Surprised peet hadn't picked up on this already. Usually is right up his alley.
The article: The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies.
At a high level: a journalist at Bloomberg claims that Apple and Amazon independently found apparent backdoors in the hardware of their servers assembled by San Jose firm Supermicro, which had ultimately been traced to China military intelligence as a result of a three-year, highly classified investigation. According to Bloomberg, the reporting is based on 17 anonymous sources, some being former Obama and Trump government officials, and some being insiders inside Amazon and Apple familiar with the investigation.
Apple and Amazon have released statements vigorously denying the report.
This story is fascinating given the reporting and the denials, it's very unclear what the truth of the matter is. I can think of many explanations, but none of them seem likely to me. What do you think?
The 17 sources don't exist: Bloomberg fabricated the story out of whole cloth for clicks and ad revenue.The sources do exist, but they aren't who they say they are: Bloomberg is the victim of a very elaborate con.The sources do exist and are who they say they are, but are lying (perhaps to give cover for anti-Chinese policy).The sources do exist but are misinformed and are repeating unsubstantiated rumors rather than firsthand information.The sources do exist and are correct, but the investigation is so compartmentalized that even senior executives are unaware of the issue.The sources do exist and are correct, but Apple and Amazon are not allowed to confirm it publicly.The sources do exist and are correct, but Apple and Amazon are denying the stories to protect their brand.
Bloomberg: The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
I did hear about the alleged chips but the story is much covered in fog for me. It seems a technical challenge to make those spy chips and be sure they work bug free. Nothing more embarrassing to be caught by buggy spy kit One way or another, the spy chip has to contact home base, and might be detected by firewall logs in a router. It might be a great spytool tho, which company opens hardware to careful inspect all components?
I can understand Bloomberg is tip-toeing on this article, the lawyers of the companies might be queuing to sue them. Google did act open to the public when they found out about the NSA wiretapping a few years ago and they encrypted inter server communications. It could also be that the companies are on a gag order not to disclose this spy chip information.
Anyway, now the ghost is out the bottle, I think we might hear more about this subject.
/offtopic
https://nos.nl/artikel/2253313-mivd-we- ... komen.html
I suggest to pipe it through Google Translate if you are interested in this article.
In MyLittleCountry we were kind of busy with some alleged Russians ID's holders, who had noting to do with the GRoe (cough), which were supposedly caught red handed trying to hack the OPCW wifi (see photo of 4G phone and some other equipment in car). We do not complain too loud because otherwise The Russians might be upset. That is, after some guy tweeted about something NSA-ish on a filelisting about ... OPCW (and others). Again nothing really important is done with it because otherwise The Americans might be upset.
https://twitter.com/UID_/status/7930640 ... tijl.nl%2F
I can understand Bloomberg is tip-toeing on this article, the lawyers of the companies might be queuing to sue them. Google did act open to the public when they found out about the NSA wiretapping a few years ago and they encrypted inter server communications. It could also be that the companies are on a gag order not to disclose this spy chip information.
Anyway, now the ghost is out the bottle, I think we might hear more about this subject.
/offtopic
https://nos.nl/artikel/2253313-mivd-we- ... komen.html
I suggest to pipe it through Google Translate if you are interested in this article.
In MyLittleCountry we were kind of busy with some alleged Russians ID's holders, who had noting to do with the GRoe (cough), which were supposedly caught red handed trying to hack the OPCW wifi (see photo of 4G phone and some other equipment in car). We do not complain too loud because otherwise The Russians might be upset. That is, after some guy tweeted about something NSA-ish on a filelisting about ... OPCW (and others). Again nothing really important is done with it because otherwise The Americans might be upset.
https://twitter.com/UID_/status/7930640 ... tijl.nl%2F
https://english.defensie.nl/binaries/de ... SH+DEF.pdfpeet wrote:QUOTE (peet @ Oct 5 2018, 08:21 AM) IWe do not complain too loud because otherwise The Russians might be upset.
The Escapist (Justin Emerson) @ Dec 21 2010, 02:33 PM:
The history of open-source Allegiance is paved with the bodies of dead code branches, forum flame wars, and personal vendettas. But a community remains because people still love the game.
Anyway, seems like a ticket reservation is for a none existing train. There is only one ICE line which is from Amsterdam to Frankfurt and you need a reservation for each train instead of one. You have to switch ICE train in Frankfurt to get to Basel.
That train was leaving Utrecht a little bit earlier, too.
WTF is your little country doing?
That train was leaving Utrecht a little bit earlier, too.
WTF is your little country doing?
The Escapist (Justin Emerson) @ Dec 21 2010, 02:33 PM:
The history of open-source Allegiance is paved with the bodies of dead code branches, forum flame wars, and personal vendettas. But a community remains because people still love the game.
some random thoughts:
my bro is an IT dude working at CISCO and says the article is being mocked by the tech industry for being full of inaccuracies. that said, journalists are generally pretty clueless about the technical parts and i understand bloomberg wanting to involve as few people as possible in this thing.
it's easy to dismiss this story as a strategic government leak to increase the public's support to its China trade war. especially given Mr. Pence's speech at the Hudson Institute think tank shortly thereafter: https://worldview.stratfor.com/article/ ... gn=article
however it's still quite plausible, and if true, does indeed deserve a strong response. also given how sensitive this is, and that it's supposedly been investigated since 2015 (that Bloomberg knows of... probably actually earlier), the timing of the trade war and the industries it's targeting seems to suggest that it could be true and the trade war is actually not at all about the trade deficit but about the strategic risk posed by American industry's reliance on Chinese supply chains.
my bro is an IT dude working at CISCO and says the article is being mocked by the tech industry for being full of inaccuracies. that said, journalists are generally pretty clueless about the technical parts and i understand bloomberg wanting to involve as few people as possible in this thing.
it's easy to dismiss this story as a strategic government leak to increase the public's support to its China trade war. especially given Mr. Pence's speech at the Hudson Institute think tank shortly thereafter: https://worldview.stratfor.com/article/ ... gn=article
however it's still quite plausible, and if true, does indeed deserve a strong response. also given how sensitive this is, and that it's supposedly been investigated since 2015 (that Bloomberg knows of... probably actually earlier), the timing of the trade war and the industries it's targeting seems to suggest that it could be true and the trade war is actually not at all about the trade deficit but about the strategic risk posed by American industry's reliance on Chinese supply chains.
JimmyNighthawk wrote:QUOTE (JimmyNighthawk @ Jun 30 2013, 11:32 PM) "Bavarian Sausage Anti-Ketchup Soap"[*]
For anyone sane this has always been it. I'm wary of being so reliant on China for exactly this case. Not that I'm a fan of the tariffs as they are, its a bit heavy-handed.Terran wrote:QUOTE (Terran @ Oct 6 2018, 12:12 PM) however it's still quite plausible, and if true, does indeed deserve a strong response. also given how sensitive this is, and that it's supposedly been investigated since 2015 (that Bloomberg knows of... probably actually earlier), the timing of the trade war and the industries it's targeting seems to suggest that it could be true and the trade war is actually not at all about the trade deficit but about the strategic risk posed by American industry's reliance on Chinese supply chains.
Trade deficits/surpluses are really meaningless in terms of how it is used in the press, and should not be a public basis for government policy. It all comes out in the balance of payments in currency trade anyways.
If it is false, and there are no hardware attacks going on, I would bet it is only because software attacks are still both viable and relatively cheap enough that these hardware attacks are not worthwhile.
Homeland Security "... no reason to doubt the statements from the companies named in the story."
https://www.dhs.gov/news/2018/10/06/sta ... compromise
Apple wrote to congress: "https://www.reuters.com/article/us-chin ... SKCN1MH0YQ"
It seems Bloomberg has a problem if many experts deny their story. Not sure if they can provide more (technical) details.
https://www.dhs.gov/news/2018/10/06/sta ... compromise
Apple wrote to congress: "https://www.reuters.com/article/us-chin ... SKCN1MH0YQ"
It seems Bloomberg has a problem if many experts deny their story. Not sure if they can provide more (technical) details.