SoylentNews is people
SoylentNews
Following up on our story from Thursday — Chinese Spy Chips Allegedly Inserted Into Amazon, Apple, etc. Datacenters by Super Micro — there is a report from Ars Technica Bloomberg stands by Chinese chip story as Apple, Amazon ratchet up denials:
On Thursday morning, Bloomberg published a bombshell story claiming that the Chinese government had used tiny microchips to infiltrate the data centers of Apple and Amazon. Apple and Amazon, for their part, responded with unusually specific and categorical denials. It's clear that someone is making a big mistake, but 24 hours later, it's still not clear whether it's Bloomberg or the technology companies.
On Thursday afternoon, Apple laid out its case against the story in a lengthy post on its website. The post specifically disputed a number of Bloomberg's claims. For example, Bloomberg says that after discovering a mysterious chip in one of its servers, Apple "reported the incident to the FBI," leading to an investigation. Apple flatly denies that this occurred.
"No one from Apple ever reached out to the FBI about anything like this," Apple writes. "We have never heard from the FBI about an investigation of this kind."
Amazon's response has been equally emphatic and detailed. "There are so many inaccuracies in this article as it relates to Amazon that they're hard to count," Amazon wrote on Thursday. "We never found modified hardware or malicious chips in servers in any of our data centers."
Yet Bloomberg reporter Jordan Robertson, one of the article's co-authors, has stood by his story. In a Thursday afternoon appearance on Bloomberg TV, Robertson said that he talked to 17 anonymous sources—both in US intelligence agencies and at affected companies—who confirmed the story.
So what's going on? It's clear that someone isn't telling the truth, but it's hard to tell what the real story is.
A comment to that story on Ars noted:
The (alleged) chip is associated with the BMC (baseboard management controller). It has indirect access to everything that the BMC can touch, which is pretty much everything in the system.
See, also, coverage on Hackaday where a comment identifies the particular board in question as being a MicroBlade MBI-6128R-T2. A link to a tweet reveals a picture of the board in question and a followup picture showing where the extra device would be located.
(Score: 3, Insightful) by Rosco P. Coltrane on Sunday October 07 2018, @10:49AM (8 children)
but the really sad thing is, it's plausible and quite believable.
(Score: 5, Interesting) by Yog-Yogguth on Sunday October 07 2018, @12:46PM (4 children)
Maybe the eager US warmongers who started the story managed to get far enough down the rabbit-hole for someone to realize they were tracing the implants right back to themselves and thus the boot came down.
That's what's likely given the NSA documentation Snowden released.
17 anonymous sources... LOL! Seventeen times zero is still zero.
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))
(Score: 2) by legont on Sunday October 07 2018, @08:41PM (3 children)
Yep, my bet it's NSA as well.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 0) by Anonymous Coward on Sunday October 07 2018, @08:59PM (2 children)
As if Intel hasn't already given the NSA a gold-plated access key. They don't need to waste their time on fake signal conditioning filters.
(Score: 1, Insightful) by Anonymous Coward on Monday October 08 2018, @06:52AM (1 child)
Apple has quite strict and tight control over their supply chains (to prevent leaks and "maintain" quality among other things), so they may have figured out the chips weren't added in China or by China... And this campaign is to salvage the anti-China false flag operation...
Even the above is more believable bullshit than Bloomberg's version of reality. ;)
Seriously though, if it really happened why would Apple AND Amazon etc deny it? Why only Bloomberg and a bunch of anonymous people claim it happened? It's like Bloomberg and a bunch of anonymous people claiming a bunch of women were raped by China and ALL those women make PUBLIC statements to deny that ever happened and even say Bloomberg is getting stuff wrong. If two of the victims stepped out to say "Yes it happened to me" then I'd start to believe it.
(Score: 0) by Anonymous Coward on Monday October 08 2018, @02:29PM
You ask why would they deny it, but the answer is obvious: they do not want to admit their operations are not at all secure. Some people have been wisely avoiding US based services for awhile. This kind of revelation does not exactly improve their reputation.
When billions of dollars are on the line, people tend to lie, alot.
(Score: 2, Insightful) by Anonymous Coward on Monday October 08 2018, @06:34AM (1 child)
How so? China already makes/supplies/assembles many of the chips used in a computer. e.g. the south bridge stuff, even some Intel NICs are made in China.
Why add chips when they can just replace existing chips with modified versions? Especially when the existing chips would already be connected to all the relevant tracks or I/O (e.g. network interface).
The Bloomberg article had claims like some "pencil tip sized" chips being found between motherboard fibreglass layers... Think about how more inconvenient it would be to get those to pwn a computer, compared to just modifying a southbridge chip (which already has so much junk in it). It's harder to detect such changes to a southbridge chip compared to detecting those changes to a motherboard. Why do stuff in a harder more detectable way?
It's not so plausible when you know how stuff works.
Even more plausible was it was a false flag - a TLA did it and made it detectable but Apple etc figured out who it really was and so they got NSLed into denying it ever happened.
(Score: 2) by urza9814 on Tuesday October 09 2018, @02:59PM
The more complicated chips involve firmware blobs, and they might not have access to the source code for that. They could reverse-engineer something equivalent, but that's going to be a lot of work and more easily noticed.
They also might not want the manufacturer to know -- or at least not right away. It's probably pretty hard to get an identical Intel chip with modified software installed on a shipped board without *someone* at Intel knowing about it. But you could intercept a standard shipment (while it's in customs perhaps), add your spy chip, and send it back out without involving a single employee at the manufacturer or the recipient which significantly reduces the risk of getting caught. If the new chip is included on the circuit board or solder mask that's a bit less likely, but it's still possible that they didn't want to involve the manufacturer in initial experiments/testing of the concept, or they don't want to give any information beyond "Install the chips that we are going to provide" without anyone having the knowledge of exactly what those chips do. You definitely don't want to start your super secret spy project by explaining the whole thing to some corporate CxOs to see if they can do it. People are going to know about that spy project before the product even ships.
And on top of that, I'd imagine that the spy chip method could be more versatile. The external interfaces to various processors and bridge chips are likely to be more stable and standardized than the chip internals, so that might let you build one spy chip that works on a larger variety of systems.
(Score: 1, Insightful) by Anonymous Coward on Monday October 08 2018, @09:53AM
Especially as NSA has "intercepted" Cisco equipment to install additional "features" for ages...