Author Topic: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.  (Read 35973 times)

0 Members and 1 Guest are viewing this topic.

Offline BravoV

  • Super Contributor
  • ***
  • Posts: 6778
  • Country: 00
  • +++ ATH1
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #150 on: October 06, 2018, 06:53:26 pm »
Bloomberg claims .....

What Bloomberg trying to say is actually pretty simple..

 "Trust us on what we claimed, ask no more, just trust us ... "
 
The following users thanked this post: tooki

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9216
  • Country: 00
  • Display aficionado
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #151 on: October 07, 2018, 12:07:04 am »
What Bloomberg trying to say is actually pretty simple..

 "Trust us on what we claimed, ask no more, just trust us ... "
While true, it's historically been a rather reputable source. That's why many people take the stories quite seriously.
 

Offline T3sl4co1l

  • Super Contributor
  • ***
  • Posts: 15212
  • Country: us
  • Expert, Analog Electronics, PCB Layout, EMC
    • Seven Transistor Labs
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #152 on: October 07, 2018, 01:46:05 am »
The amount of denial in this thread is... concerning.

Why do so many people find this unbelievable?  Many have given reasons, but none of them hold water.

Just because you can't imagine it's possible, doesn't mean it's impossible.

Alternate motives?  Maybe.  Just because that is also possible, doesn't mean it's probable, let alone guaranteed.

The reluctance to confirm sources is also obvious.  It would perhaps be nice if they collaborated with a few other journalists to better check the sources against each other and confirm things.  But even between very well trusted papers, that's a very dangerous thing to do.  More likely, we will see independent confirmation, and yes, teardowns including analysis of the chip in question will be very interesting indeed to see.

So instead of jumping to conclusions, why don't you chill out, and think on it for a moment, and realize that multiple things are possible, not just knee-jerk reactions?...

Anyway, "our boys" have had these kinds of attacks for decades.  As have our allies and enemies, to varying degrees of capability, at various times.  It is completely normal and possible, even moreso with modern technology (like the Management Engine attack vector).  The only thing distinctive about this is probably the scale at which it has been done (potentially millions of compromised units).

Tim
Seven Transistor Labs, LLC
Electronic design, from concept to prototype.
Bringing a project to life?  Send me a message!
 
The following users thanked this post: wraper, JoeO, apis

Offline FrankBuss

  • Supporter
  • ****
  • Posts: 2319
  • Country: de
    • Frank Buss
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #153 on: October 07, 2018, 01:57:37 am »
So anyone who wants to buy a  Supermicro server boards and search the chip? Looks like they are getting cheaper at the moment at eBay :-DD
So Long, and Thanks for All the Fish
Electronics, hiking, retro-computing, electronic music etc.: https://www.youtube.com/c/FrankBussProgrammer
 

Offline Cerebus

  • Super Contributor
  • ***
  • Posts: 4850
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #154 on: October 07, 2018, 02:17:04 am »
Tim, I don't think anybody is disputing the technical possibility just the quality and/or accuracy of the reporting.

What is in question is the lousy reporting which contains nothing more than handwaving on the level of technical evidence - if we'd seen one decapsulated chip with some decent microphotographs and an analysis from someone technically competent we might be somewhere else. In fact the nearest we have to evidence is "our sources tell us" with no way to corroborate this and most of the places where those sources work denying the story in pretty unambiguous terms, terms devoid of the phrasing normally associated with lawyer drafted statements that are technically true while being in fact a pack of lies.

Never before have I seen as significant a news report as this one that is as thin on evidence where a significant part of the evidence is of the kind that could be easily documented. They appear to have boards and chips, at least they have reproduced photographs that purport to be the parts and they've been running the investigation for a long time - so why no proper analysis. Add the strange political climate at the moment and the realpolitik that might go with a planted anti-china story and it would be remiss to be anything but sceptical on all fronts.
Anybody got a syringe I can use to squeeze the magic smoke back into this?
 
The following users thanked this post: mtdoc, ajb, Kean, tooki

Offline T3sl4co1l

  • Super Contributor
  • ***
  • Posts: 15212
  • Country: us
  • Expert, Analog Electronics, PCB Layout, EMC
    • Seven Transistor Labs
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #155 on: October 07, 2018, 03:14:39 am »
Equally easily explained -- they are a business publication.  If they have the technical details, it wouldn't do most of their readers any good.  Just insult them and make them feel dumb for not understanding things.  (If, say, Ars were breaking this story, I would expect them to share some technical info, and be suspicious if they didn't.)

This is very normal for, say, academic journalism.  The technical aspects have to be simplified for a less technical reader.  They often get it wrong, of course...  So, that leaves it to us (as technical readers) to read between the lines and guess what they're actually talking about.  Which is just as unreliable.  It would be so much nicer to just have the info straight, but alas...

And yes, that includes the possibility that there's nothing at all about it.  It could be that their sources didn't provide such details -- whether for the same reason (the journalists probably wouldn't know what to do with it), or because they don't have any at all.

Oh, one thing by the way, if this were unsupported -- if there were no actual facts here -- this would be defamation, and they'd be sued pretty damn quick for all the millions of dollars this is worth.  Bloomberg knows this as well as Supermicro and everyone else.  You can bet your ass they're denying publicly, and investigating internally, until they figure out some possible strategy that doesn't leave them completely destitute!

Tim
Seven Transistor Labs, LLC
Electronic design, from concept to prototype.
Bringing a project to life?  Send me a message!
 

Offline Cerebus

  • Super Contributor
  • ***
  • Posts: 4850
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #156 on: October 07, 2018, 03:55:53 am »
Equally easily explained -- they are a business publication.  If they have the technical details, it wouldn't do most of their readers any good.  Just insult them and make them feel dumb for not understanding things.  (If, say, Ars were breaking this story, I would expect them to share some technical info, and be suspicious if they didn't.)

Back in the days of print journalism, this is exactly where the editor would have put:

    [sidebar from Dr. Expert goes here "What we found under the microscope"]

A sidebar lets you provide detail that the general reader will want to skip, but that allows you to "show your workings" so that people know you're not handwaving or hoodwinking them. This is especially necessary in this case given the gravity of the accusations. Moreover, business readers aren't insulted by being presented technical details in a sidebar - business people don't expect to understand all the technical details, they have people for that "John, read this article and tell me if the technical side makes sense to you". 

Here I'm speaking as an ex-section editor of a business computer magazine. I wouldn't have put a story one tenth as volatile as this on the page without putting enough in print to make my case lawyer proof. Providing all the facts, as far as you can, may make a difference between a case for slander of goods* and no case to answer. In fact in defamation cases sometimes the most damaging thing you can do is to make accusations without producing your proof at the same time. At the very least it leads to legal bills and court appearances where, if you'd made a good case in print already, the plaintiff's lawyers would have said "don't bother".

Quote
...
Oh, one thing by the way, if this were unsupported -- if there were no actual facts here -- this would be defamation, and they'd be sued pretty damn quick for all the millions of dollars this is worth. 

Yes, and on the case made publicly so far by Bloomberg I expect that some of the accused companies' shareholder's lawyers have been quite busy this weekend. Moreover, if this gets to court on any defamation actions Bloomberg can be ordered to reveal their sources if that is the nub of their claims. That will irreparably damage their trustworthiness to future possible sources and could have been avoided if they'd made out a better, more plausible case in print.

*Trust me, I've been threatened with this plenty of times. Never had to settle or go to court though.
« Last Edit: October 07, 2018, 03:57:25 am by Cerebus »
Anybody got a syringe I can use to squeeze the magic smoke back into this?
 
The following users thanked this post: Kean, T3sl4co1l, tooki

Offline David Hess

  • Super Contributor
  • ***
  • Posts: 11173
  • Country: us
  • DavidH
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #157 on: October 07, 2018, 04:52:46 am »
Disgree.... not the 1990's... now. There are exact copies of creative patented or copyrighted work by Australian companies and individuals which thieving pirates sell stuff blatantly around the world. IP theft is rampant. Not "copy watch" of the 1990's, but entire designs of high value items where you cannot tell the difference.

Weird. I don't see any of them. Examples please.

Let's make it clear. Since we are talking illegal blatant direct clones that hit the market, those don't count:
1. Cloning of ideas and patents don't count. Only cloning of actual reduction to practice counts.
2. Mimicking a genuine hardware device to illegally use the original software doesn't count.
3. Cloning under a license or a circumvented or successfully attacked IP (copyright under DMCA exemptions, patents with nullified claims, etc.) doesn't count.
4. Cloning at a small scale (mom and dad shop, personal projects or industrial products that're only intended to be used in-house, not to be sold) or for special purposes (government actions for defensive, governmental or policing applications) doesn't count.
5. Genuine development using pirate software/firmware o cloned tools doesn't count.

What about cloning an entire company?

The other common type of cloning is when the production factory runs an extra undocumented shift.
 

Offline BravoV

  • Super Contributor
  • ***
  • Posts: 6778
  • Country: 00
  • +++ ATH1
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #158 on: October 07, 2018, 05:03:40 am »
So anyone who wants to buy a  Supermicro server boards and search the chip? Looks like they are getting cheaper at the moment at eBay :-DD

These special Supermicro products are surely sold exclusively to Amazon & Apple only, hence there is no proof, or very hard to get. Hence, you have to understand the reluctance to release the details by Bloomberg, riding their reputation, all you need is to trust Bloomberg and believe.

Hey, where is your patriotism anyway ?  >:D

<spin dr. mode:OFF>

 :-DD

Online blueskull

  • Supporter
  • ****
  • Posts: 13648
  • Country: cn
  • Power Electronics Guy
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #159 on: October 07, 2018, 05:23:39 am »
Disgree.... not the 1990's... now. There are exact copies of creative patented or copyrighted work by Australian companies and individuals which thieving pirates sell stuff blatantly around the world. IP theft is rampant. Not "copy watch" of the 1990's, but entire designs of high value items where you cannot tell the difference.

Weird. I don't see any of them. Examples please.

Let's make it clear. Since we are talking illegal blatant direct clones that hit the market, those don't count:
1. Cloning of ideas and patents don't count. Only cloning of actual reduction to practice counts.
2. Mimicking a genuine hardware device to illegally use the original software doesn't count.
3. Cloning under a license or a circumvented or successfully attacked IP (copyright under DMCA exemptions, patents with nullified claims, etc.) doesn't count.
4. Cloning at a small scale (mom and dad shop, personal projects or industrial products that're only intended to be used in-house, not to be sold) or for special purposes (government actions for defensive, governmental or policing applications) doesn't count.
5. Genuine development using pirate software/firmware o cloned tools doesn't count.

What about cloning an entire company?

The other common type of cloning is when the production factory runs an extra undocumented shift.

Wow, great eye opener. Textbook MitM.
 

Offline helius

  • Super Contributor
  • ***
  • Posts: 2989
  • Country: us
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #160 on: October 07, 2018, 05:47:17 am »
I have purchased "ghost shift" products in the past. Some typical signs are 1.) the box and manual of the product do not carry the vendor's name, address, or logo, but the vendor logo is silkscreened onto the device itself; 2.) the manual appears to be a crudely laid-up Xerox copy of an existing document; 3.) the presence of China-market testing and recycling marks. The actual quality of the product may be the same, but you obviously should not expect vendor support.
 

Offline chris_leyson

  • Super Contributor
  • ***
  • Posts: 1408
  • Country: wales
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #161 on: October 07, 2018, 05:48:34 am »
Quote
What about cloning an entire company?
Or stealing an entire company

Company C, the Chinese company, owes Company A £600,000 and makes lame excuses for not paying. Company A embarks on a huge project, hires a lot more staff and borrows £250,000 from Company K. Meanwhile Chinese director of Company C buys shares in Company A. becomes a board member of Company A and still owes Company A.
New Chinese board member buys out directors of Company A, forms new Company B and transfers assets to new Company B. Chinese director of Company A winds up company A but keeps Company B going under a similar name. Company K are not happy. Directors wife becomes sole director and owner of company B. Company B ceases trading a year later. Company C owns all of the interlectual property of Company A and probably any left over stock from Company B. True story.
 

Offline a59d1

  • Regular Contributor
  • *
  • Posts: 102
  • Country: us
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #162 on: October 07, 2018, 06:10:32 am »
The billions of dollars can be used to help pay some of the damage to western companies caused by China's rampant and shameless IP theft.

And also your loss of employment insurance, if that's what you mean.

