Author Topic: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.  (Read 36018 times)

0 Members and 1 Guest are viewing this topic.

Online coppercone2

  • Super Contributor
  • ***
  • Posts: 3917
  • Country: us
  • $
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #225 on: October 08, 2018, 08:44:36 pm »
Well I would not be surprised if some alphabet agency, ordered by executive order, confiscated all this crap and or was aware of this crap and thats why apple/big dogs stopped doing business with these people. the whole trade war could have been planned way in advanced.

If you admit to compromise all sorts of foreign companies not on US soil could benefit greatly and massive amounts of US infrastructure could be considered compromised. If intelligence was able to figure out what the Chinese were doing we could do damage control and play geopolitical and economic games using these things, i.e. controlled leaks.

Given how focused the american goverment is on economic growth I don't really think they would just flip out, they have to plan something out to limit economic damage (cuz now we are in a three superpower world, not only USSR/USA), so if our economy falls the Russians and other people can get stronger.

It's often the case when taps and other bugs are discovered they are left in place and used to misguide the enemy.

I expect that this whole thing is a complete and utter cluster fuck by our standards. I think that there might be secret services doing counter stock market manipulation using knowledge of stuff like this. 

Also the DHS is new by intelligence standards and they don't have the same connections as the CIA/OSA that has been around for a long time now, so they don't know fuck.

If it was used for counterintelligence purposes, identical boards could have been made in CIA run facilities to replace compromised boards with some kind of filter or protection diode or whatever too, then reinstalled, with the surveillance chips removed when no longer useful. This could be used to cover up machiavelian stock market manipulation, which favors the growth and protection to companies that are more vital to the US economy then companies which were naturally more successful (kind of like load balancing, the successful companies that can tolerate the hit got hit, while the weaker or more important ones for reputation were protected to have a overall less effect on the US economy).  A few businesses suffering on the stock market or losing IP is alot better then some big one going down, causing big unemployment, leading to the expensive retrofit of otherwise high quality infrastructure and military stuff.

The existence of communist china, with its great focus on economic growth by any means necessary, could have lead to this reaction, be it necessary or out of a sense of justice or pride. Since many businesses could be seen as doing Machiavellian things (like operating out of low tax areas to avoid paying the US government) they could be seen as pawns to manipulate with little moral qualm from someone that considers themselves a patriot that wants to protect their own country and sees those companies as having a hostile or 'i dont give a fuck about anything but my business' mentality. Eventually when you try to make money by any means necessary some patriots are going to get pissed off when your logically fucking the country you live in in a legal way. If you make a 'psychological profile' of a company you can kind of determine its various levels of allegiance to values, stock holders, employees, country of origin and its owners. A focus on pure economy is easily seen as sociopathic, so you don't really have much of a concern for its well being?

Someone setting up massive factories in china, allowing communist party members into its nerve centers and running out other loyal American businesses is not really seen as that much of a friendly citizen, especially if their trying to avoid paying taxes.
« Last Edit: October 08, 2018, 09:02:36 pm by coppercone2 »
 

Online bd139

  • Super Contributor
  • ***
  • Posts: 14922
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #226 on: October 08, 2018, 09:05:16 pm »
The trade war is pretty shallow. All it takes is a nose through some modern history books to see where we’re being nudged.

Or not because national governments are incredibly weak and vulnerable the moment they deployed technology unaware it can and is being used against them until it’s too late.

Another empire falls. Then you find our Firefly was right and you’ll be speaking English but insulting each other in Cantonese :)
 
The following users thanked this post: BravoV, mnementh, a59d1

Offline Bud

  • Super Contributor
  • ***
  • Posts: 4140
  • Country: ca
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #227 on: October 08, 2018, 09:18:52 pm »
and running out other loyal American businesses is not really seen as that much of a friendly citizen, especially if their trying to avoid paying taxes.

I am pretty sure US requires you to report income regardless of where the business is located and you still get taxed.
Facebook-free life and Rigol-free shack.
 

Online coppercone2

  • Super Contributor
  • ***
  • Posts: 3917
  • Country: us
  • $
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #228 on: October 08, 2018, 09:20:51 pm »
and running out other loyal American businesses is not really seen as that much of a friendly citizen, especially if their trying to avoid paying taxes.

I am pretty sure US requires you to report income regardless of where the business is located and you still get taxed.

https://itep.org/fact-sheet-apple-and-tax-avoidance/
 

Offline apis

  • Super Contributor
  • ***
  • Posts: 1667
  • Country: se
  • Hobbyist
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #229 on: October 08, 2018, 09:26:11 pm »
Then you find our Firefly was right and you’ll be speaking English but insulting each other in Cantonese :)
Technically they were all supposed to speak as much Chinese as English (if not more), but for obvious reasons they were mainly speaking English but kept insults in Chinese as a way of getting around the US censorship.
 

Online bd139

  • Super Contributor
  • ***
  • Posts: 14922
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #230 on: October 08, 2018, 09:33:51 pm »
That makes sense  :-+
 

Online Cerebus

  • Super Contributor
  • ***
  • Posts: 4857
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #231 on: October 08, 2018, 09:37:54 pm »
Another empire falls. Then you find our Firefly was right and you’ll be speaking English but insulting each other in Cantonese :)

Only a 杘頭 would think that.  :)
Anybody got a syringe I can use to squeeze the magic smoke back into this?
 
The following users thanked this post: mnementh, bd139

Offline tooki

  • Super Contributor
  • ***
  • Posts: 4995
  • Country: ch
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #232 on: October 08, 2018, 10:00:38 pm »
Also this was targeting servers. Servers have no RF capable parts on.

Actually I don’t have any  Supermicro ones available to me but after scanning tens of high res motherboard pictures there’s nothing that looks even remotely like a balun on any server motherboards. There’s decoupling, power conversion, protection, identifiable ICs, transistors/MOSFETs/diodes, connectors and bugger all else. anything with enough pins is identifiable.
^^^ this. I've been saying this since I read the article.

If you were going to camouflage a chip to covertly install it on a server mobo, you'd masquerade it as a component normally found on a server mobo! You would't make it look like an RF component, which has no place on a server board!!   :palm: |O :-DD

There are so many issues with this alleged infiltration that I'm surprised anyone with half an ounce of technical savvy is giving it a second thought. There are just too many layers of too many organizations that you'd have to infiltrate in tandem, to maintain version control throughout design, manufacturing, and testing. It defies belief.
 
The following users thanked this post: bd139

Online wraper

  • Supporter
  • ****
  • Posts: 11509
  • Country: lv
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #233 on: October 08, 2018, 10:13:15 pm »
Also this was targeting servers. Servers have no RF capable parts on.

Actually I don’t have any  Supermicro ones available to me but after scanning tens of high res motherboard pictures there’s nothing that looks even remotely like a balun on any server motherboards. There’s decoupling, power conversion, protection, identifiable ICs, transistors/MOSFETs/diodes, connectors and bugger all else. anything with enough pins is identifiable.
^^^ this. I've been saying this since I read the article.

If you were going to camouflage a chip to covertly install it on a server mobo, you'd masquerade it as a component normally found on a server mobo! You would't make it look like an RF component, which has no place on a server board!!   :palm: |O :-DD

There are so many issues with this alleged infiltration that I'm surprised anyone with half an ounce of technical savvy is giving it a second thought. There are just too many layers of too many organizations that you'd have to infiltrate in tandem, to maintain version control throughout design, manufacturing, and testing. It defies belief.
FWIW there are also EMI filters in similar package https://media.digikey.com/pdf/Data%20Sheets/Murata%20PDFs/NFA31C_Series(1206%20Size).pdf
As I said earlier, I dunno if this story has any truth in it. I just consider it technically feasible. IIRC article called rogue component disguised as "filter". Picture probably is just something they googled as filter.
« Last Edit: October 08, 2018, 10:17:23 pm by wraper »
 

Online cdev

  • Super Contributor
  • ***
  • Posts: 5448
  • Country: 00
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #234 on: October 08, 2018, 10:30:30 pm »
What a mess. And I don't see this getting any better soon, either.

Time to go back to reading books and spending time with real people instead of on the Internet.

The Register has a good overview of thestory and the issues of competing credibility here:

https://www.theregister.co.uk/2018/10/04/supermicro_bloomberg/?page=1
"What the large print giveth, the small print taketh away."
 

Offline donotdespisethesnake

  • Super Contributor
  • ***
  • Posts: 1106
  • Country: gb
  • Embedded stuff
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #235 on: October 08, 2018, 11:10:01 pm »
It seems that all the "on the record" commentators are denying the story, and the only people "confirming" it are Bloomberg's anonymous sources. Bloomberg are not providing a shred of evidence, nor even evidence that they have seen any evidence....

However, Bloomberg can just the story sit there, whoever is behind it presumably achieved their mission (shorts, alphabet, POTUS etc), no one can prove Bloomberg's "scoop" is fake. Win win basically.

Well, the Russians meddled with US elections, annexed a country, murdered people in the UK, downed a whole airliner over Ukraine, and they basically get away with it. So spreading a little FUD about China is pretty small beer really.

It's kind of like the computer game sequel to "Cold War I", with new player factions.
Bob
"All you said is just a bunch of opinions."
 

Online bd139

  • Super Contributor
  • ***
  • Posts: 14922
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #236 on: October 08, 2018, 11:20:42 pm »
I think you may have just nailed it there.
 

Offline blueskull

  • Supporter
  • ****
  • Posts: 13652
  • Country: cn
  • Power Electronics Guy
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #237 on: October 09, 2018, 12:27:09 am »
It's kind of like the computer game sequel to "Cold War I", with new player factions.

Seems like the cold war won't be cold for long. Let's see, will WW3 break out on Nov. 6th?
 

Offline tooki

  • Super Contributor
  • ***
  • Posts: 4995
  • Country: ch
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #238 on: October 09, 2018, 01:00:16 am »
FWIW there are also EMI filters in similar package https://media.digikey.com/pdf/Data%20Sheets/Murata%20PDFs/NFA31C_Series(1206%20Size).pdf
As I said earlier, I dunno if this story has any truth in it. I just consider it technically feasible. IIRC article called rogue component disguised as "filter". Picture probably is just something they googled as filter.
They specifically said “signal conditioning coupler”, which a bit of googling showed to be RF devices.
 

Online cdev

  • Super Contributor
  • ***
  • Posts: 5448
  • Country: 00
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #239 on: October 09, 2018, 02:47:58 am »
They may simply be fancy feed through caps, i.e. bypass caps.. "fancy" name for which is now filter. (Maybe there is an inductor, i.e. spiral structure in there along with the capacitance.)

Also, we're forgetting that with multinational public companies, they have a legal obligation to treat all countries the same. If they install a back door for one, they have to do it for all of them.

They are not allowed to discriminate on any basis other than money.

Whichever countries are their bigge$t customers come first.
« Last Edit: October 09, 2018, 02:54:41 am by cdev »
"What the large print giveth, the small print taketh away."
 

Online Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9248
  • Country: 00
  • Display aficionado
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #240 on: October 09, 2018, 03:16:45 am »
Jeezus... you two come along and the IQ in here increases 50 points...

mnem
And then I come along and...  :palm:
That's about 25 points each.
 

Online Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9248
  • Country: 00
  • Display aficionado
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #241 on: October 09, 2018, 03:25:19 am »
They may simply be fancy feed through caps, i.e. bypass caps.. "fancy" name for which is now filter. (Maybe there is an inductor, i.e. spiral structure in there along with the capacitance.)

Also, we're forgetting that with multinational public companies, they have a legal obligation to treat all countries the same. If they install a back door for one, they have to do it for all of them.

They are not allowed to discriminate on any basis other than money.

Whichever countries are their bigge$t customers come first.
According to who do they have that obligation? A company is to obey the law, in whichever form it locally comes up to and including gag orders and active cooperation.
 

Online mnementh

  • Super Contributor
  • ***
  • Posts: 7641
  • Country: ca
  • *Escaping The Suck*
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #242 on: October 09, 2018, 05:26:46 am »
Jeezus... you two come along and the IQ in here increases 50 points...

mnem
And then I come along and...  :palm:
That's about 25 points each.
Not exactly; IQ is by definition an average scale, as well as being weighted median. To make such a shift indicates a huge disparity between the groups in question. It was a deliberate play on a phrase recently popularized by Sherlock, "Don't talk out loud, you lower the IQ of the whole street."

To wit, there is a lot of egregiously dumb shit flying around this thread.

mnem
*Anything I put here would not improve on silence*
 

Offline technix

  • Super Contributor
  • ***
  • Posts: 3320
  • Country: cn
  • From Shanghai With Love
    • My Untitled Blog
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #243 on: October 09, 2018, 06:11:03 am »
Here is the thing: the best way on a server motherboard to hide a backdoor here is to ship the ASPEED chip with a compromised firmware. Putting suspicion on those small components seem to make no sense to me. The ASPEED chip has an internal bootloader for its ARM9 or ARM11 processor, through abusing this with just software any code can be hidden.
 
The following users thanked this post: thm_w, tooki

Online Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9248
  • Country: 00
  • Display aficionado
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #244 on: October 09, 2018, 06:30:01 am »
Not exactly; IQ is by definition an average scale, as well as being weighted median. To make such a shift indicates a huge disparity between the groups in question. It was a deliberate play on a phrase recently popularized by Sherlock, "Don't talk out loud, you lower the IQ of the whole street."

To wit, there is a lot of egregiously dumb shit flying around this thread.

mnem
*Anything I put here would not improve on silence*
 

Online bd139

  • Super Contributor
  • ***
  • Posts: 14922
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #245 on: October 09, 2018, 07:09:56 am »
Here is the thing: the best way on a server motherboard to hide a backdoor here is to ship the ASPEED chip with a compromised firmware. Putting suspicion on those small components seem to make no sense to me. The ASPEED chip has an internal bootloader for its ARM9 or ARM11 processor, through abusing this with just software any code can be hidden.

Exactly that. I mentioned that earlier.
 

Online Cerebus

  • Super Contributor
  • ***
  • Posts: 4857
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #246 on: October 09, 2018, 10:29:01 am »
Jeezus... you two come along and the IQ in here increases 50 points...

mnem
And then I come along and...  :palm:
That's about 25 points each.

I think you're being generous.  :)
Anybody got a syringe I can use to squeeze the magic smoke back into this?
 
The following users thanked this post: Mr. Scram

Online Cerebus

  • Super Contributor
  • ***
  • Posts: 4857
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #247 on: October 09, 2018, 10:33:35 am »
They may simply be fancy feed through caps, i.e. bypass caps.. "fancy" name for which is now filter. (Maybe there is an inductor, i.e. spiral structure in there along with the capacitance.)

Also, we're forgetting that with multinational public companies, they have a legal obligation to treat all countries the same. If they install a back door for one, they have to do it for all of them.

They are not allowed to discriminate on any basis other than money.

Whichever countries are their bigge$t customers come first.
According to who do they have that obligation? A company is to obey the law, in whichever form it locally comes up to and including gag orders and active cooperation.

He's joking. Actually, I thought it was quite wry.
Anybody got a syringe I can use to squeeze the magic smoke back into this?
 

Online bd139

  • Super Contributor
  • ***
  • Posts: 14922
  • Country: gb
 
The following users thanked this post: Cerebus, Mr. Scram

Online Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9248
  • Country: 00
  • Display aficionado
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #249 on: October 09, 2018, 11:21:30 am »
He's joking. Actually, I thought it was quite wry.
Poe's Law and all.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf