Go Back   IceInSpace > Equipment > Software and Computers

Reply
 
Thread Tools Rate Thread
  #1  
Old 29-11-2018, 04:54 PM
gary
Registered User

gary is offline
 
Join Date: Apr 2005
Location: Mt. Kuring-Gai
Posts: 5,916
Post How China used microchips implanted on motherboards to infiltrate US companies

In a 4 October 2018 article at Bloomberg, Jordan Robertson and
Michael Riley report on how the Chinese People's Liberation Army (PLA)
inserted minuscule spying microchips onto server motherboards manufactured
in China on behalf of a large American server manufacturer.

The motherboards were optimised to run in large data centers and
the chips would allow for the security of the software running on the
motherboard to be compromised.

Some of the spy chips were so diminutive and thin in size that they
were hidden between the layers of fiberglass in the circuit boards.

The article also includes two audio "read aloud" links for those who
prefer to listen rather than read.

Story here :-
https://www.bloomberg.com/news/featu...-top-companies
Reply With Quote
  #2  
Old 29-11-2018, 05:44 PM
multiweb's Avatar
multiweb (Marc)
ze frogginator

multiweb is offline
 
Join Date: Oct 2007
Location: Sydney
Posts: 22,060
Fascinating read. Amazing how they used the chips to back track the perps and identify other potential victims. There's a good script for a movie somewhere in there. Also interesting to see Huawei mentioned. They were so prude and offended when we ditched them for the 5G network. Certainly there will be a shift in the next decade where hardware gets manufactured and who supplies it. Siri is in fact the red sparrow...
Reply With Quote
  #3  
Old 29-11-2018, 07:09 PM
Stonius's Avatar
Stonius (Markus)
Registered User

Stonius is offline
 
Join Date: Mar 2015
Location: Melbourne
Posts: 1,495
"Two of Elemental’s biggest early clients were the Mormon church, which used the technology to beam sermons to congregations around the world, and the adult film industry, which did not."
Reply With Quote
  #4  
Old 29-11-2018, 08:55 PM
RickS's Avatar
RickS (Rick)
PI cult recruiter

RickS is offline
 
Join Date: Apr 2010
Location: Brisbane
Posts: 10,584
There has been a lot of discussion of the Bloomberg claims and it's not clear where the truth lies. They are normally not given to making inaccurate claims but the rebuttal from Apple et al has been unambiguous and not the mealy mouthed stuff you'd expect from public companies that don't want to fess up but can't risk telling an outright porky. There has also been some speculation that it's deliberate misdirection from govt sources with an ulterior motive. After all, it's not like China is the flavour of the month in the US at present.

I expect we'll never know for sure but my guess is that it's BS. There are some significant technical hurdles to achieving what is claimed.

Cheers,
Rick.
Reply With Quote
  #5  
Old 29-11-2018, 10:24 PM
multiweb's Avatar
multiweb (Marc)
ze frogginator

multiweb is offline
 
Join Date: Oct 2007
Location: Sydney
Posts: 22,060
Quote:
Originally Posted by RickS View Post
I expect we'll never know for sure but my guess is that it's BS.
So the mormons do watch adult films?
Reply With Quote
  #6  
Old 29-11-2018, 11:05 PM
Stonius's Avatar
Stonius (Markus)
Registered User

Stonius is offline
 
Join Date: Mar 2015
Location: Melbourne
Posts: 1,495
Quote:
Originally Posted by RickS View Post
I expect we'll never know for sure but my guess is that it's BS.
It is pretty well known that China redirects internet traffic for espionage purposes. It's happened twice in the last month. Traffic to Australia was redirected to China for 6 days, and traffic to the US was rerouted to China for an hour (funny how it's always redirected to China or Russia, never the other way round).

It's routine and part of an espionage strategy. https://www.itnews.com.au/news/china...archers-514537 They do it because they can, same as we probably would if we could, it's just that they just have the upper hand. So if they do that, it's a very small leap to be modifying hardware to make it hackable.

Besides, Bloomberg is not exactly Breitbart, it's a story that has been doing the rounds amongst reputable newspapers for a while now. I can't remember, but wasn't this sort of stuff the reason why Australia nixed the Huawei cable contract too?

China have the means and motive, and Apple doesn't want to admit that they were well and truly owned. That would seem to be the simplest explanation to me.



M
Reply With Quote
  #7  
Old 29-11-2018, 11:42 PM
silv's Avatar
silv (Annette)
Registered User

silv is offline
 
Join Date: Apr 2012
Location: Germany 54°N
Posts: 1,110
yeah, Bloomberg ist not Breitbart, exactly.

