By: wumpus (lost.delete@this.in.a.cave), October 4, 2018 3:35 pm
Room: Moderated Discussions
Maynard Handley (name99.delete@this.name99.org) on October 4, 2018 10:01 am wrote:
> Maynard Handley (name99.delete@this.name99.org) on October 4, 2018 9:57 am wrote:
> > David Kanter (dkanter.delete@this.realworldtech.com) on October 4, 2018 8:23 am wrote:
> > > Bloomberg released a fantastic report on Chinese intelligence inserting malicious
> > > HW into supply chains for servers: https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies?srnd=premium
> > >
> > > It sure gives a different angle to the move to a hardware root-of-trust by the industry. In reality though,
> > > I'm not sure if HW RoT is sufficient. You can always sniff capacitance across an exposed wire!
> > >
> > > David
> >
> > IF it's true...
> >
> > Compare
> > "Apple made its discovery of suspicious chips inside Supermicro
> > servers around May 2015, after detecting odd
> > network activity and firmware problems, according to a person familiar with the timeline. Two of the senior
> > Apple insiders say the company reported the incident to the FBI but kept details about what it had detected
> > tightly held, even internally. Government investigators were still chasing clues on their own when Amazon
> > made its discovery and gave them access to sabotaged hardware, according to one U.S. official. This created
> > an invaluable opportunity for intelligence agencies and the FBI—by then running a full investigation led
> > by its cyber- and counterintelligence teams—to see what the chips looked like and how they worked.
> > "
> >
> > with
> >
> > ""On this we can be very clear: Apple has never found malicious chips, "hardware manipulations"
> > or vulnerabilities purposely planted in any server," Apple said in a statement. "Apple never
> > had any contact with the FBI or any other agency about such an incident.""
> > from
> > https://www.businessinsider.com/supermicro-share-price-crushed-by-report-it-sold-servers-compromised-by-chinese-spies-2018-10
> >
> > So we have Bloomberg claiming a bunch of details about what Apple knew and did, and
> > talking to the FBI, and Apple categorically denying this. Whom do we believe?
> >
> > Well, I obviously have no specific insight into the matter. However I DO know the following background facts
> > - it is a tradition of the seedier parts of the US political establishment to feed lies to reporters
> > - the same Republicans who have been thoroughly compromised by Russia are doing everything they
> > can to paint China as America's new enemy ("We have always been at war with EastAsia" indeed)
> > - if your greatest negotiating tactics ever, beautiful negotiating tactics, against China
> > have failed to win you glory, time for a plan B, a Reichstag fire or Ems Telegram
> >
>
> Much longer (even MORE categorical denials) from Apple et al here:
> https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond
>
While "prior restraint" takes enormous requirements for the law or the courts to remove the right to speech, intelligence agencies can drop NSLs willy nilly and force companies to declare such denials.
Obviously this would happen if those "chips" were planted by US agencies, but it is conceivable that they might not want information about Chinese ones (or any third party, but it sounds difficult for such a third party to do such).
For any country under control of the Patriot Act (although to a certain extent this was true in the US well before that), no denial of espionage can be taken at face value (not that you should take wild claims of finding a "chip" at face value either).
Among other things:
>"Finally, in response to questions we have received from other news organizations >since Businessweek published its story, we are not under any kind of gag order or >other confidentiality obligations"
Still means nothing (at least for such legal secrecy)
> Maynard Handley (name99.delete@this.name99.org) on October 4, 2018 9:57 am wrote:
> > David Kanter (dkanter.delete@this.realworldtech.com) on October 4, 2018 8:23 am wrote:
> > > Bloomberg released a fantastic report on Chinese intelligence inserting malicious
> > > HW into supply chains for servers: https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies?srnd=premium
> > >
> > > It sure gives a different angle to the move to a hardware root-of-trust by the industry. In reality though,
> > > I'm not sure if HW RoT is sufficient. You can always sniff capacitance across an exposed wire!
> > >
> > > David
> >
> > IF it's true...
> >
> > Compare
> > "Apple made its discovery of suspicious chips inside Supermicro
> > servers around May 2015, after detecting odd
> > network activity and firmware problems, according to a person familiar with the timeline. Two of the senior
> > Apple insiders say the company reported the incident to the FBI but kept details about what it had detected
> > tightly held, even internally. Government investigators were still chasing clues on their own when Amazon
> > made its discovery and gave them access to sabotaged hardware, according to one U.S. official. This created
> > an invaluable opportunity for intelligence agencies and the FBI—by then running a full investigation led
> > by its cyber- and counterintelligence teams—to see what the chips looked like and how they worked.
> > "
> >
> > with
> >
> > ""On this we can be very clear: Apple has never found malicious chips, "hardware manipulations"
> > or vulnerabilities purposely planted in any server," Apple said in a statement. "Apple never
> > had any contact with the FBI or any other agency about such an incident.""
> > from
> > https://www.businessinsider.com/supermicro-share-price-crushed-by-report-it-sold-servers-compromised-by-chinese-spies-2018-10
> >
> > So we have Bloomberg claiming a bunch of details about what Apple knew and did, and
> > talking to the FBI, and Apple categorically denying this. Whom do we believe?
> >
> > Well, I obviously have no specific insight into the matter. However I DO know the following background facts
> > - it is a tradition of the seedier parts of the US political establishment to feed lies to reporters
> > - the same Republicans who have been thoroughly compromised by Russia are doing everything they
> > can to paint China as America's new enemy ("We have always been at war with EastAsia" indeed)
> > - if your greatest negotiating tactics ever, beautiful negotiating tactics, against China
> > have failed to win you glory, time for a plan B, a Reichstag fire or Ems Telegram
> >
>
> Much longer (even MORE categorical denials) from Apple et al here:
> https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond
>
While "prior restraint" takes enormous requirements for the law or the courts to remove the right to speech, intelligence agencies can drop NSLs willy nilly and force companies to declare such denials.
