China Sold Hacked Hardware to US Telecomms

[Dark_Grey]

Bloomberg

New Evidence of Hacked Supermicro Hardware Found in U.S. Telecom

The discovery shows that China continues to sabotage critical technology components bound for America.

Quote

A major U.S. telecommunications company discovered manipulated hardware from Super Micro Computer Inc. in its network and removed it in August, fresh evidence of tampering in China of critical technology components bound for the U.S., according to a security expert working for the telecom company.

The security expert, Yossi Appleboum, provided documents, analysis and other evidence of the discovery following the publication of an investigative report in Bloomberg Businessweek that detailed how China’s intelligence services had ordered subcontractors to plant malicious chips in Supermicro server motherboards over a two-year period ending in 2015.

Think of how much computer hardware we use every day that has been manufactured in China. When your corporations are deeply tied to a Communist Government, there's no telling what can happen.

Quote

The executive said he has seen similar manipulations of different vendors' computer hardware made by contractors in China, not just products from Supermicro. “Supermicro is a victim -- so is everyone else,” he said. Appleboum said his concern is that there are countless points in the supply chain in China where manipulations can be introduced, and deducing them can in many cases be impossible. “That's the problem with the Chinese supply chain,” he said.

Quote

The more recent manipulation is different from the one described in the Bloomberg Businessweek report last week, but it shares key characteristics: They’re both designed to give attackers invisible access to data on a computer network in which the server is installed; and the alterations were found to have been made at the factory as the motherboard was being produced by a Supermicro subcontractor in China. 

 

[SHaYap]

Missing the issue ... the more technical and therefore accurate point of the exercise ...

~
 

Quote

 

Yossi Appleboum on How Bloomberg is Positioning His Research Against Supermicro

By

Patrick Kennedy

-

October 9, 2018

 

~

 

Summarizing Supermicro’s fault in this, he said:

I think they are innocent and someone is using them to dilute the story instead of mitigating the threat. Please help me, them, and everyone else to understand that the problem is bigger. Dealing with this as a Supermicro problem will ruin the opportunity to face the reality that we need to fix it.

Mr. Appleboum said that those that have been in Israeli intelligence, (where Mr. Appleboum has worked for) or the CIA, being in the news is a nightmare. From the discussion, I got the sense that Mr. Appleboum was taking my call because he wanted to clarify how the story was being told instead of for personal or professional gains. In our discussion, he came across as someone who shares the belief that this is an industry-wide problem, not a Supermicro problem.

The line that stuck with me during our discussion happened when I confirmed he agreed to be quoted in this. Mr. Appleboum replied:

I want to be quoted. I am angry and I am nervous and I hate what happened to the story. Everyone misses the main issue. 

 

~

 

• Serve The Home LINK

 

~

This Commentator in the comments section paints the purists picture of the whole sordid affair
 

Quote

 

~

CashMcCall October 10, 2018 at 7:04 am

No Evidence whatsoever… The old China Boogieman propaganda… once the Russian Boogieman propaganda…

Bloomberg used fake photos presented zero evidence and published a story that Apple, Amazon and Super Micro DENIED BEFORE AND AFTER publishing. Apple, Amazon and Super Micro testified under oath at a Congressional hearing yesterday that the Bloomberg story was false. The origin of the story was a small gathering in McClean VA at the invitation of the NSA. Yossi Appleboum is an ex-Mossad! This story is a TAINT!

This is a three-year-old story, launched by Bloomberg at roughly 11AM on a trading morning Super Micro stock dropped 60% in two hours. The SEC most certainly should already be investigating.

 

 

 

~

[Dark_Grey]

3 minutes ago, third_eye said:

Missing the issue ... the more technical and therefore accurate point of the exercise ...

~
 

• Serve The Home LINK

 

~

This Commentator in the comments section paints the purists picture of the whole sordid affair
 

~

From the link I posted:

Quote

In Bloomberg Businessweek’s report, one official said investigators found that the Chinese infiltration through Supermicro reached almost 30 companies, including Amazon.com Inc. and Apple Inc. Both Amazon and Apple also disputed the findings. The U.S. Department of Homeland Security said it has “no reason to doubt” the companies’ denials of Bloomberg Businessweek’s reporting. 

Possibly mis-reporting on Bloomberg's part.

Quote

Appleboum said one key sign of the implant is that the manipulated Ethernet connector has metal sides instead of the usual plastic ones. The metal is necessary to diffuse heat from the chip hidden inside, which acts like a mini computer. "The module looks really innocent, high quality and 'original' but it was added as part of a supply chain attack," he said.

The goal of hardware implants is to establish a covert staging area within sensitive networks, and that's what Appleboum and his team concluded in this case. They decided it represented a serious security breach, along with multiple rogue electronics also detected on the network, and alerted the client's security team in August, which then removed them for analysis. Once the implant was identified and the server removed, Sepio's team was not able to perform further analysis on the chip.

That commentor in the link you posted needs to be more open minded..

Quote

"No Evidence whatsoever… The old China Boogieman propaganda… once the Russian Boogieman propaganda…"

"No evidence"? 

Quote

Based on his inspection of the device, Appleboum determined that the telecom company's server was modified at the factory where it was manufactured. He said that he was told by Western intelligence contacts that the device was made at a Supermicro subcontractor factory in Guangzhou, a port city in southeastern China. Guangzhou is 90 miles upstream from Shenzhen, dubbed the `Silicon Valley of Hardware,’ and home to giants such as Tencent Holdings Ltd. and Huawei Technologies Co. Ltd.

The tampered hardware was found in a facility that had large numbers of Supermicro servers, and the telecommunication company's technicians couldn’t answer what kind of data was pulsing through the infected one, said Appleboum, who accompanied them for a visual inspection of the machine. It's not clear if the telecommunications company contacted the FBI about the discovery. An FBI spokeswoman declined to comment on whether it was aware of the finding.

They narrowed it down to a specific factory in China. That's a little more substantial than another "boogieman propaganda" story. Besides, this isn't new or out of the ordinary for China. 

[SHaYap]

Just now, Dark_Grey said:

Possibly mis-reporting on Bloomberg's part.

Manipulated ... as was clearly shown and said by Yossi

~

Just now, Dark_Grey said:

That commentor in the link you posted needs to be more open minded..

Its a technical issue ... not political or business ethics theory

~

Just now, Dark_Grey said:

"No evidence"? 

"Impossible" clearly means what it was meant to mean, absolutely that  ...

~

Just now, Dark_Grey said:

They narrowed it down to a specific factory in China. That's a little more substantial than another "boogieman propaganda" story.

The chain of manufacture and distribution. not more than that ... scapegoating is the current headline sensation

~

Just now, Dark_Grey said:

Besides, this isn't new or out of the ordinary for China. 

Much more so the case outside of China ... Industrial espionage and Commercial along with Cultural Appropriation along those lines started when China was 'opened' to 'free markets'

~

[Dark_Grey]

16 hours ago, third_eye said:

Manipulated ... as was clearly shown and said by Yossi

~

Its a technical issue ... not political or business ethics theory

~

"Impossible" clearly means what it was meant to mean, absolutely that  ...

~

The chain of manufacture and distribution. not more than that ... scapegoating is the current headline sensation

So I read through your first link again and this is definitely a global issue given the widespread distribution of compromised hardware coming from China. You are correct in that Bloomberg tried to pin this on one company, Supermicro, when really the products could be compromised at any point along the supply chain as Yossi pointed out. China shipping hacked hardware all over the globe is a very clever move on their part.

Quote

Much more so the case outside of China ... Industrial espionage and Commercial along with Cultural Appropriation along those lines started when China was 'opened' to 'free markets'

Opening to free markets allowed China to start stealing and copying instead of innovating and creating. It's a strategy that launched their lower class to middle class in a very short period of time.

[SHaYap]

2 hours ago, Dark_Grey said:

Opening to free markets allowed China to start stealing and copying instead of innovating and creating. It's a strategy that launched their lower class to middle class in a very short period of time.

Allowed ?

Innovating and creating ?

Lower class ?

You know sometimes I do wonder if you have an auto switch to stupidity whenever 'China' is mentioned ...

~

 

[aztek]

one more reason to manufacture those in usa

[SHaYap]

9 minutes ago, aztek said:

one more reason to manufacture those in usa

Its a technical issue, in fact it would be more of a security concern if it was manufactured in the US.

THe chain of distribution allows this weak link to be closer to the working infrastructure, once it is plugged in, it is impossible to know the where, when, why and how. You just know the what went wrong

~

[aztek]

Just now, third_eye said:

Its a technical issue, in fact it would be more of a security concern if it was manufactured in the US.

 

~

lol, good one

[SHaYap]

3 minutes ago, aztek said:

lol, good one

You have no idea how good it was, it was so good that it made Yossi stopped laughing

~

[RoofGardener]

Sooo.. is the story true, or not ? 

[aztek]

does it have to be? we can argue pages about something that does not exist, Russia collusion thread is a good example.