I remember how weird I found it that this investigative IT news item made it into national German TV and paper news for 2 days, back then.
My impression from that was that the quoted parties, german and other politicians, and intelligence services people, were all too eager to discredit the investigation.

But: Bloomberg had been investigating that issue for longer than 12 months. (Isn't there a quote from a Nov. 2017 Apple -reply to Bloomberg's written question? Or Apple mentions that date in their rebuttal? )
So the story wasn't a quick shot without double and triple checking like you would expect from Breitbart-like media.
Also, the article was first published on a Wednesday so it wasn't intended to govern the weekend news cycle, either.
The article's publishing date also had nothing to do with Midterm or any other important election (I can think of).

If Bloomberg was fed false info over 12 months ago - exactly when did the involved party hope that the article got written and published?
Reply With Quote
  #8  
Old 29-11-2018, 11:49 PM
silv's Avatar
silv (Annette)
Registered User

silv is offline
 
Join Date: Apr 2012
Location: Germany 54°N
Posts: 1,110
"putting on my tinfoil hat"

all governments and intelligence services have already access to those little Chinese Rice Implants. Israel had found out about it ages ago and has written an interface to lead out the wanted data to upload it to their interested customer, i.e. the respective governments. Israel bc they're market leader in illegal spy software.

Now, because all governments already know and abuse the little Chinese Rice corns, no one wants the Bloomberg article to be believed.

I believe it.
Reply With Quote
  #9  
Old 30-11-2018, 06:16 AM
bojan's Avatar
bojan
amateur

bojan is offline
 
Join Date: Jul 2006
Location: Mt Waverley, VIC
Posts: 6,932
The image of the chip looks like shows RF balun transformer.

Maybe yes, maybe no... Looks to me like pure Trumpism.
Reply With Quote
  #10  
Old 30-11-2018, 10:54 AM
gary
Registered User

gary is offline
 
Join Date: Apr 2005
Location: Mt. Kuring-Gai
Posts: 5,916
Quote:
Originally Posted by multiweb View Post
So the mormons do watch adult films?
Single partner fantasies?
Reply With Quote
  #11  
Old 30-11-2018, 10:56 AM
multiweb's Avatar
multiweb (Marc)
ze frogginator

multiweb is offline
 
Join Date: Oct 2007
Location: Sydney
Posts: 22,060
Quote:
Originally Posted by gary View Post
Single partner fantasies?
touché.
Reply With Quote
  #12  
Old 30-11-2018, 01:34 PM
LewisM's Avatar
LewisM
Novichok test rabbit

LewisM is offline
 
Join Date: Aug 2012
Location: Somewhere in the cosmos...
Posts: 10,388
US has been doing it for a good while so it’s no shock honestly. Stuxnet for starters, not to mention Cisco...and a lot more like the “failsafe” stop mechanics build-ins and so on.

US just doesn’t like it when the tide is turned on them. To claim US doesn’t do it (like traffic diversion) is head in the sand.

Or maybe the US is just not as “exceptional” as they claim
Reply With Quote
  #13  
Old 30-11-2018, 02:08 PM
multiweb's Avatar
multiweb (Marc)
ze frogginator

multiweb is offline
 
Join Date: Oct 2007
Location: Sydney
Posts: 22,060
Quote:
Originally Posted by LewisM View Post
US has been doing it for a good while so it’s no shock honestly. Stuxnet for starters, not to mention Cisco...and a lot more like the “failsafe” stop mechanics build-ins and so on.

US just doesn’t like it when the tide is turned on them. To claim US doesn’t do it (like traffic diversion) is head in the sand.

Or maybe the US is just not as “exceptional” as they claim
They probably done it too for a long while but we still can say what we think about it.
Reply With Quote
  #14  
Old 30-11-2018, 03:03 PM
RickS's Avatar
RickS (Rick)
PI cult recruiter

RickS is offline
 
Join Date: Apr 2010
Location: Brisbane
Posts: 10,584
Here's an analysis of the technical claims: https://www.servethehome.com/investi...micro-stories/

My money is still on Bloomberg being wrong even though I love a good conspiracy theory

Cheers,
Rick.
Reply With Quote
  #15  
Old 30-11-2018, 03:31 PM
multiweb's Avatar
multiweb (Marc)
ze frogginator

multiweb is offline
 
Join Date: Oct 2007
Location: Sydney
Posts: 22,060
Quote:
The key here is that the companies named are all sophisticated, and will have better protections than your average small to medium enterprise. Bloomberg’s report describes an attack that is not possible at the companies listed in the article.
I understand there are always two sides to a story and that technology used the right way works as advertised. Is it fair to never underestimate the stupidy of a handful of individuals in any large organisation who take shortcuts once in a while for convenience of use by saving time and forget about it on a Friday afternoon going home that is usually enough to open an otherwise closed point of entry and expose a system , be it software or hardware. They cherry pick clear misconception and lack of understanding in the Bloomberg articles. Fair enough. But saying that someone said something stupid doesn't make the other points less valid.
Reply With Quote
  #16  
Old 30-11-2018, 03:51 PM
RickS's Avatar
RickS (Rick)
PI cult recruiter

RickS is offline
 
Join Date: Apr 2010
Location: Brisbane
Posts: 10,584
Quote:
Originally Posted by multiweb View Post
I understand there are always two sides to a story and that technology used the right way works as advertised. Is it fair to never underestimate the stupidy of a handful of individuals in any large organisation who take shortcuts once in a while for convenience of use by saving time and forget about it on a Friday afternoon going home that is usually enough to open an otherwise closed point of entry and expose a system , be it software or hardware.
Sure, there will be vulnerabilities at even the best, tech savvy organisations, but it seems to me that attempts to exfiltrate data over a period of time at multiple organisations without detection must be exceedingly low.

Last edited by RickS; 30-11-2018 at 05:18 PM.
Reply With Quote
  #17  
Old 30-11-2018, 05:17 PM
Stonius's Avatar
Stonius (Markus)
Registered User

Stonius is offline
 
Join Date: Mar 2015
Location: Melbourne
Posts: 1,495
There's this from nearly 5 years ago. It's a story that's been around for a while. I don't know why it's blowing up now.

https://spectrum.ieee.org/tech-talk/...own-spy-tricks

[edit] and this from 2016
https://www.computerworld.com/articl...ter-chips.html

Then we had the Lenovo thing, then the Huawei thing, and the sensitive clients are rejecting suspicious technology en masse.

Ask yourself why China, being in a position to do so, *wouldn't then go ahead and install the chips.

In short, white hat hackers said someone would do it, someone did it, government agencies are reacting to it, newspapers have been reporting this kind of thing for years.

TBH, I have to squint pretty hard to make a conspiracy theory out of this one.

Even the take-down piece on Serve the Home makes a lot of assumptions then proceeds to shoot down its own assumptions. The whole way through I'm thinking 'maybe they don't work quite the way you think they do', and without access to the sort of technical information that they would never be allowed to get their hands on, it's basically just an opinion piece.

That's er... my opinion

-Markus
Reply With Quote
  #18  
Old 30-11-2018, 06:23 PM
gary
Registered User

gary is offline
 
Join Date: Apr 2005
Location: Mt. Kuring-Gai
Posts: 5,916
Quote:
Originally Posted by Stonius View Post
It is pretty well known that China redirects internet traffic for espionage purposes. It's happened twice in the last month. Traffic to Australia was redirected to China for 6 days, and traffic to the US was rerouted to China for an hour (funny how it's always redirected to China or Russia, never the other way round).

It's routine and part of an espionage strategy.
At the outbreak of WWI, the British had cut the direct telegraph lines
that ran between Germany and the United States.

Before the Americans had joined the war, the Germans appealed to the
Americans to allow diplomatic traffic to be routed to and from their
embassies in the Americas.

Woodrow Wilson agreed, believing maintaining a diplomatic relationship
with Germany might aid a negotiated peace.

With direct telegraph cables being cut, messages were routed from
Germany to the US embassy in Copenhagen. However, before making
their way across the Atlantic, they were boosted at a relay station near
Land's End in England.

Well of course the British were intercepting all the traffic and eavesdropping
on both the Americans and the Germans.

One of the conditions the Americans placed on German diplomatic traffic
was that it had to be sent in the 'clear'. However, the Germans convinced
the US ambassador in Denmark to forward one telegram that was
encrypted. It was sent from a German civil servant by the name of Zimmerman to
the German Ambassador in Mexico.

Just as they did later in WWII, the British had broken the German codes.

The Zimmerman telegram, as it became to be known, was decrypted and read as follows -

Quote:
Originally Posted by Zimmerman Telegram
FROM 2nd from London # 5747.

