Decoding the Chinese Super Micro super spy-chip super-scandal

[straycat19]

Analysis

 

Chinese government agents sneaked spy chips into Super Micro servers used by Amazon, Apple, the US government, and about 30 other organizations, giving Beijing's snoops access to highly sensitive data, according to a bombshell Bloomberg report today.

 

The story, which has been a year in the making and covers events it says happened three years ago, had a huge impact on the markets: the company at the center of the story, San Jose-based Super Micro, saw its share price drop by nearly 50 per cent; likewise Apple's share price dropped by just under two per cent, and Amazon's dropped by more than two per cent.

 

But the article has been strongly denied by the three main companies involved: Apple, Amazon, and Super Micro. Each has issued strong and seemingly unambiguous statements denying the existence and discovery of such chips or any investigation by the US intelligence services into the surveillance implants.

 

These statements will have gone through layers of lawyers to make sure they do not open these publicly traded corporations to lawsuits and securities fraud claims down the line. Similarly, Bloomberg employs veteran reporters and layers of editors, who check and refine stories, and has a zero tolerance for inaccuracies.

 

So which is true: did the Chinese government succeed in infiltrating the hardware supply chain and install spy chips in highly sensitive US systems; or did Bloomberg's journalists go too far in their assertions? We'll dig in.

 

The report

 

First up, the key details of the exclusive. According to the report, tiny microchips that were made to look like signal conditioning couplers were added to Super Micro data center server motherboards manufactured by sub-contractors based in China.

Those spy chips were not on the original board designs, and were secretly added after factory bosses were pressured or bribed into altering the blueprints, it is claimed.

 

The surveillance chips, we're told, contained enough memory and processing power to effectively backdoor the host systems so that outside agents could, say, meddle with the servers and exfiltrate information.

 

The Bloomberg article is not particularly technical, so a lot of us are having to guesstimate how the hack worked. From what we can tell, the spy chip was designed to look like an innocuous component on the motherboard with a few connector pins – just enough for power and a serial interface, perhaps. One version was sandwiched between the fiberglass layers of the PCB, it is claimed.

 

The spy chip could have been placed electrically between the baseboard management controller (BMC) and its SPI flash or serial EEPROM storage containing the BMC's firmware. Thus, when the BMC fetched and executed its code from this memory, the spy chip would intercept the signals and modify the bitstream to inject malicious code into the BMC processor, allowing its masters to control the BMC.

 

The BMC is a crucial component on a server motherboard. It allows administrators to remotely monitor and repair machines, typically over a network, without having to find the box in a data center, physically pull it out of the rack, fix it, and re-rack it. The BMC and its firmware can be told to power-cycle the server, reinstall or modify the host operating system, mount additional storage containing malicious code and data, access a virtual keyboard and terminal connected to the computer, and so on. If you can reach the BMC and its software, you have total control over the box.

 

With the BMC compromised, it is possible the alleged spies modified the controller's firmware and/or the host operating system and software to allow attackers to connect in or allow data to flow out. We've been covering BMC security issues for a while.

 

Here is Bloomberg's layman explanation for how that snoop-chip worked: the component "manipulated the core operating instructions that tell the server what to do as data move across a motherboard… this happened at a crucial moment, as small bits of the operating system were being stored in the board’s temporary memory en route to the server’s central processor, the CPU. The implant was placed on the board in a way that allowed it to effectively edit this information queue, injecting its own code or altering the order of the instructions the CPU was meant to follow."

 

There are a few things to bear in mind: one is that it should be possible to detect weird network traffic coming from the compromised machine, and another is that modifying BMC firmware on the fly to compromise the host system is non-trivial but also not impossible. Various methods are described, here.

 

"It is technically plausible," said infosec expert and US military veteran Jake Williams in a hastily organized web conference on Thursday morning. "If I wanted to do this, this is how I'd do it."

 

The BMC would be a "great place to put it," said Williams, because the controller has access to the server's main memory, allowing it to inject backdoor code into the host operating system kernel. From there, it could pull down second-stage spyware and execute it, assuming this doesn't set off any firewall rules.

