Slash Boxes

SoylentNews is people

posted by Fnord666 on Wednesday October 10 2018, @11:45AM   Printer-friendly
from the he-said-she-said dept.

Major US telecom was infiltrated by backdoored Supermicro hardware, Bloomberg says

Five days after Bloomberg stunned the world with still-unconfirmed allegations that Chinese spies embedded data-sniffing chips in hardware used by Apple, Amazon, and dozens of other companies, the news organization is doubling down. Bloomberg is now reporting that a different factory-seeded manipulation from the previously described one was discovered in August inside the network of a major US telecommunications company.

Bloomberg didn't name the company, citing a non-disclosure agreement between the unnamed telecom and the security firm it hired to scan its data centers. AT&T, Sprint and T-Mobile all told Ars they weren't the telecom mentioned in the Bloomberg post. Verizon and CenturyLink also denied finding backdoored Supermicro hardware in their datacenters, Motherboard reported.

Tuesday's report cites documents, analysis, and other evidence provided by Yossi Appleboum, who is co-CEO of a hardware security firm called Sepio Systems. Bloomberg said that, while Sepio was scanning servers belonging to the unnamed telecom, the firm detected unusual communications from a server designed by Supermicro. Supermicro, according to last week's Bloomberg report, is the hardware manufacturer whose motherboards were modified in the factory to include a tiny microchip that caused attached servers to come under the control of a previously unreported division of China's People's Liberation Army. Supermicro told Bloomberg it had no knowledge of the implant, marking the second time the hardware maker has denied knowing anything about the reported manipulations.

[...] The criticism was still at full pitch on Tuesday morning when Bloomberg published its follow-up article. While it names a single source, some security experts quickly challenged the credibility of the report. "Sure this story has one named source but it technically makes even less sense than the first one," Cris Thomas, a security expert who tweets under the handle SpaceRogue, wrote. "Come on @Bloomberg get somebody who knows what they're talking about to write these stories. Calling BS on this one as well."

Previously: Chinese Spy Chips Allegedly Inserted Into Amazon, Apple, etc. Datacenters by Super Micro
Bloomberg Stands by Chinese Chip Story as Apple, Amazon Ratchet up Denials

Related: Firmware Vulnerabilities in Supermicro Systems
Supermicro Announces Suspension of Trading of Common Stock on Nasdaq and its Intention to Appeal

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by crafoo on Wednesday October 10 2018, @04:34PM (5 children)

    by crafoo (6639) on Wednesday October 10 2018, @04:34PM (#747012)

    On what grounds are the critics calling BS on these two Bloomberg articles? Is it because the damning allegations come from 90% anonymous sources? That actually seems reasonable.

    Not that I'm all that skeptical, in general. It likely that everything is backdoored by at least one state-sponsored spy agency.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Wednesday October 10 2018, @04:54PM (2 children)

    by Anonymous Coward on Wednesday October 10 2018, @04:54PM (#747028)

    Anonymous sources, anonymous victim. Maybe not implausible method but sounds like a movie plot when backdoors could easily be present in firmware without the need for an obvious physical alteration to the hardware. Actually this fits the bill for folklore/urban legend. Somebody, somewhere once encountered a bogeyman. You could be next!

    And on top of that, TFS claims that the story has already changed. All in all sounds like a Chinese equivalent to the Skripal poisoning, but without even a named victim. But hey, fewer details there are, fewer problems for critical thinkers and "fake news" sites like WSWS to point out?

    In the Skripal case, three people were admitted to the hospital (and not allowed to talk to the public), one of whom died, but the details range from murky to implausible with conclusion jump left and right. In this case, the entire thing could be completely made up out of whole cloth.

  • (Score: 3, Interesting) by DannyB on Wednesday October 10 2018, @05:45PM

    by DannyB (5839) Subscriber Badge on Wednesday October 10 2018, @05:45PM (#747056) Journal

    On what grounds are the critics calling BS on these two Bloomberg articles?

    Profit? Or something to do with money? Or lawyers? Or gag orders? Or payoffs?

    With modern TVs you don't have to worry about braking the yolk on the back of the picture tube.
  • (Score: 0) by Anonymous Coward on Thursday October 11 2018, @07:12PM

    by Anonymous Coward on Thursday October 11 2018, @07:12PM (#747586)
    1) No real evidence so far except claims - e.g. no motherboard from the Amazon nor Apple backdooring has surfaced.
    2) The first article made some unlikely claims e.g. chip between fibreglass layers. If you're going to backdoor stuff you'd do it in easier ways that are harder to detect.
    3) Amazon and Apple both issued denials and Apple even wrote a letter to Congress.
    4) Most of the other newspapers etc seem to be keeping some distance away from the story (they're doing stuff like "Bloomberg claimed").

    Each by itself isn't much or enough but combined it does make Bloomberg look like the crazy guy in the room...

    Sometimes the crazy guy is right, but at this stage...