HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » Latest Breaking News (Forum) » Chinese spies slipped sec...

Thu Oct 4, 2018, 10:10 AM

Chinese spies slipped secret chips into servers at Apple, Amazon and others, report says

Source: Silicon Valley Business Journal

Technology

Chinese spies slipped secret chips into servers at Apple, Amazon and others, report says

By Luke Stangel - Contributing writer
46 minutes ago

Chinese spies were able to build and secretly install a tiny chip on servers made by San Jose-based Super Micro Computers that gave them backdoor access to information flowing across the data center, Bloomberg reports, citing 17 unnamed sources. (1)

Federal investigators believe Super Micro sold the compromised servers to 30 U.S. companies, notably Apple Inc. and Amazon.com, Bloomberg reports. Both companies vigorously denied the report.

Super Micro shares plunged 29 percent at the opening bell today. The company's shares trade over the counter, after being delisted from the NASDAQ stock exchange in August.

Amazon Web Services reportedly discovered the chips in 2015, while performing due diligence on an Oregon startup they were interested in buying. The company handed over evidence to federal investigators, who found the spy chips were no larger than a grain of rice and made to look like a common signal conditioning coupler.

Once installed, the chips were reportedly designed to quietly control their host server's operating system, injecting simple commands that allowed hackers to gain access to the information on the server.

(1) https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

Read more: https://www.bizjournals.com/sanjose/news/2018/10/04/chinese-spies-slipped-secret-chips-into-servers-at.html



I have the Bloomberg report over in Editorials & Other Articles. It's more of an analysis than a news story.

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

https://www.democraticunderground.com/1016217106

23 replies, 2313 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 23 replies Author Time Post
Reply Chinese spies slipped secret chips into servers at Apple, Amazon and others, report says (Original post)
mahatmakanejeeves Oct 4 OP
still_one Oct 4 #1
Fred Sanders Oct 4 #2
still_one Oct 4 #3
LiberalArkie Oct 4 #5
LiberalArkie Oct 4 #4
DetlefK Oct 4 #7
pazzyanne Oct 4 #12
Zorro Oct 4 #6
xor Oct 4 #9
Blue_Tires Oct 5 #22
xor Oct 4 #8
Power 2 the People Oct 4 #10
Duppers Oct 4 #13
Pepsidog Oct 4 #11
Blue_Tires Oct 4 #14
TomVilmer Oct 4 #15
Blue_Tires Oct 4 #16
TomVilmer Oct 4 #17
Blue_Tires Oct 4 #18
TomVilmer Oct 4 #19
Blue_Tires Oct 5 #20
Mosby Oct 6 #23
dalton99a Oct 5 #21

Response to mahatmakanejeeves (Original post)

Thu Oct 4, 2018, 10:19 AM

1. It is interesting because I also heard on Bloomberg this morning that both Amazon and Apple said the

story wasn't true

While that still doesn't mean it isn't, I sure would like to get more information on this since not coincidently trump and company are pushing the theme that China is hacking our midterm elections to give a Democratic win



Reply to this post

Back to top Alert abuse Link here Permalink


Response to still_one (Reply #1)

Thu Oct 4, 2018, 10:40 AM

2. Amazon and Apple were not the targets, the server manufacturer was...even if this story true.

Servers could have been sold to anyone.

The story needs...corroboration from the companies who actually have the servers and do a quick check...word of the day...corroboration!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fred Sanders (Reply #2)

Thu Oct 4, 2018, 10:43 AM

3. We are on the same page Fred

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fred Sanders (Reply #2)

Thu Oct 4, 2018, 10:57 AM

5. Apple and Amazon and Microsoft and others design their own servers.

They really don't buy Dell or over the counter machines. They send the design to factories to have them made, sometimes an order for 50,000 mother boards and chassis's.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to still_one (Reply #1)

Thu Oct 4, 2018, 10:55 AM

4. They really have to say that.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to LiberalArkie (Reply #4)

Thu Oct 4, 2018, 11:26 AM

7. Amazon is renting servers to other companies. Imagine if Amazon admitted their servers are not secur

Reply to this post

Back to top Alert abuse Link here Permalink


Response to still_one (Reply #1)

Thu Oct 4, 2018, 12:59 PM

12. If tRump is pushing this, the 3 finger policy needs to be envoked.

tRump points a finger at Dems and China. Check out the three fingers pointing back to him and substitute Repugs and Russia.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to mahatmakanejeeves (Original post)

Thu Oct 4, 2018, 11:17 AM

6. May be a very big deal

Everyone -- including the DoD -- is moving to the cloud, so compromised servers would have key strategic value to an adversary.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Zorro (Reply #6)

Thu Oct 4, 2018, 12:22 PM

9. I think amazon even offers services targeted specifically for agencies like the DoD

I recall receiving an email from AWS about that offering. I'm sure Microsoft and Google have something or soon will.

Just waiting for the day when everything just shutdowns and I'm forced to scavenge for food while avoiding aggressive hairy wild people who ride motorcycles with spiked wheels.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Zorro (Reply #6)

Fri Oct 5, 2018, 01:03 PM

22. +1

Reply to this post

Back to top Alert abuse Link here Permalink


Response to mahatmakanejeeves (Original post)

Thu Oct 4, 2018, 12:17 PM

8. I read some paper on analog backdoors awhile back.

This is a bit technical, but it's an interesting read if that's your thing.
http://www.ieee-security.org/TC/SP2016/papers/0824a018.pdf


Here's a little bit more of a lighter read.
https://www.wired.com/2016/06/demonically-clever-backdoor-hides-inside-computer-chip/

It's time to start building our computers out of discrete transistors
http://megaprocessor.com/progress.html

Reply to this post

Back to top Alert abuse Link here Permalink


Response to mahatmakanejeeves (Original post)

Thu Oct 4, 2018, 12:37 PM

10. Hmmmmm..maybe we should start manufacturing in America??

Just a thought.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Power 2 the People (Reply #10)

Thu Oct 4, 2018, 01:14 PM

13. Exactly!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to mahatmakanejeeves (Original post)

Thu Oct 4, 2018, 12:56 PM

11. Probably the only area where I agree with the Dotard is China stealing our intellectual property.

This hacking is probably our biggest national security issue. From industrial to military espionage other countries are building industries in the back of our public and privately developed innovations. Why should other countries spend billions on research and development when they can steal it? Securing our intellectual property must be our top priority.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to mahatmakanejeeves (Original post)

Thu Oct 4, 2018, 01:15 PM

14. Greenwald and Snowden were unavailable for yeah, yeah, you know the rest...

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Blue_Tires (Reply #14)

Thu Oct 4, 2018, 01:21 PM

15. Acyually no.

What is your point?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TomVilmer (Reply #15)

Thu Oct 4, 2018, 01:27 PM

16. My usual standard response

Last edited Thu Oct 4, 2018, 04:38 PM - Edit history (1)

when other nations get caught spying is "Greenwald and Snowden were unavailable for comment", since they start ducking and hiding whenever some other country starts fucking around with the almighty "individual privacy rights" or whatever...

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Blue_Tires (Reply #16)

Thu Oct 4, 2018, 02:14 PM

17. I read news anywhere I can find it...

... and if fx would like to read criticism about what China is doing against "individual privacy rights", I can find it all at The Intercept. This is is from a quick Google-search for China there:
https://www.google.com/search?q=china+site%3Atheintercept.com
- Google Executive Declines to Say If China Censors Its Citizens
- World's Leading Human Rights Groups Tell Google to Cancel Its ...
- Google Struggles to Contain Employee Uproar Over China ...
- Senior Google Scientist Resigns Over “Forfeiture of Our Values” in China

And this is from a quick search for Snowden:
https://www.google.com/search?q=russia+critism+Snowden
- Edward Snowden describes Russian government as corrupt | US ...
National Security Agency whistleblower Edward Snowden has delivered his most trenchant criticism yet of the Russian government, describing ...
- Edward Snowden blasts integrity of Russia's presidential election ...
- Former National Security Agency contractor Edward Snowden Sunday criticized the integrity of Russia's presidential election just before exit ...

And BTW here is a WikiLeaks' Russian collection of Spy Files about surveillance contractors in Russia:
https://wikileaks.org/spyfiles/russia/
I do not like the way WikiLeaks drops stuff without a strong journalistic filter, since they do not care at all about when innocent peoples names gets hit. But I do find good info there.

I use them all when ever I need info, but I am as critical to their sourcing and methods, as I am when I use MSNBC. Love the shows there, but they are only really good, when the president is marked R.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TomVilmer (Reply #17)

Thu Oct 4, 2018, 04:53 PM

18. As I have illustrated multiple times

First of all, Greenwald was in bed with Eric Schmidt to the point where he actually redacted his name from his own fucking story to protect him (Assange outed him anyway) so wake me up when we see a Chinese story that isn't from a Google perspective. And FWIW, Google is as bad as anyone as far as privacy rights go, but you'll never, EVER read that on the Intercept site.


Snowden's Russian "criticisms" are solely because of folks like me throwing that shit in his face all the time... It's just to keep up appearances. You will also notice that his "criticisms" are tame, VERY narrow in scope and on relatively minor issues -- But MH17? Silence... Skripal? Silence... Ukraine? Silence... Tampering with the 2016 election? Silence... Nemtsov, a whistleblower shot on a public street close enough that Snowden probably heard the shots? Silence...
Other journalists and dissidents murdered, imprisoned or just "disappeared?" Silence... Rampant online disinformation campaigns, the kind he used to call out the NSA for? Silence... Russia bombs a hospital in Syria? Silence...


I get that you're new here, but I've been debunking Greenwald/Snowden bullshit damn near daily for five straight years so I've got receipts for literally *everything*... And you can place your trust in the Intercept if you dare, but by this point it's no better than Sputnik.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Blue_Tires (Reply #18)

Thu Oct 4, 2018, 06:16 PM

19. Please do repeat all your stories again...

... BTW I am way older than you in this forum, and I place my trust nowhere. I "debunk" everything I ever read, and do not care if it is Sputnik or MSNBC. Everybody has a bias...

I directed you to a page full of links, where The Intercept is shaming Google for the BS it does together with the Chinese leaders. And then you screw your blinders even tighter, and concludes it never happens, for "you'll never, EVER read that on the Intercept site". 🤦

I also know what not to take serious, but sometimes it is interesting to see the shape of other peoples bubbles.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TomVilmer (Reply #19)

Fri Oct 5, 2018, 08:41 AM

20. What do you mean you're "older than me on the forums?"

I've been here since '03, rookie... So you'd best mind the gap.

And the fact that you're trying to talk at me like you know me despite me never having seen you before, and the fact that you're a sleeper account with 500 posts in 10 freaking years were already strikes 1 and 2... Defending the Putincept is strike 3. If you "get your news wherever you find it", then that means Drudge and Breitbart are just as legit to you, right?? And since you're one of the "elder statesmen" on DU, surely you would have seen my arguments (documented with countless links) at some point already? Either way you know how to use the "search" function so you go find them.

(As an aside, every time I come back to DU some sleeper account immediately tries to fuck with me... Why is that?)

Mr. Vilmer, I bid you farewell.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TomVilmer (Reply #19)

Sat Oct 6, 2018, 01:12 PM

23. Your profile says you joined in '09

Reply to this post

Back to top Alert abuse Link here Permalink


Response to mahatmakanejeeves (Original post)

Fri Oct 5, 2018, 09:41 AM

21. The problem is the location of the supply chain

The hardware hack took the form of an implant placed on motherboards at the time of manufacturing by Chinese subcontractors hired by Supermicro Computer Inc., the supplier to the companies in question. Allegedly these implants were able to pass visually as other components. Original designs for motherboards were modified by the subcontracted Chinese manufacturers to include the part, connecting it to the "baseboard management controller" — something like the often-criticized Management Engine used by Intel, if you know what that is. Controllers like these functionally have additional privileges over the system, allowing for unobserved modification of things like system memory and other low-level operations. That means although the additional hardware may not be powerful enough in itself to do anything nefarious directly, it's in a position to surreptitiously load external software that can.

According to Bloomberg, this hardware-based infiltration has been under investigation by U.S. agencies aware of the possibility since at least as early as 2014, with affected companies noticing the suspicious hardware modifications as early as 2015. According to Bloomberg, in the last three years "no commercially viable way to detect attacks like the one on Supermicro’s motherboards has emerged."


Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread