China's great hardware hack?

Started by Tom, October 04, 2018, 09:15:04 AM

Previous topic - Next topic

Tom

<Zapata Prime> I smell Stanley... And he smells good!!!

Thorin

To me, the article appears well-sourced and well-researched.  The details appear believable, and the actions mentioned line up with various warnings about Chinese-produced hardware over the past few years.  I don't see an obvious motive for Bloomberg's journalists to lie in this story, so I'd say chances are pretty high that Bloomberg's article isn't full of @%&#.

This is what true nation-on-nation cyber warfare looks like, in my mind.
Prayin' for a 20!

gcc thorin.c -pedantic -o Thorin
compile successful

Tom

To me it seems like it should have blown up already.
<Zapata Prime> I smell Stanley... And he smells good!!!

Mr. Analog

Bloomberg made claims which at least Apple and Amazon have refuted (which Bloomberg published, good on 'em) so now we wait for the proof of said claims.

It's starting to creep into other media sources with a lot of discussion about potential ramifications. Either way don't put an appliance online without a firewall (duh)

IF its true its an awfully ballsy gambit with far reaching consequences across tech, politics and industry.
By Grabthar's Hammer

Lazybones

Quote from: Mr. Analog on October 04, 2018, 02:09:48 PM
Either way don't put an appliance online without a firewall (duh).

Supermicro is the OEM for a number of devices including security hardware.

A firewall / IDS / IPS / NGFW might not even pick up some outbound traffic if it is from a device that is already expected to have internet access.

Mr. Analog

Quote from: Lazybones on October 04, 2018, 03:15:39 PM
Quote from: Mr. Analog on October 04, 2018, 02:09:48 PM
Either way don't put an appliance online without a firewall (duh).

Supermicro is the OEM for a number of devices including security hardware.

A firewall / IDS / IPS / NGFW might not even pick up some outbound traffic if it is from a device that is already expected to have internet access.

Chilling if true then
By Grabthar's Hammer

Tom

Yeah, supermicro is a /big/ supplier for server equipment.

A good firewall would be able to notice unexpected traffic patterns. like for some reason you're getting regular check ins to some china server when it has no business going there.. but how many places set that kind of check up?
<Zapata Prime> I smell Stanley... And he smells good!!!

Lazybones

Quote from: Tom on October 05, 2018, 09:31:52 AM
Yeah, supermicro is a /big/ supplier for server equipment.

A good firewall would be able to notice unexpected traffic patterns. like for some reason you're getting regular check ins to some china server when it has no business going there.. but how many places set that kind of check up?

Gets hard to detect that if you ACTUALLY do work with companies in china unfortunately.

The provide pictures and descriptions of what they are like but why isn't there a break down of one of these listed from a known independent lab?

Mr. Analog

A new update: https://www.bloomberg.com/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecom

Again no pictures or anything concrete and all from a single source. Super Micro's stock is taking a hammering with each one of these stories though
By Grabthar's Hammer

Lazybones

Quote from: Mr. Analog on October 09, 2018, 01:32:12 PM
A new update: https://www.bloomberg.com/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecom

Again no pictures or anything concrete and all from a single source. Super Micro's stock is taking a hammering with each one of these stories though

The security expert there clearly indicates that the devices where tampered with in a late stage of the supply chain.

There was a similar issue with cisco hardware way back.

This is a bit better news that SuperMicro / many manufactures being directly involved.

Mr. Analog

Quote from: Lazybones on October 09, 2018, 04:50:55 PM
Quote from: Mr. Analog on October 09, 2018, 01:32:12 PM
A new update: https://www.bloomberg.com/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecom

Again no pictures or anything concrete and all from a single source. Super Micro's stock is taking a hammering with each one of these stories though

The security expert there clearly indicates that the devices where tampered with in a late stage of the supply chain.

There was a similar issue with cisco hardware way back.

This is a bit better news that SuperMicro / many manufactures being directly involved.
Huh I only skimmed through the article that's interesting

Sent from my SM-T810 using Tapatalk

By Grabthar's Hammer

Lazybones

QuoteThe executive said he has seen similar manipulations of different vendors' computer hardware made by contractors in China, not just products from Supermicro. ?Supermicro is a victim -- so is everyone else,? he said. Appleboum said his concern is that there are countless points in the supply chain in China where manipulations can be introduced, and deducing them can in many cases be impossible. ?That's the problem with the Chinese supply chain,? he said.

QuoteThe more recent manipulation is different from the one described in the Bloomberg Businessweek report last week, but it shares key characteristics: They?re both designed to give attackers invisible access to data on a computer network in which the server is installed; and the alterations were found to have been made at the factory as the motherboard was being produced by a Supermicro subcontractor in China.

Well at least it is one of there subcontractors, which means that Supermicro as a whole probably isn't collaborating with but is one of its subcontractors is.

Tom

Yeah, its almost certainly stuff being done outside of supermicro's and anyone else's knowledge. The first article explains its agents walking up to sub contractor factories and pretending to be representatives from supermicro and ask for changes.
<Zapata Prime> I smell Stanley... And he smells good!!!

Thorin

So I guess the US intelligence agencies were on to something a couple of years ago when they started disallowing software and hardware created in Russia and China...
Prayin' for a 20!

gcc thorin.c -pedantic -o Thorin
compile successful

Lazybones

It is particularly relevant for government and military use. 

The NSA was doing it to Cisco hardware for export at one point.

https://www.techradar.com/news/networking/routers-storage/photos-reveal-nsa-tampered-with-cisco-router-prior-to-export-1249191