British spy agency casts more doubt on spy chip report

[nir]

It has ‘no reason to doubt’ Apple and Amazon’s denials

 

The UK’s top national cybersecurity agency GCHQ told Reuters on Friday that it didn’t see any reason to question the validity of Apple and Amazon’s denials that their servers were compromised following a meteoric report from Bloomberg on Thursday. The report claimed that Chinese spies were able to place microchips in the companies’ servers, allegedly giving the Chinese government backdoor access to some of the largest cloud platforms in the world.

 

The GCHQ, which is the UK’s equivalent to the US National Security Agency (NSA), didn’t call for an investigation into the claims, but it requested that anyone with information about the alleged attack reach out. In its response to Reuters, the GCHQ said, “We are aware of the media reports but at this stage have no reason to doubt the detailed assessments made by AWS and Apple,” said the National Cyber Security Centre, a unit of GCHQ.

 

“The NCSC engages confidentially with security researchers and urges anybody with credible intelligence about these reports to contact us,” it said.

 

Despite the unconcerned reaction from the British spy agency, American lawmakers are getting fired up over the reporting; some are even calling for an outright investigation. A spokesperson for Rep. Tom Cotton (R-AR) told Politico on Thursday that, “It’s past time for American companies to wake up and realize that [Chinese President] Xi Jinping and his cronies view private enterprise as ‘fair game’ in their subversive campaign against our nation.”

 

Sen. Mark Warner (D-VA), who called Chinese hardware companies ZTE and Huawei “national security threats” this summer, told Politico that the report “provides more evidence that China’s pattern of behavior is a serious threat to national security and supply chain risk management.”

 

Rep. Frank Pallone (D-NJ), the ranking member of the Energy and Commerce Committee, was the most assertive, calling the report “deeply disturbing,” and requesting a congressional investigation in a statement to Bloomberg.

There are a whole bunch of plausible explanations that don't require fraud. There was no fraud involved in #badbios or it's journalistic coverage, and dozens of experts (correctly) confirmed to reporters it was technically plausible.

— Tavis Ormandy (@taviso) October 5, 2018

Many in the cybersecurity world have also questioned the report. Tavis Ormandy, a star researcher at Google’s Project Zero, argued on Twitter that the reporting might be overblown, saying, “there are a whole bunch of plausible explanations that don’t require fraud.”

 

Source

[Ha91]

According to this logic, Israel's Mossad and its related cyber-security departments may have essentially hacked world-wide systems through Intel?

[nonspin]

Just because it's _plausible_ - doesn't make it is _probable_.

If someone thinks that the Chinese are dumb enough to physically embed a backdoor

into any architecture .... is a Dreamer.

 

If they'd do it - it would be one a level that is anything BUT _plausible_

Something that would trigger a simple StackOverflow (for example).

The Chinese know how "chips" work, because they build them.

If they can build it, they _probably_ know the weak(er) links/spots that can be triggered/exploited.

By Design.

 

A signal that would change the voltage/frequency/anything in a specific region,

known to them is enough to initiate a Cascade/StackOverflow.

... Without sneaking in a code-based backdoor.

Whoever uses the term "backdoor" here hasn't done any homework in the past 20 years

and _probably_ deserves to be backdoor'd.