Obviously this would happen if those "chips" were planted by US agencies, but it is conceivable that they might not want information about Chinese ones (or any third party, but it sounds difficult for such a third party to do such).
For any country under control of the Patriot Act (although to a certain extent this was true in the US well before that), no denial of espionage can be taken at face value (not that you should take wild claims of finding a "chip" at face value either).
Among other things:
>"Finally, in response to questions we have received from other news organizations >since Businessweek published its story, we are not under any kind of gag order or >other confidentiality obligations"
Still means nothing (at least for such legal secrecy)
Topic | Posted By | Date |
---|---|---|
Supply chains and trust | David Kanter | 2018/10/04 07:23 AM |
Supply chains and trust | Maynard Handley | 2018/10/04 08:57 AM |
Supply chains and trust | Maynard Handley | 2018/10/04 09:01 AM |
Supply chains and trust | wumpus | 2018/10/04 03:35 PM |
Supply chains and trust | Robert Williams | 2018/10/08 05:30 PM |
Supply chains and trust | Maynard Handley | 2018/10/08 06:21 PM |
Supply chains and trust | Robert Williams | 2018/10/09 08:03 AM |
Supply chains and trust | Robert Williams | 2018/10/09 08:08 AM |
Supply chains and trust | Maynard Handley | 2018/10/09 08:27 AM |
Supply chains and trust | dmcq | 2018/10/04 09:31 AM |
Supply chains and trust | Gabriele Svelto | 2018/10/04 10:32 AM |
Supply chains and trust | Brett | 2018/10/04 10:52 AM |
Supply chains and trust | Maynard Handley | 2018/10/04 11:08 AM |
Supply chains and trust | Adrian | 2018/10/04 11:36 AM |
Supply chains and trust | Maynard Handley | 2018/10/04 11:51 AM |
Supply chains and trust | Rob Thorpe | 2018/10/04 12:09 PM |
Supply chains and trust | David Hess | 2018/10/04 11:38 AM |
Supply chains and trust | Brett | 2018/10/04 11:52 AM |
Supply chains and trust | Doug S | 2018/10/04 12:33 PM |
Supply chains and trust | David Hess | 2018/10/04 11:09 AM |
Supply chains and trust | David Hess | 2018/10/04 11:03 AM |
Supply chains and trust | Doug S | 2018/10/04 12:45 PM |
Supply chains and trust | Gabriele Svelto | 2018/10/05 12:53 AM |
Supply chains and trust | dmcq | 2018/10/05 02:51 AM |
Supply chains and trust | Gabriele Svelto | 2018/10/05 03:34 AM |
Supply chains and trust | Doug S | 2018/10/05 11:46 AM |
Supply chains and trust | Gabriele Svelto | 2018/10/06 01:59 PM |
Supply chains and trust | David Hess | 2018/10/06 03:12 PM |
Supply chains and trust | J | 2018/10/04 09:24 PM |
Supply chains and trust | Andrew Clough | 2018/10/05 05:38 AM |
Supply chains and trust | David Hess | 2018/10/06 03:16 PM |
Supply chains and trust | Maxwell | 2018/10/06 03:37 PM |
Hit job on Super Micro? | Maxwell | 2018/10/04 09:46 PM |
Hit job on Super Micro? | Brett | 2018/10/04 11:55 PM |
Hit job on Super Micro? | David Hess | 2018/10/06 03:15 PM |
Supply chains and trust | Kevin G | 2018/10/04 12:47 PM |
Raptor Engineering's Raptor | Gabriele Svelto | 2018/10/05 03:42 AM |
Supply chains and trust | Groo | 2018/10/06 05:49 AM |
Supply chains and trust | David Kanter | 2018/10/06 08:04 AM |
Supply chains and trust | Groo | 2018/10/06 02:42 PM |
Supply chains and trust | David Kanter | 2018/10/06 02:46 PM |
SuperMicro boards are not made in USA | Adrian | 2018/10/06 11:08 PM |
SuperMicro boards are not made in USA | Adrian | 2018/10/06 11:28 PM |
Supply chains and trust | juanrga | 2018/10/07 06:12 AM |
Supply chains and trust | David Hess | 2018/10/06 03:24 PM |
Supply chains and trust | Wes Felter | 2018/10/07 02:35 PM |
What did the BOM entry look like? | Mark Roulo | 2018/10/04 01:21 PM |
Supply chains and trust | Maynard Handley | 2018/10/04 03:01 PM |
Supply chains and trust | dmcq | 2018/10/05 12:27 AM |
Here's what I think happened | Doug S | 2018/10/05 11:56 AM |
Here's what I think happened | Brett | 2018/10/05 03:17 PM |
FBI wants to be your first contact | ex-apple | 2018/10/05 03:41 PM |
Here's what I think happened | Doug S | 2018/10/05 09:59 PM |
Why call CIA? | David Kanter | 2018/10/06 08:01 AM |
Why call CIA? | Doug S | 2018/10/06 08:33 AM |
Why call CIA? | David Kanter | 2018/10/06 02:43 PM |
Here's what I think happened | Maynard Handley | 2018/10/05 03:23 PM |
Here's what I think happened | dmcq | 2018/10/06 03:52 AM |
Supply chains and trust | David Hess | 2018/10/06 03:34 PM |
Supply chains and trust | Groo | 2018/10/06 06:01 AM |
Supply chains and trust | etudiant | 2018/10/07 03:36 AM |