 

A third thing to consider is this: if true, a lot of effort went into this surveillance operation. It's not the sort of thing that would be added to any Super Micro server shipping to any old company – it would be highly targeted to minimize its discovery. If you've bought Super Micro kit, it's very unlikely it has a spy chip in it, we reckon, if the report is correct. Other than Apple and Amazon, the other 30 or so organizations that used allegedly compromised Super Micro boxes included a major bank and government contractors.

 

A fourth thing is this: why go to the bother of smuggling another chip on the board, when a chip already due to be placed in the circuitry could be tampered with during manufacture, using bribes and pressure? Why not switch the SPI flash chip with a backdoored one – one that looks identical to a legit one? Perhaps the disguised signal coupler was the best way to go.

 

And a fifth thing: the chip allegedly fits on a pencil tip. That it can intercept and rewrite data on the fly from SPI flash or a serial EEPROM is not impossible. However, it has to contain enough data to replace the fetched BMC firmware code, that then alters the running operating system or otherwise implements a viable backdoor. Either the chip pictured in Bloomberg's article is incorrect and just an illustration, and the actual device is larger, or there is state-of-the-art custom semiconductor fabrication involved here.

 

One final point: you would expect corporations like Apple and Amazon to have in place systems that detect not only unexpected network traffic, but also unexpected operating system states. It should be possible that alterations to the kernel and the stack of software above it should set off alarms during or after boot.

 

Bloomberg claims the chip was first noticed in 2015 in a third-party security audit of Super Micro servers that was carried out when it was doing due diligence into a company called Elemental Technologies that it was thinking of acquiring. Elemental used Super Micro's servers to do super-fast video processing.

 

Big problem

 

Amazon reported what it found to the authorities and, according to Bloomberg, that "sent a shudder" through the intelligence community because similar motherboards were in use "in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships."

 

Around the same time, Apple also found the tiny chips, according to the report, "after detecting odd network activity and firmware problems." Apple contacted the FBI and gave the agency access to the actual hardware. US intelligence agencies then tracked the hardware components backwards through the supply chain, and used their various spying programs to sift through intercepted communications, eventually ending up with a focus on four sub-contracting factories in China.

 

According to Bloomberg, the US intelligence agencies were then able to uncover how the seeding process worked: "Plant managers were approached by people who claimed to represent Super Micro or who held positions suggesting a connection to the government. The middlemen would request changes to the motherboards’ original designs, initially offering bribes in conjunction with their unusual requests. If that didn’t work, they threatened factory managers with inspections that could shut down their plants. Once arrangements were in place, the middlemen would organize delivery of the chips to the factories."

 

This explanation seemingly passes the sniff test: it fits what we know of US intelligence agencies investigative approaches, their spy programs, and how the Chinese government works when interacting with private businesses.

 

The report then provides various forms of circumstantial evidence that adds weight to the idea that this all happened by pointing to subsequent actions of both Apple and Amazon. Apple ditched Super Micro entirely as a supplier, over the course of just a few weeks, despite planning to put in a massive order for thousands of motherboards.

 

And Amazon sold off its Beijing data center to its local partner, Beijing Sinnet, for $300m.

 

Source

[steven36]

The Chinese Motherboard Hack Is a Crisis, Even If It Didn’t Really Happen

 

Apple, Amazon, and Super Micro have all denied the veracity of a report on Chinese hardware hacking. No matter the outcome, the results could inflame an already raw trade relationship for high tech between the U.S. and China.

 

It’s easy to forget in the app era, but Silicon Valley got its name from microchips. The generation that transformed orchards into Oracle did so by manufacturing electronic circuits that encrust “chips” of a semiconductor material, usually made of silicon. In the fertile purlicue south of San Francisco, the foundations of the electronic revolution were invented, designed, and manufactured. Shockley Semiconductor, Fairchild Semiconductor, Intel, and other integrated-circuit makers thrived. Computer makers who used their parts burgeoned too. Software and services came next, and then the venture capital to fund these efforts.

 

Today, the capital and the software remain, and some computer and device makers, too. But the integrated circuit business has largely left the region. Silicon is etched into Silicon Valley mostly in name. The reasons are many. Land, housing, and labor became more expensive. Other countries, most of them in East Asia, created incentives for semiconductor manufacture. Global just-in-time manufacturing, along with the low cost of shipping small, light microchips around the world, made vertical integration less desirable.

 

This is a useful lens through which to view an explosive story published this week by Bloomberg Businessweek. The report claims that Chinese spies systematically infiltrated U.S.  corporate and government computer systems by installing hardware exploits on the motherboards of servers destined for widespread use, from video-streaming services to the CIA.

 

According to Businessweek, the infected machines provided a backdoor into any network on which the machines were installed. The reporting claims that at least 30 U.S. companies were affected, including Apple and Amazon, the most valuable companies in the world. Both companies have vociferously denied the claims, but Bloomberg stands by its story.

 

Who is right is a matter of corporate and national security. The exploits and hacks that have rocked the tech industry in recent years would seem minor compared with a foreign state gaining stealth access to the entire networks of companies and government agencies that manage enormous volumes of sensitive information. But even if the situation turns out to be different than Businessweek’s report, the scenario outlined in the piece (or one like it) is totally plausible. That plausibility, made newly visible, could combine with an accelerant: A tough American stance on Chinese business, including President Trump’s love for tariffs and trade war, and China’s increased dedication to independence. The resulting blaze has serious implications for the American technology business, and it won’t soon burn out.

 

Historically, China has not been a designer or manufacturer of the integrated circuits that get printed on silicon. It imports most of them. Some of those chips are used domestically, but many are used as parts for computers, embedded systems, and other computing tools that are then exported globally. Even so, China has excelled in making large volumes of chips quickly and cheaply, and at assembling imported parts into new components or devices for export. As a result, more and more computing devices rely on Chinese manufacture in one way or another, even if China still relies on imports to fulfill those demands.

 

The servers at the center of the Businessweek story are made by Super Micro Computer, a Silicon Valley company with a long history. The company manufactures servers that businesses can customize for specific needs, but it imports pre-built components from China used to assemble them. If such machines have been infected at the supply-chain level, in parts assembled into final products, both seller and customer might never know. (Super Micro has also issued a strong denial of Businessweek’s account.)

 

Concerns about Chinese manufacturing are not new. Earlier this year, the Federal Communications Commission voted to prevent domestic telecommunications companies from using equipment made by Huawei and ZTE, two Chinese electronics manufacturers, citing national-security concerns. Separately, ZTE was caught selling electronics to Iran and North Korea in violation of U.S. economic sanctions. The Commerce Department also banned U.S. companies from selling parts to ZTE (who relies on microprocessors from Qualcomm and glass from Corning, among others). The firm agreed to pay more than $1 billion in fines to lift the ban, contingent on changes to its management and operations.

 

These recent precedents suggest that the table is already set for further censure of Chinese computer-parts suppliers, and the rising tensions of such a fallout. The Chinese government already has been pouring investment into the semiconductor sector in an attempt to achieve technological independence from the United States and Europe. Meanwhile, the United States remains reliant on Chinese components and assembly, as the Super Micro products affirm.

 

 

Whether or not a microcontroller backdoor turns out to have been installed somewhere in the Chinese supply chain, the conditions are right for anxiety about that possibility to effect U.S. trade with China in the high-tech industry. The truth of Bloomberg Businessweek’s investigation might matter less than the concerns it opens, or the open worries it further irritates—at the White House, among U.S. regulating bodies, and among the general public.

---

The international-trade scholars Henry Farrell and Abraham Newman speculate that those repercussions might weaponize U.S. dependence on China. If Chinese manufacturers offer the best or cheapest option for components needed for domestic manufacture, then it might become beneficial for China to take advantage of that need in order to conduct corporate or governmental espionage. The risks would be enormous, of course—the ZTE ban likely would have bankrupted the company had it not paid the hefty fine to lift it. But over time, if China’s investments in local sources for parts pan out, then China might not rely on imports from the United States and Europe as much as those regions do on China.

 

Up until now, cost has driven much of the U.S. reliance on Chinese manufacturing: In many cases, it’s the best way to get lots of parts produced fast and cheap. But there are downsides, too, like the lack of redundancy and weakened negotiating position that come from overreliance on one supplier, or on a cartel of regional ones. Labor, environmental, and political concerns are also mounting, hacked motherboards being just the most recent example. And besides all that, Chinese manufacturing has been getting more expensive anyway.