China is getting more and more innovative, as can be seen from history.

In the 1990s, China blatantly cloned entire designs.

In the 2000s, China cloned part of the designs and costed-down the designs by modifications.

In the 2010s, most Chinese designs are patent infringing, but the engineering is more or less independent.

China will keep stealing patents for many more years, but engineering will be more or less independent.

China doesn't care about right or wrong, China only cares about power.

Being able to engineer is a power to technological independence. Being able to invent is not.

China needs technological independence, as that frees China from potential sanction from the west.

That is the ultimate free pass to dictatorship. The only thing that prevents Chinese government from physically suppressing its unrest people and its separatism states is the fear of being sanctioned by the west.

What China wants is not really that much. All we want is the west to leave us alone as long as we don't touch a NATO country.

And the west just will not. China will never be peaceful until the west stops policing near China.

China wouldn't have to clone western technology, China wouldn't have to manipulate currency, and China wouldn't have to be a political enemy of the west, as long as the west gets their fuck out of Chinese politics.

Is your license plate still SIGSEGV, comrade?
 

Offline T3sl4co1l

  • Super Contributor
  • ***
  • Posts: 15212
  • Country: us
  • Expert, Analog Electronics, PCB Layout, EMC
    • Seven Transistor Labs
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #163 on: October 07, 2018, 06:16:48 am »
Back in the days of print journalism, this is exactly where the editor would have put:

    [sidebar from Dr. Expert goes here "What we found under the microscope"]

A sidebar lets you provide detail that the general reader will want to skip, but that allows you to "show your workings" so that people know you're not handwaving or hoodwinking them. This is especially necessary in this case given the gravity of the accusations. Moreover, business readers aren't insulted by being presented technical details in a sidebar - business people don't expect to understand all the technical details, they have people for that "John, read this article and tell me if the technical side makes sense to you".

Yes, that would've done perfectly!


Quote
Here I'm speaking as an ex-section editor of a business computer magazine. I wouldn't have put a story one tenth as volatile as this on the page without putting enough in print to make my case lawyer proof. Providing all the facts, as far as you can, may make a difference between a case for slander of goods* and no case to answer. In fact in defamation cases sometimes the most damaging thing you can do is to make accusations without producing your proof at the same time. At the very least it leads to legal bills and court appearances where, if you'd made a good case in print already, the plaintiff's lawyers would have said "don't bother".

Good point!

Tim
Seven Transistor Labs, LLC
Electronic design, from concept to prototype.
Bringing a project to life?  Send me a message!
 


Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9216
  • Country: 00
  • Display aficionado
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #165 on: October 07, 2018, 06:35:37 am »
We can only assume Bloomberg understands this better than any of us. They aren't exactly amateurs and have extensive experience in the business world, which isn't exactly an amateurish or forgiving environment.
 

Offline BravoV

  • Super Contributor
  • ***
  • Posts: 6778
  • Country: 00
  • +++ ATH1
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #166 on: October 07, 2018, 06:38:15 am »
We can only assume Bloomberg understands this better than any of us. They aren't exactly amateurs and have extensive experience in the business world, which isn't exactly an amateurish or forgiving environment.

Agree, and this means Bloomberg's reporter knows better than US DHS and UK NCSC, interesting time indeed.

I have a gut feeling few fellas here starting to doubt on who the f**k is Reuters and it's reputation, say compared to Bloomberg, and probably Fox News fans too.  ;)
« Last Edit: October 07, 2018, 07:18:32 am by BravoV »
 

Offline ogden

  • Super Contributor
  • ***
  • !
  • Posts: 3208
  • Country: lv
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #167 on: October 07, 2018, 06:52:10 am »
We can only assume Bloomberg understands this better than any of us. They aren't exactly amateurs and have extensive experience in the business world, which isn't exactly an amateurish or forgiving environment.

Agree, and this means Bloomberg's reporter knows better than US DHS and UK NCSC, interesting time indeed.

Counterintelligence is responsibility of CIA, not DHS or FBI. If this is true story, it can have "top secret" seal for decades. Other option is just stock fraud or (unlikely) dumb defamation. We will see soon because investors are very unhappy - shares plunged 50%.
 

Offline BravoV

  • Super Contributor
  • ***
  • Posts: 6778
  • Country: 00
  • +++ ATH1
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #168 on: October 07, 2018, 07:05:02 am »
Other option is just stock fraud or (unlikely) dumb defamation. We will see soon because investors are very unhappy - shares plunged 50%.

Don't rule out other option, which is a direct & straight intervention from an ignorance and short sighted white house staff, bypassing gov 3 characters agencies, and under heavy pressure that had been instructed ordered to think of how to kill two birds with one stone, which are the disobedience big corporations "and" China.  >:D

We've seen this in the past (example -> HERE), how the potus interfered at low level, cronyist must made lots of money for short selling Amazon, prolly made hundreds of millions overnight, its legal anyway.  :-DD
« Last Edit: October 07, 2018, 07:36:46 am by BravoV »
 

Offline BravoV

  • Super Contributor
  • ***
  • Posts: 6778
  • Country: 00
  • +++ ATH1
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #169 on: October 07, 2018, 07:33:45 am »
Counterintelligence is responsibility of CIA, not DHS or FBI.

Nope, just fyi, CIA is illegal to operate domestically in US.

And this matter brought out by Bloomberg, is a domestic issue which legally should be handled by FBI and DHS.

For example counterintelligence like capturing foreign spy "inside US" is under FBI jurisdiction & power, not CIA, only outside US border.

Online donotdespisethesnake

  • Super Contributor
  • ***
  • Posts: 1105
  • Country: gb
  • Embedded stuff
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #170 on: October 07, 2018, 08:30:01 am »
We can only assume Bloomberg understands this better than any of us. They aren't exactly amateurs and have extensive experience in the business world, which isn't exactly an amateurish or forgiving environment.

That's so naive and gullible, it's almost touching. I suppose the fact that Bloomberg reporters get a bonus related to how much their stories affect the market would not affect your faith  :-DD
Bob
"All you said is just a bunch of opinions."
 
The following users thanked this post: tooki

Online bd139

  • Super Contributor
  • ***
  • Posts: 14904
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #171 on: October 07, 2018, 08:41:11 am »
Indeed. Bloomberg are an aggregator service. Accuracy depends on what they are aggregating and their fact checking. They haven’t had a particularly good rating in that department. Compared to Reuters at least they are more the equivalent of a tabloid aggregator.
 
The following users thanked this post: tooki

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9216
  • Country: 00
  • Display aficionado
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #172 on: October 07, 2018, 09:11:53 am »
That's so naive and gullible, it's almost touching. I suppose the fact that Bloomberg reporters get a bonus related to how much their stories affect the market would not affect your faith  :-DD
You seem to have invented some kind of faith and subsequently attributed it to me. Interesting. Do elaborate.
 

Offline wraper

  • Supporter
  • ****
  • Posts: 11493
  • Country: lv
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #173 on: October 07, 2018, 09:18:53 am »
Counterintelligence is responsibility of CIA, not DHS or FBI.

Nope, just fyi, CIA is illegal to operate domestically in US.

And this matter brought out by Bloomberg, is a domestic issue which legally should be handled by FBI and DHS.

For example counterintelligence like capturing foreign spy "inside US" is under FBI jurisdiction & power, not CIA, only outside US border.
One peace of nonsense you wrote here. CIA often exceeds what they are allowed to do, however they can operate legally within US. Just imagine how what you wrote would work in practice. They look after some spies who are outside US, those spies contact other spies within US. Nope, we cannot investigate those  :palm:.
 

Offline mikeselectricstuff

  • Super Contributor
  • ***
  • Posts: 12135
  • Country: gb
    • Mike's Electric Stuff
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #174 on: October 07, 2018, 10:24:03 am »
We don't know the truth yet. It's kind of simmering, like when a big turd is going to hit the fan. Somebody is grossly wrong and the Internet is divided.

No comment from the FBI, CIA and NSA. Amazon and Apple deny it.

Bloomberg claims 17 people are confirming the H/W mods:
but not one single plausible photo.
If this was real, there would be pictures.
Youtube channel:Taking wierd stuff apart. Very apart.
Mike's Electric Stuff: High voltage, vintage electronics etc.
Day Job: Mostly LEDs
 
The following users thanked this post: mtdoc, tooki, a59d1


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf