Skip to comments.New Evidence of Hacked Supermicro Hardware Found in U.S. Telecom
Posted on 10/09/2018 10:33:18 PM PDT by Zhang Fei
Bloomberg link only.
Is there a summary (that you’re aware of) outlining the Supermicro hacks indicating the infected components and years?
Oh look. Another reason why we shouldn’t manufacture our stuff in China.
[Is there a summary (that youre aware of) outlining the Supermicro hacks indicating the infected components and years?]
Makes sense. Thanks.
We moved quite a bit of SM gear, but not into critical sites.
I think that technology is in Cisco routers, and I know from following this Apple Endeavor servers are rife with the technology
This is huge
The DEEP STATE just dont want the news to get out as that will greatly impact APPLE share pricing on Wall Street as they are the #1 facilitator of China's censorship by an American company.
My company Johnson and Johnson is such a joke, with their cavorting for everything MArxist and Chinese while making their employees sign and swear they took the training and will abide by the training to prevent hacking.
My company Johnson and Johnson is such a joke, with their cavorting for everything MArxist and Chinese while making their employees sign and swear they took the training and will abide by the training to prevent hacking. They mainly carry Lenovo PCs...
Google is the #1 facilitator of Chinas censorship by an American company.
Good article. Thanks for posting.
It’s a brilliant hack method. The friken ethernet connector! It typically has a few microcomponents with it anyway. So they install a tiny microcomputer instead. Raw signal access. Like an ethernet sniffer built in.
I’ll lay money it’s in routers, too. A gazillion of them.
Software hacks. Hardware hacks and spies. Everything Chinese sourced is suspect including the people.
Bloomberg doubling down on anonymous claims. The 600 million stock valuation loss by Supermicro could well turn into a lawsuit which, with damages, effectively end the Rat rag and put Bloomberg in the poor house.
I know from following this Apple Endeavor servers are rife with the technology
Then you would also know that
a) such a chip cannot be placed on any Apple board and,
b) that Apple has investigated and denied the entirety of the Rat (Bloomberg) claim,
——1) you are entirely mistaken and have fallen for a disinformation campaign which benefits options and short sellers.
Chips embedded with hostile software.
Would anyone want to be on the Electronic Warfare Ping?
So far, LOW volume.
Other updates coming up here to ‘all’.
Mystery disruption for cell networks after presidential alert text...
Trump Wants Chinese Parts Out of American Weapons
[Hostile code hidden in chips is inevitable, even if we have not already been compromised.]
Chinese spy chips said to be found in hardware used by APPLE, AMAZON...
[report disputed by Apple]
USA warns of new hacking spree [linked to China]
Did you notice this all comes from a single source that uses Anonymous citations with no evidence? None at all. . . and FAKED PICTURES of generic electronic parts that are NOT what they claim to be showing?
This new howling about finding a Supermicro altered server is ALSO a bogus claim from a single source that does NOT name the "major telecom company" in which they claim to have found ONE (1) server out of thousands with a supposedly compromised Ethernet connector in it. . . Yet they did NOT find any such thing in the other thousands of Supermicro servers from the same order that were installed. That is NOT proof of anything except a possible defective Ethernet connector. The Bozo who is reporting this is in a huge violation of his Nondisclosure Agreement (NDA) which is why he says he can't reveal the name of the "major telecom company" where this server was found. . . but he gives every other detail about his employment, such as the brand of server they are using and what the issue he was called in for, and what he claims he found,. . . which is what an NDA would cover! THIS IS BOGUS.
One of the so-called sources in the ORIGINAL Bloomberg article has already called them out for misquoting him and taking his theoretical explanations of how it could be done and mischaracterizing them as how it IS BEING DONE, and attributing it to him, when he actually told them their theory expounded in the original article "Made no sense!"
One other thing I find extremely suspicious is his claim that an unnamed "major telecom company" would bring in a less than two-year old start-up company to "scan their servers" for something amiss. These major telecom businesses have top quality security people WORKING FOR THEM completely capable of doing that, who are, in fact, capable of writing the code to do it and monitor the outgoing traffic! They aren't going to hire some start-up with a few employees and no real track record to have any access to their servers. Ain't gonna happen. No way!
Then you find this guy has been feeding Bloomberg ALL of these talking points since before the very first article, Yossi Appleboum. . . and his company, Sepio Systems, is one Bloomberg is hyping! This is what Bloomberg has been roundly criticized before about FAKE NEWS for business the hype the stock of . . . pushing stories that help their pet companies. This company sells software that "mitigates against malicious hardware installed on motherboards or other hardware.". . and their primary source for ALL OF THIS is the Co-CEO of that company. Yet every other expert is saying this is BOGUS, and is not happening. Get it now????
[Hostile code hidden in chips is inevitable, even if we have not already been compromised.]
There I completely agree. . . that's why the Bloomberg article claiming the need to put a surreptitious IC on a motherboard is so stupid and does not make sense. . . because it would stand out like a sore RED FLAG THUMB to the people who designed the board, Supermicro who designed it in San Jose, CA, and who check for such things in their Quality Control. It called it "MAKES NO SENSE TO ADD A CHIP TO THE MOTHERBOARD THAT IS EASILY FOUND, WHEN YOU CAN ADDED IT INSIDE THE FIRMWARE SOFTWARE!" or to hide it inside an IC where it can only be found by use of an electron microscope after stripping off the covering parts of a multiple layers of other circuits.
Even the ORIGINAL Bloomberg article stated that Apple did not wind up using the Supermicro boards, cancelling an order of 30,000. . . but Apple said they DID order and use some. AFTER the date they were supposed to have found malicious ICs on motherboards, which both Apple and Amazon state categorically they did not. Only Bloomberg makes this claim from ANONYMOUS sources using bogus evidence, evidently provided by Appleboum and Sepio Systems for their own aggrandizement.
Actually you know no such thing. The articles that come from one single source, Bloomberg, stated that Apple FOUND the malicious chips and cancelled their order for 30,000 servers. If that were the case, then Apple would not have been effected.
However, the entire series of facts as laid out by Bloomberg is BOGUS, coming from anonymous sources with no proffer of evidence to back it up except FAKED photographs of chips that are NOT what they claim them to be, but rather other types of electronic parts well recognized by experts in the field. In fact some of the people they quote have come out to say they have been quoted by Bloomberg's reporters OUT OF CONTEXT and with important parts of what they said omitted, such as "This makes no sense." and "There are much easier ways to do this."
Both Amazon and Apple have OFFICIALLY denied they ever found any such thing as Bloomberg claims they found and the history of the two companies' involvement with Supermicro also proves that Bloomberg's claims are complete lies as well. In fact, while Apple did sever its relationship with Supermicro, it did so in the summer of 2016, ONE YEAR after the time that Bloomberg claimed they found bogus chips on the Server motherboards in summer of 2015. Amazon, went ahead and BOUGHT the company that was using Supermicro to make their servers, and it CONTINUED to use Supermicro to make the servers for Amazon. . . for both Amazon Web Serverices and Amazon Prime Video serverces. . . AFTER the 2015 claimed date when Amazon engineers were supposed to have found bogus IC chips on the servers they WERE going to buy from the company and per Bloomberg cancelled the contract. No, Amazon BOUGHT the company three months later, hook line, and Supermicro contract. That is NOT the act of a due diligent company who found major security flaw. For Apple's part, Apple bought almost 7,000 Supermicro servers until Supermicro could not meet the demand due to supplying Amazon's needs because of their expansion. Apple went elsewhere and severed their relationship due to lack of Supermicro's inability to supply the numbers Apple needed for their streaming video service, not because of security concerns. Nothing in this history of the three companies matches Bloomberg's Tall Tale at all.
I am not referring to the latest but an older news story from months ago about the 200,000 compromised Cisco routers
What I am talking about is not directly related to the server part but they were discussed ad naseum on LinkedIn and other places where this type of information is regularly discussed and not typical for main stream news pubs.
This then is additive not part of the story you wax on about me being incorrect about. The endeavor servers provided by Apple are a key element in the overall architecture and the chip installed was deliberately done so for behavioral reasons. The same is true of the Cisco routers, I do not make this stuff up it is part of my profession to know and account for in the overall secure architecture my role and solutions require.
As to your last position of this being a big noting it is also being discussed on LinkedIn as a potential security risk and I maintain my interest for the reasons mentioned above. Its validation is still in question, time will tell and if you understand what is going on and you seem to have more than a remedial level of knowledge I hope you would agree that it bears monitoring. The Big Boys have been deep into stuff for years and they do not have clean hands by any measure, at least not to me.
Time will tell
The CISCO exploit is the way it would be done. . . not adding an obvious extra IC to a motherboard, but by seeding additional commands and software to the firmware which is far harder to locate and discover. . . leaving the firewall full of holes the bad actors can walk through at leisure. THAT is something we absolutely do have to be aware of and guard against, checking to assure that what should be in firmware and all chips existent on boards is what is supposed to be there and nothing more.
Something so obvious as this is a red herring that causes us to look elsewhere than where we SHOULD be looking. This is the magician's distraction, not the actual exploit we SHOULD be looking for.
My point in all this is that Bloomberg has a reputation of publishing ignorant FAKE NEWS before this. Bloomberg writers literally do not know what they are talking about as several of the real experts they were picking the brains of prior to writing the articles pointed out. . . and these experts kept telling them "Your theory makes no sense," yet they ran with it anyway and omitted that truth from their article. Their predilection to using anonymous sources without a second source as outlined in this article is common. They are a serial publisher of FAKE NEWS. So far, no other credible source outside of Bloomberg has published anything to back up Bloomberg's claims and multiple people and organizations in official statements in the companies involved and in national security agencies have denied that what Bloomberg stated ever occurred. In addition, several of Bloomberg's named source experts have claimed they were misquoted and cited out of context, with Bloomberg citing hypothetical explanations as descriptions of actual real events.
Those, I think, are dispositive that Bloomberg's writers made up a narrative that was mostly wishful thinking built on a STORY fed to them by a single source with a marketing plan, Yossi Appleboum and his company Sepio Systems, to sell their mitigation software for EXACTLY what Bloomberg describes.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.