First of all, Q tells us the access the Chinese got to Hillary's email server (an Apple Mac mini) was not hacked but granted. . . in exchange for donations to the Clinton Foundation. They didn't need any surreptitious software or a chip installed as it was copied to one of their agents.
Secondly, the Bloomberg Businessnews Chinese spy chip being added to Supermicro server motherboards story is bogus as a thirteen dollar bill. There are several reasons why I conclude this. As I outlined in another thread yesterday:
Apple was going to use the hardware in their iTunes Streaming video/movie service they were installing back in 2015-2016 order 30,000 rack mounted servers from Elemental Systems who had their servers made by Supermicro. However, even Bloomberg BusinessNews states that Apple cancelled the order when their engineers discovered the malicious IC chip on the motherboard of test units they received.
The more I think about this the less sense it makes for several very good reasons.Given all that, something here doesn't smell right. . . my BS o'meter is almost pegged at 100%!
- Both Amazon and Apple supposedly discovered this malicious IC chip in 2015, three years ago.
- Nothing was said about it in any security bulletin to the industry warning about security problems with servers made in China.
- IN THREE YEARS! Seriously?
- Software could have been developed to disable or block transmission of the stolen data back to China since it was known. Really? The URL of the target server had to be available.
- The revelation about this malicious chip comes from a single main stream media news source which cites only anonymous sources both in the impacted government and the two major companies, Amazon and Apple, the two largest companies in the world by market cap. Yet we hear crickets.
- Other companies are vaguely mentioned but not by name.
- Amazon, Apple, and Supermicro vigorously deny any such chip exists and that any such events happened.
- Amazon went ahead and acquired Elemental Systems in late 2015 and continued ordering Supermicro servers for use in their Amazon Web Service (AWS) cloud and for Amazon Prime streaming video / movie service
- AWS CEO independently said there were no spurious hardware installed in or on the Supermicro motherboards.
- Apple did not break off doing business with Supermicro until sometime in mid-2016, selecting another supplier (but not until they had bought ~2,000 Supermicro servers, after they had supposedly, according to Bloomberg, found the malicious modifications!— fact clarified Oct. 5, 2018), perhaps due to the increased demand Amazon was placing on Supermicro due to growth of Amazon Prime.
- Bloomberg claims that Supermicro engineers had to travel to the Chinese subcontractor's plant to notice the modifications being done to their motherboards in the manufacturing process. Yet Supermicro, like Apple designs its products including the entire layout of its motherboards a few miles away from their corporate offices in San Jose, California, and the major alterations required to add another IC to a motherboard would be quite obvious to their California design engineers and Quality Assurance engineers. (This bullet added Oct. 5, 2018 due to statement of officers of Supermicro denying the possibility of modifications at manufacture).
- Altering the design of a motherboard to add another IC chip is not an easy nor an inexpensive thing to do and must be done from engineering on up. . . especially on a multilayered board.
- None of the articles have shown this IC chip in situ on a motherboard, instead they show a photo of a generic miniature grain of rice chip perched on a finger tip. Why not show one in situ?
- No one has described how this tiny chip accomplishes what it accomplishes with the various scenarios a server environments that might be encountered. It just is.
- The denial by both Apple management and Amazon management is backed by the fact that they face penalties if they are lying imposed by the Sarbanes Oxley Act of 2002 which imposes PERSONAL fines of from $10 million to $20 million and imprisonment in a Federal institution for ten to twenty years. What incentive do these managers and officers have to lie. In Apple's case, they never even USED the products involved, cancelling the order.
- Bloomberg has published FAKE NEWS before.
That being said, there is a scenario which DOES lend itself to such insertion of a malicious chip/software with capabilities on computers, servers, and mobile devices, one we KNOW has already been used by the Chinese government.
Many PCs, desktops, laptops, servers, Point of Sale (POS) registers, CADCAM, and other dedicated use computers are made using parts and boards made by Chinese reference manufacturers who build generic mother and daughter boards, generic IC chips, etc, to a basic design and sell to multiple brand names or "white box" computer assemblers. Similarly, Chinese manufacturers make generic logic boards for Android phones, tablets, POS, game consoles, Bitcoin mining, and imbedded devices also for name brand and White box assemblers. They account for better than 80% of the Android devices made. The assembler purchasers of these boards and parts do not have much knowledge of what has been placed on these boards or in the various chips or the programming that's loaded in the boot ROMs. Since many of these designs are "reference designs," even the manufacturers have no clue what they are making and including on the boards they are making.
It would be exceedingly easy for the People's Liberation Army to alter the design of every one of those boards to include an IC with their code and circuitry. . . intended to do anything at all. There is no need to alter the design of an American designed board and risk it being found. If it were found, it would be obvious where it had to have been added, in China, incriminating them. Those in the design and well hidden, would be much harder to find and, if found, the design changes could have been inserted by parties unknown.
Several Chinese companies have been found to be selling Android phones with hardware designed to contact a server in China and upload the users' personal information including passwords, banking data, browsing, email, and texting data, and GPS data among other things. At least on of these cellular phone companies is entirely owned by the Chinese government. . . and at least one or two of the others others are government/private partnerships. The Trump administration took the unprecedented steps of prohibiting products of these companies from being used by government agency employees.
It would be these reference designed generic PCs and Android devices we should be checking for malicious capabilities, which will be hard to find. . . likely only coming out of hiding at the most useful moment for their masters. Imbedded devices, say in targeting computers or engine controls on ships or air traffic controller radars or missile launch controls or nuclear power plant controls or power grid balancing systems or. . . well you get the idea, stuff that gets supplied by the lowest bidder who might be tempted to buy a reference generic design to stuff in his product. . . much like the low quality steel China sold us as higher quality steel!
None of those mission critical computers should ever be dependent on a computer made with generic, reference boards from China. They should be American design and if made in China, still checked every which way from Sunday before being put in service.
Well you know, maybe it’s time we figured out that we should make our own devices rather than importing the vast majority of our tech from sneaky bastards.
Can you boil something down for me? Are all iPhones, iPads, and other Apple devices being hacked right now with these chips?
mebbe this was supposed to be a cover story for someone who mighta had a “leaky” toilet server somewhere?
Marker for chaff this afternoon.
Nice, in-depth write up.
You have pointed out devices that may be compromised that already have some “air of suspicion” in our in our Q-enhanced lives. Sherryl Atkinson has testified about witnessing her computer messed with remotely. And we’ve just gotten more confirmation on how creepy phones are with Q’s reveal of the DiFiChi/Murky hall meeting.
I’ve been thinking about the unsuspicious, seemingly innocuous items that are as legion as blades of grass: light fixtures. How many are in a typical Wal-Mart. How many are on a 10-mile stretch of I-x75 interstate outer belt?
The LED generation of fixtures have power supplies (drivers) that are very much like microprocessors that handle dimming, soft start ramp up, and LED longevity compensation. Municipal lighting systems can communicate back to a central control point asking for dimming, turn on/off, and hours burned suggesting maintenance is near. And all this time you thought that little thingy on top of a street lamp was just a photocell.
Indoor systems have occupancy sensors that work on IR sensing. Don’t know, but a camera could be substituted or work in a complementary role to the sensor. Some big-boxers have Blue Tooth comm nodes in their lighting that can pick up (via your phone) that you are in store, can list items you recently purchased, can direct you to item locations and to where the sale items are if you so wish to avail yourself of these systems when shopping. And some of these places are double-whamming you because sensing/comm devices are on-board shopping carts. Yeah...that 4” x 7” plastic company name and logo badge on a cart may not be all that innocent.
This is all creepy. And it’s even creepier knowing a vast amount of these devices are sourced from China.
Thanks very much for this alternative perspective.
Just curious: Can you identify the source for this? Is the non-italic your personal analysis; or, is all of the dialog from somewhere else?
In any event, we have a MYSTERIOUS SITUATION:
1) Q posted link (Q-2334) to the VERY EXPLOSIVE Bloomberg story on Oct 4 ... even going so far as to suggest it is connected to the ship collisions.
2) Another “source” calls “100% FAKE NEWS” on Bloomberg, and points to edits in the story made Oct 5.
I AM PERPLEXED.
If it were not for the Q involvement, I would probably tend towards the “debunking” article (which still indicates a major problem with, most likely, all “reference designed generic PCs and Androids” being infected. (In other words: Everything EXCEPT Apple products.)
Hmm. Apple becomes a co-protagonist, with CHINA, in both versions of this story.
There is a great deal of smoke here. I NEED MORE INFORMATION.
Thanks for this post...very interesting.
Why do you think a Bloomberg disinfo article about the Supermicro chip is coming out now, and from whom?