Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Wednesday December 12 2018, @11:00AM   Printer-friendly
from the I-believe-you dept.

Audit: No Chinese surveillance implants in Supermicro boards found

In a letter to customers issued December 11, Supermicro President and CEO Charles Liang and other top executives announced that an audit conducted by an outside investigating team had found no evidence of any malicious hardware incorporated into motherboards currently or previously manufactured by the company. The letter is the latest rebuttal to Bloomberg reports in October that claimed tiny chips that provided a backdoor for China's intelligence agencies had been integrated into boards provided to major Internet and cloud providers—a report also refuted by the companies the report claimed were targeted.

"After a thorough examination and a range of functional tests, the investigative firm found absolutely no evidence of malicious hardware on our motherboards," the letter signed by Liang, Supermicro Senior Vice President and Chief Compliance Officer David Weigland, and Senior VP and Chief Product Officer Raju Penumatcha stated.

Searching for site:soylentnews.org supermicro on Google brought up a Supermicro ad linking the CEO letter, with the link entitled "Supermicro Independent Testing | No Malicious Hardware‎". Do you believe them?

Previously: Chinese Spy Chips Allegedly Inserted Into Amazon, Apple, etc. Datacenters by Super Micro
Bloomberg Stands by Chinese Chip Story as Apple, Amazon Ratchet up Denials
Bloomberg Claims That a Major U.S. Telecom Operated a Server Backdoored by a Hidden Chip

Related: Apple Deleted Server Supplier After Finding Infected Firmware in Servers
Firmware Vulnerabilities in Supermicro Systems
Supermicro Announces Suspension of Trading of Common Stock on Nasdaq and its Intention to Appeal


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 2) by MostCynical on Wednesday December 12 2018, @11:08AM (7 children)

    by MostCynical (2589) on Wednesday December 12 2018, @11:08AM (#773395) Journal

    Do you believe them?

    I believe they didn't find any evidence.

    Did they get genuine random samples? Were they supplied special "clean" items? And.. how hard did they look?

    --
    "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
    • (Score: 1, Insightful) by Anonymous Coward on Wednesday December 12 2018, @11:50AM

      by Anonymous Coward on Wednesday December 12 2018, @11:50AM (#773406)

      Also, would it amout to corporate suicide to report otherwise? Would it be legal to do so? How honest have these guys been in the past? (dunno, honest question)

    • (Score: 0) by Anonymous Coward on Wednesday December 12 2018, @11:58AM

      by Anonymous Coward on Wednesday December 12 2018, @11:58AM (#773409)

      They looked just hard enough (and definitely no more expensive than!) to later claim "we looked thoroughly at everything" and have it stand up to superficial evaluation by (security) management drones.

      I'll bet you lots of virtual AC-money that, were an experienced professional to look at what they actually did, he would pronounce that their activities were akin to scooping water with a sieve.

    • (Score: 2) by YeaWhatevs on Wednesday December 12 2018, @04:30PM

      by YeaWhatevs (5623) on Wednesday December 12 2018, @04:30PM (#773502)

      I believe they chose to sit in a sensory deprivation chamber as well as actively not retrieve their own memories in order to make this claim.

      I used to work with a guy who's tried to pull this shit every day of the week as he wrecked the software. First time or two I thought this could have been a tounge-in-cheek joke with bad delivery, or maybe he just had bad memory, but no, he really did somehow think this was going to get him out of fixing his shit. I really wish I was his manager that day. I would have given him about 15 seconds to drop the act or fire his ass on the spot.

    • (Score: 1) by hopdevil on Wednesday December 12 2018, @05:10PM

      by hopdevil (3356) on Wednesday December 12 2018, @05:10PM (#773529)

      Finding such implants would be quite the challenge. You would actually need devices from the customer's production facility, after which you would be looking for a single misplaced grain of sand in 1000x of servers.

      If you are asking the people that already deny having any implants if they see any (outside team knows where the money comes from), what do you think their answer will be?

      Oh yes, we see it now, thank you for informing us that all of our infrastructure is bugged, we will replace it all immediately to keep customer confidence.

    • (Score: 5, Informative) by sjames on Wednesday December 12 2018, @08:01PM (2 children)

      by sjames (2882) on Wednesday December 12 2018, @08:01PM (#773636) Journal

      Keep in mind there is no contrary evidence at all. Bloomberg made some bald assertions backed by "anonymous sources", a mis-quoted expert who stated elsewhere that he was actually speaking of a hypothetical situation and a few "representative" photos "for illustration" that didn't actually show anything relevant to the claim. Nobody at all has ever come forward with any better evidence than NONE.

      On the other side, Apple and Amazon have indicated that they haven't seen anything related to the Bloomberg story. Honestly, given the nothing on the other side, a "We don't FEEL hacked" from Supermicro would be adequate to refute the unbacked claim.

      • (Score: 3, Interesting) by pipedwho on Wednesday December 12 2018, @09:07PM (1 child)

        by pipedwho (2032) on Wednesday December 12 2018, @09:07PM (#773682)

        This.

        Expecting someone to prove a negative based on unsupported 'anonymous' accusations is ridiculous. Especially, when the corporations under 'media attack' have indicated that they have investigated the situation and found no corroborating evidence that there is any truth to the rumour.

        Sadly this seems to be standard operating procedure for media. An 'anonymous source' provides some scandalous claim about companies X, Y and Z. Meanwhile 'someone' is reaping the benefits of a short call on company X, Y and/or Z stocks.

        • (Score: 1) by DeVilla on Friday December 14 2018, @02:47AM

          by DeVilla (5354) on Friday December 14 2018, @02:47AM (#774244)

          I dunno. Ruining someone based on unsupported accusations seems to be du jour.

  • (Score: 1, Funny) by Anonymous Coward on Wednesday December 12 2018, @12:08PM (3 children)

    by Anonymous Coward on Wednesday December 12 2018, @12:08PM (#773413)

    I wonder if the audit was performed by Kaspersky?

    • (Score: 4, Touché) by DannyB on Wednesday December 12 2018, @03:04PM

      by DannyB (5839) Subscriber Badge on Wednesday December 12 2018, @03:04PM (#773461) Journal

      I doubt it. AFAIK, Kaspersky does not use Faith Based audit methodology that would be a requirement in the eligibility selection criteria.

      --
      The people who rely on government handouts and refuse to work should be kicked out of congress.
    • (Score: 0) by Anonymous Coward on Wednesday December 12 2018, @05:59PM

      by Anonymous Coward on Wednesday December 12 2018, @05:59PM (#773563)

      everybody knows real windows users use norty!

    • (Score: 0) by Anonymous Coward on Wednesday December 12 2018, @06:09PM

      by Anonymous Coward on Wednesday December 12 2018, @06:09PM (#773572)

      If it was they would have found chips inserted by CIA and told the rest of us.

  • (Score: 4, Insightful) by Anonymous Coward on Wednesday December 12 2018, @12:12PM (4 children)

    by Anonymous Coward on Wednesday December 12 2018, @12:12PM (#773415)

    Do you believe them?

    I don't believe the original accusation, so this statement is irrelevant.

    If there is true evidence found by CIA/NSA whoever of intentional malfeasance by the Chinese government, they wouldn't just yell "stop buying Chinese!". I would expect a significant diplomatic response, so far I haven't seen that. Therefore I'm assuming this is a money/greed driven campaign.
    At least I don't recall seeing any evidence.

    • (Score: 0) by Anonymous Coward on Wednesday December 12 2018, @01:30PM (1 child)

      by Anonymous Coward on Wednesday December 12 2018, @01:30PM (#773432)

      If there is true evidence found by CIA/NSA whoever of intentional malfeasance by the Chinese government, they wouldn't just yell "stop buying Chinese!". I would expect a significant diplomatic response, so far I haven't seen that.

      When a TLA makes a stink about something they will have to reveal (at least) some of the evidence that they have. Doing so lets their adversaries know a little bit more about how they are being surveilled by the TLA.

      I'm not saying that a TLA did find any proof, or that these accusations are true/false, just that "no diplomatic kerfuffle" does not mean nothing was uncovered.

      • (Score: 2) by DannyB on Wednesday December 12 2018, @03:07PM

        by DannyB (5839) Subscriber Badge on Wednesday December 12 2018, @03:07PM (#773464) Journal

        Yep. Whenever a TLA reveals something big, that revelation implies something about how the big revelation was discovered.

        Conspiracy theory: Bloomberg's article author is a conspiracy theorist, or is working to help our Tirade War.

        --
        The people who rely on government handouts and refuse to work should be kicked out of congress.
    • (Score: 0) by Anonymous Coward on Wednesday December 12 2018, @08:00PM

      by Anonymous Coward on Wednesday December 12 2018, @08:00PM (#773633)

      I would expect a significant diplomatic response

      You mean like with the Khashoggi murder?

    • (Score: 2) by Arik on Thursday December 13 2018, @07:49AM

      by Arik (4543) on Thursday December 13 2018, @07:49AM (#773916) Journal
      I don't believe the original accusation, as in, yeah, evidence? What?

      That said I don't find the accusation at all incredible. China is the world's number 2 power and the number 1 has been metaphorically shoveling sand in their face for several years. They were a little sensitive before the teasing started and they're positively riled now - so much so that they've essentially undone all the liberalization since shortly after Mao died, and crowned the new ruler a virtual Emperor yet again.

      Emperor Xi, aka Winnie the Poo, is a very dangerous man.

      So this is one of those smells true even if it isn't sort of accusations. Quite safe to make, as a result. Is it true or not is another story.

      My own gut response is yes, it's probably more or less true. I doubt they went to much extra expense to make sure this would work, but yeah, especially anything manufactured post Xi should be considered rooted from the factory.

      Context - so should anything manufactured in the US, and starting several years earlier. :(
      --
      If laughter is the best medicine, who are the best doctors?
  • (Score: 2, Insightful) by Anonymous Coward on Wednesday December 12 2018, @12:16PM

    by Anonymous Coward on Wednesday December 12 2018, @12:16PM (#773416)

    Supermicro is HQd in the USA, you can't trust a word that they, or any other USAian body, says when the government has an interest in the public's belief about the matter at hand.

  • (Score: 5, Insightful) by Arik on Wednesday December 12 2018, @12:24PM (1 child)

    by Arik (4543) on Wednesday December 12 2018, @12:24PM (#773422) Journal
    "No Malicious Hardware‎"

    And yet they sell Intel.
    --
    If laughter is the best medicine, who are the best doctors?
    • (Score: 4, Interesting) by Runaway1956 on Wednesday December 12 2018, @02:55PM

      by Runaway1956 (2926) Subscriber Badge on Wednesday December 12 2018, @02:55PM (#773454) Journal

      My Supermicro is powered by Opteron. If/when something better than Opteron happens, I may go with it. At this point in time, Opteron seems the best thing going, and Supermicro supports it quite well. I'm considering an upgrade to a newer, faster board. I deserve a nice Christmas present.

  • (Score: 2) by chewbacon on Wednesday December 12 2018, @10:04PM

    by chewbacon (1032) on Wednesday December 12 2018, @10:04PM (#773718)

    I don’t build mobos, but I’d think sneaking in a chip that the board wasn’t engineered to have would cause other problems with the board that would pop up quickly on quality measurement graphs. The whole thing smelled of fake news.

(1)