any US-based countries creating backdoors for the NSA? Not saying they don't exist, but whether they do is just speculation at this point and many systems that you may point at are open source as well.
Huawei on the other hand has been caught red-handed (https://www.bloomberg.com/news/articles/2019-04-30/vodafone-found-hidden-backdoors-in-huawei-equipment)
Re: (Score:2)
Nothing but FUD (Score:1)
Re: (Score:2)
Oh yeah, SolarWinds was complete FUD, right?
Its more than just Huawei. Are you going to deny issues with Dahua and Hikvision too?
Re: (Score:1)
SolarWinds was Russia, not China.
I appreciate that someone from the USA has difficulty with the concept that there are other nations in the world, but do try.
Re: (Score:2)
Yes, yes, its all FUD. Great to meet you, Chen.
https://www.reuters.com/articl... [reuters.com]
Re: (Score:2)
The sources, who spoke on condition of anonymity
Yep, as FUD-dy as it gets.
Re: (Score:2)
Of course anonymous sources have never said anything remotely true, right? And China has nothing to gain, right?
Re: (Score:2)
Of course anonymous sources have never said anything remotely true, right?
Correct, "anonymous sources" from the gubbermint are the most often used way to push a narrative, which is typically 99.9% of the time and 99.99% in the content pure FUD. Also correct, anything that is only "remotely true" is FUD by definition.
And China has nothing to gain, right?
I'm not sure I understand you. What has China got to gain from the FUD anonymous US government sources are spreading about it, and why does it matter?
Re: (Score:2)
Explain why I should trust China. Other than call everything FUD, you've provided no reason why I should trust China. Are you saying that China has nothing to gain by spying on the US?
Re: (Score:2)
Explain why should I explain anything about "teh Chinar", when the discussion is about a specific piece of disinformation completely devoid of evidence and obviously generated by the US Government lies machine.
You claim what your link says is true without a shred of hard evidence.
Incidentally, also true of the "Russian ackers" alleged "involvement" in the SolarWinds bug debacle.
Re: (Score:2)
I'm saying there is motive, there is capability, there is willingness. Frequently, there is information but you don't reveal your hand. The details will come out in time.
Re: (Score:2)
Yes, bro, ALL will be REVEALED in GOOD TIME!
Here, have some more Kool-Aid.
Re: (Score:2)
https://www.reuters.com/articl... [reuters.com]
Re: (Score:2)
Explain why the US should simply trust China. What has China done to earn our trust?
Calling everything that ever happens FUD is disingenuous. A quick Google search shows a long history of cyber-espionage by China.
long debunked Bloomberg nonsense (Score:2)
Not only did show a photo with arrow to common chip claiming it was secret evil thing in Super Micro servers while spinning their tale with zero actual proof, they themselves were found to be a Super Micro customer. The retardation at Bloomberg just won't quit.
Re: (Score:2)
Project Mockingbird is alive and well.
Re: (Score:2)
show a photo with arrow to common chip claiming it was secret evil thing
Given that you can conceal quite a lot in something very small, how do you know it's not what they say? I'm not saying that proves it's an evil device but neither can you disprove by saying "hey, this two-millimeter cube on my motherboard looks legit so it must be harmless!" You can't tell a damn thing about it by just looking at it. You'd need to x-ray the chip, disassemble the motherboard layer by later and trace the contacts, and carefully look at all traffic to/from the device to make a definitive ru
Re: (Score:1)
They coupled their silly picture with zero actual proof or sources.
I could write the same thing, "OMG American bathrooms have evil chinese spy cams", with picture having arrow to toilet's shut off valve.
Re: (Score:2)
Who to believe? (Score:1)
On the one hand, this time around Bloomberg actually has people with names willing to step up and say that there might be something here. That's a big improvement from their previous article
On the other, they still have no concrete proof. A single motherboard with the malicious chip/BIOS would be evidence enough, yet they apparently can't get their hands on one?
On yet another, if this is true, it makes sense that the US spying agencies would want to sit on it.
But on yet another, if this is true, it makes no
Re: (Score:2)
I just don't know. Certainly this is a viable attack vector for a nation-state, and it kinda blows my mind that US military isn't exclusively using hardware made in the USA. While I'm all for globalization, you gotta balance costs with national security...
The supply chain is much too complex to make blanket purchasing decisions like "no Supermicro gear" have the desired effect. What if the motherboard is assembled in the US but using parts sourced overseas? What if the chip fab is in China, but packaged in the Netherlands, resold by a wholesaler in Germany, shipped via a South African freighter, put on a Mexican trucking line for delivery to a factory in Texas for final assembly? And that's just one example of a relatively simple global supply chain. Som
Re: (Score:2)
it makes no sense that US military would still be allowed to purchase hardware from potentially compromised manufacturers.
Equipment from certain manufacturers are banned on some US classified networks. For example, Lenovo was banned in 2006. [defense.gov]
(Skip to the bottom of page 7, aka the 17th page of the PDF, for a paragraph that summarizes the situation)
Re: (Score:2)
Once upon a time (Score:4, Interesting)
We used to laugh and make fun of the tin-foil hat crowd that pushed all sorts of crazy conspiracies out.
Then along came Mr. Snowden, the revelations about room 641A, what the NSA's TAO team was doing, Vault 7 and probably an entire list of things I can't recall. ( And an even longer list of things we're not even privy to yet. )
The moral of this story is this:
Don't be quite so quick to discount or discredit what used to reside within conspiracy theory territority.
If we've learned nothing else, an uncanny amount of truth is coming out of what used to be tabloid worthy material.
Once upon a UFO. (Score:2)
We used to laugh and make fun of the tin-foil hat crowd that pushed all sorts of crazy conspiracies out.
Still do. Anyone know where I can get a crashed UFO?
standard spycraft (Score:5, Interesting)
I know that this sounds like I'm a conspiracy theorist, but in this case OF COURSE EVERYONE INVOLVED EXCEPT THE PRESS WILL DENY. This is run-of-the-mill espionage.
Where's the lawsuit though? (Score:2)
The bloomberg piece certainly looked like a bunch of BS when it first showed up. And then all the big boys started leaning on them, demanding a retraction. That was awhile ago. Now they're at it again with the same.
Why haven't Apple and Amazon just sued them to force a retraction at this point? Don't tell me its because they're to busy or broke to sue.
Re: (Score:2)
Why haven't Apple and Amazon just sued them to force a retraction at this point? Don't tell me its because they're to busy or broke to sue.
Corporate mouthpieces can say almost anything they want to journalists (outside of violating SEC rules and things like that).
Lying to the journalist isn't a crime, but lying in a depostiion is.
When you sue someone, you give their lawyers the right of discovery.
Another is that although the Bloomberg article may be wrong in some details, it is right in some of the things they said. Apple/Amazon/etc don't want those things proved in court testimony.
Apple/Amazon/Supermicro may have found a problem and solved it
Oh, please! (Score:1)
The Bloomberg article is as extraordinary as claiming that a brick fell when someone dropped it. Beijing's intel community takes advantage of every opportunity others g
Forest vs trees (Score:1)