"We intend to begin on the first of February unrestricted submarine warfare. We shall endeavor in spite of this to keep the United States of America neutral. In the event of this not succeeding, we make Mexico a proposal or alliance on the following basis: make war together, make peace together, generous financial support and an understanding on our part that Mexico is to reconquer the lost territory in Texas, New Mexico, and Arizona. The settlement in detail is left to you. You will inform the President of the above most secretly as soon as the outbreak of war with the United States of America is certain and add the suggestion that he should, on his own initiative, invite Japan to immediate adherence and at the same time mediate between Japan and ourselves. Please call the President's attention to the fact that the ruthless employment of our submarines now offers the prospect of compelling England in a few months to make peace." Signed, ZIMMERMANN.
The British wanted desperately for the United States to enter the war.
With the Zimmerman Telegram in hand, it would be exactly the type
of evidence the British would need to convince Wilson to declare war
on Germany.

But at the same time the British didn't want to tip off the Americans or
the Germans that they had been eavesdropping and that they had cracked
the German codes.

The British created a cover story that their agents had stolen a copy of the
telegram and the telegram was forwarded to Wilson.

As it transpired the Germans began to sink ships bearing the American
flag in the Atlantic on 1 Feb 1917.

Congress voted for the US to join the war on 6 April 1917.
Reply With Quote
  #19  
Old 30-11-2018, 06:27 PM
RickS's Avatar
RickS (Rick)
PI cult recruiter

RickS is offline
 
Join Date: Apr 2010
Location: Brisbane
Posts: 10,584
Quote:
Originally Posted by Stonius View Post
There's this from nearly 5 years ago. It's a story that's been around for a while. I don't know why it's blowing up now.
It's blowing up now because it's something rather different to a suspicion of Huawei building backdoors into products they design themselves. This is purportedly about Chinese subcontractors tampering with products they were building on behalf of a US company, SuperMicro, and a claim that these products were supplied to US companies including Apple and Amazon.

Here's some recent news on the topic.

https://www.washingtonpost.com/blogs...=.9c8d65001206
Reply With Quote
  #20  
Old 30-11-2018, 06:48 PM
silv's Avatar
silv (Annette)
Registered User

silv is offline
 
Join Date: Apr 2012
Location: Germany 54°N
Posts: 1,110
I like your opinion, Markus/Stonius.

The difference is when government agencies are found out it is perceived as "for national security purposes" and therefor deemed a "necessary nuisance" and negligible. No one assumes the NSA and equivalents would do industrial espionage. I think that's a wrong assumption. (Snowden leaks shed light on NSA spying on Siemens, if I recall correctly) But it's nonetheless a prevailing one.

With China it's different. Their access to company data of SAP, Siemens, Apple etc. raises the immediate suspicion of industrial espionage.

And that is a circumstance where government agencies are supposed to step in and stop it from happening. It's their job description to protect natural people and corporations from theft of their property. That's what taxes are paid for. We pay tax and meet our end of the bargain - and they fail to protect us. So... we could basically stop meeting our end of the bargain, as well, stop paying taxes and go back to Neandertal societal conduct: Hiring hordes of Foreign Legion thugs and go to war with China on our own.
Unless our failed agencies make us believe that they kept their end of our contract.

If Bloomberg is right and wasn't force fed false info, all (western) governments have a) - as I assume - abused the very same Chinese-built vulnerability for their own agenda. And b) have therefore knowingly, wilfully failed in their job to protect us from property theft.

I strongly believe that the rebuttal articles - as you rightly say, "opinion pieces" - are all made up by our agencies.
Surely, SAP, Siemens, Volkswagen or RWE in Germany (or their international sites) have bought those servers in question, as well. And still have at least some in operation. So opening them up is possible. For German IT-Magazines' journalists, as well.
Yet, they're not doing so but strictly stick to writing opinion pieces. Funny. When in other cases those same IT journalists are keen to open up anything as long as it's fancy, and write about it in details with actual specimen photos and performance graphs and whatnot. And this time only opinion pieces? Very weird.

On Tuesday Oct 9th, Bloomberg came out with another piece. This time fed by the disclosed source Yossi Appleboum who claims to have found "rice corns" at a different location on a server board after having been called in for expert investigation of an actual logged data leak.
https://www.bloomberg.com/news/artic...in-u-s-telecom

Now this is kinda tricky. Given that Appleboum used to work in Israel on spy software for military/governments - and is now CEO of a security company in the US.
... old ties to Mossad, US-Israel friendship... I'd rather not trust someone with his CV not having a hidden agenda ... but then again: who would be the best security expert if not someone who knows his stuff inside and out?

That's where I'd have to trust Bloomberg's natural professional suspicion during vetting of their source.
And I do trust them. Bloomberg is not Fox News, right?.
Reply With Quote
Reply

Bookmarks

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +10. The time is now 08:24 PM.

Powered by vBulletin Version 3.8.7 | Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Advertisement
Bintel
Advertisement
Testar
Advertisement