 

But unlike China, the United States isn’t prepared to rebuild its semiconductor and motherboard-manufacturing industries. Some of that effort still takes place domestically. Intel still makes some of its microprocessors domestically, at plants in Arizona, New Mexico, and Oregon. Texas Instruments manufactures integrated circuits in the Dallas metro area. Micron, which makes flash memory for use in solid-state drives, has fabrication facilities in Utah and Virginia. Patriot Memory makes USB flash drives in Fremont, California. But all these and other semiconductor companies also maintain fabrication facilities in Taiwan, Dalian, and elsewhere in East Asia.

 

Other, more prominent efforts to return product manufacturing stateside amount to strategies for publicity as much as supply-chain logistics. Tim Cook has boasted that Apple manufactures its high-end desktop, the Mac Pro, in a factory near Austin, Texas. But that doesn’t quite mean “Made in the USA”; the computers are assembled in Texas—from parts sourced globally, including from China. It’s also arguably Apple’s least important product line, and the U.S. manufacturer reportedly slowed production.

 

 

Even if the cost savings from offshoring manufacturing have dropped in recent years, American workers might not want those jobs as much anymore, even if some of them also find the Trump administration’s political crusade for such jobs appealing. But the alternative—building robots and artificial intelligence to do the work—only alienates blue-collar and middle-class workers even more. That means that automation might catch on faster in China, while the West wrestles with its social and political implications.

 

 

If China begins to believe that its local manufacturing capabilities will outstrip its reliance on U.S. design, parts, and materials, then the risk associated with hardware-level attacks will lower considerably, while providing substantial benefit in the form of industrial or state espionage. Soon enough, as people start tearing down the Super Micro motherboards at the heart of the scandal, the world will learn whether the hack is a real crisis or a false alarm. But in some ways, it is a real crisis no matter the outcome.

 

Source

 

 

[steven36]

1 hour ago, straycat19 said:

Big problem

Why you change the name of  the article from  Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth to Decoding the Chinese Super Micro super spy-chip super-scandal and only post one of 3 pages of it ?

 

Get out of here with your misleading  post . Your  post is about misleading as the VP Pence  speech was on China were he  said they was trying to hack the election. And  the the DHS just done a  interview  with  TWP  saying its always a possibility but we were in no danger of China hacking the election .

 

Pence needs to to gets his facts right before telling them

 

The Cybersecurity 202: 'No indication' China intends to interfere with election infrastructure, Homeland Security Secretary Nielsen says

https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2018/10/03/the-cybersecurity-202-no-indication-china-intends-to-interfere-with-midterm-elections-homeland-security-secretary-nielsen-says/5bb384431b326b7c8a8d17c5/

 

 

Fact   is the truth want never be known is China is putting spy chips in  tell private researchers  check them,  because who is right is a matter of corporate and national security. But  it dont matter if it is true not , because  the USA has decided to start a Cold War with China because i watched VP Pence's speech  witch is not based on facts  because i watched Homeland Security Secretary Nielsen interview too .  So the Register don't know shit .

[knowledge-Spammer]

if u look 

steven36

its same as what did with russia  with hacking and things like with Kaspersky 

its to scare people i think  so people not use from china not smart if its fake like Apple, Amazon, and Super Micro have all denied  say

 

[steven36]

6 minutes ago, knowledge said:

if u look 

steven36

its same as what did with russia  with hacking and things like with Kaspersky 

its to scare people i think  so people not use from china not smart if its fake like Apple, Amazon, and Super Micro have all denied  say

 

I dont trust no big tech  outfits like  Apple, Amazon, and Super Micro  ether   and I dont know bloombergs source was but the truth will come out  but like in the case with Kaspersky  it dont matter if it was true or not Kaspersky will never get contracts back with the Federal Government  when you see stuff like this posted in the media is a sign  of  things to come regardless of  they said or he said.

[sternog]

These pesky Chinese Commies are everywhere and looking to get ya, straycat19? Do you remember what happened to SecDef James Forrestal?

 

[dMog]

Peter Sellers has what, 4 or 5 different characters in that movie.

[Whi5t1eR]

Super Decoding the Super Chinese Super Micro super spy-chip Super scandal is Super News

[Ha91]

It all sounds too good to be true. While the Chinese have all the motives in the world to do so, I suspect that was an inner CIA black project to keep the companies, contractors and departments under check.

[DKT27]

About changing of title. I for one do not mind members shorting the title of news articles as long as the real information is given in it in a short possible way to do so.

 

Does not necessarily mean about this article though.