SoylentNews is people
SoylentNews
Chinese spy chips are found in hardware used by Apple, Amazon, Bloomberg says; Apple, AWS say no way
The chips, which Bloomberg said have been the subject of a top secret U.S. government investigation starting in 2015, were used for gathering intellectual property and trade secrets from American companies and may have been introduced by a Chinese server company called Super Micro that assembled machines used in the centers.
[...] China has long been suspected — but rarely directly implicated — in en masse spy campaigns based on hardware made there. The majority of electronic components used in U.S. technology are manufactured in China. Companies including component manufacturers Huawei and ZTE, as well as surveillance camera maker Hikvision, have all fallen under intense suspicion and scrutiny from the U.S. government in the past year.
I'd think that the big guys would be designing their own boards. Maybe we should only buy PCBs from South Korea.
Also at Bloomberg and The Guardian.
(Score: 4, Insightful) by Anonymous Coward on Thursday October 04 2018, @05:19PM
"If servers were phoning home to China, no one would notice?"
This is a needle in haystack problem that is created partly by the CDN's. They don't have to phone home to China, they only have to phone home to a CDN, which can then proxy the data back to China. The content looks like any other SSL encoded web query, since the CDN is used by a large number of vendors at the same time. Kind of like a reverse VPN provider. But there are a lot of other ways to do it.
This is one of the problems that has been created by the "network management" aka. monopoly techniques used by a lot of the carriers. The more the CDN's aggregate traffic, the more difficult it becomes to separate the wheat from the chaff for indevidual security admins. And having worked for a big carrier, I can tell you from experience that customer exploitation is the rule, and client security is a joke. The only people they do traffic analysis for voluntarily, is advertisers and consumer profiling agencies.
NN is a factor here. The carriers moving towards wallled gardens would actually make this problem worse because it would mean a higher reliance on CDN traffic, vs. direct traffic delivery. So in this case supporting NN also supports national security in a very practical day to day troubleshooting kind of way. That difference is quantified by having thousands of indevidual security admins analyzing traffic vs.four guys with slurpies in a telecom basement in NYC, whose default response is pretty much "fuck off, I'm busy". And the reason they'd get away with it is because they answer to management that supports that attitude, because customer loss prevention doesn't generate revenue.
IOW, do you really want to be calling Comcast to be figuring out where your traffic goes, or would you rather depend on your own network analysis tools?