Here's what I think happened

By: Doug S (foo.delete@this.bar.bar), October 5, 2018 12:56 pm
Room: Moderated Discussions
dmcq (dmcq.delete@this.fano.co.uk) on October 5, 2018 1:27 am wrote:
> Maynard Handley (name99.delete@this.name99.org) on October 4, 2018 4:01 pm wrote:
> > David Kanter (dkanter.delete@this.realworldtech.com) on October 4, 2018 8:23 am wrote:
> > > Bloomberg released a fantastic report on Chinese intelligence inserting malicious
> > > HW into supply chains for servers: https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies?srnd=premium
> > >
> > > It sure gives a different angle to the move to a hardware root-of-trust by the industry. In reality though,
> > > I'm not sure if HW RoT is sufficient. You can always sniff capacitance across an exposed wire!
> > >
> > > David
> >
> > Apple just ratcheted up the level of denial:
> > https://www.apple.com/newsroom/2018/10/what-businessweek-got-wrong-about-apple/
> >
> > Among other things:
> > "Finally, in response to questions we have received from other news organizations since Businessweek
> > published its story, we are not under any kind of gag order or other confidentiality obligations"
>
> Of course the would say that ;-) Anything they do now will just feed a feeding frenzy.


The article says the information was very closely held within Apple, and the same is surely true of Amazon. I'll bet once this was discovered, the engineers involved go to their manager, who says we need to take this to the government. The FBI asks them not to discuss it with anyone else on national security grounds.

Either the FBI talks to Bloomberg (either deliberately or via a leak) or the people at Apple/Amazon who know become concerned not getting any feedback from the FBI and worry other companies may be attacked and not know to defend themselves so they go to the press. Either way, when spokespeople at Apple/Amazon are contacted, they email various executives "hey do you know anything about this" and they contact some others but the people who know about it and didn't tell others within the company aren't contacted. Thus the company issues denials, because as far as anyone is aware the story is false.

Meanwhile the guys who know about this read the story, then see their company making official denials. If they talk to someone "hey I was involved in this, it is true" then they might get in trouble. For making the company look bad issuing a denial they'd have to retract, for perhaps not following proper procedures when the FBI was contacted, for potentially whistleblowing to the press. They aren't likely to be rewarded for any of these things, and could possibly get fired (if they would leak this to the press, maybe they would leak other stuff, better get rid of them just in case) So there's an incentive for them to remain silent now.
< Previous Post in ThreadNext Post in Thread >
TopicPosted ByDate
Supply chains and trustDavid Kanter2018/10/04 08:23 AM
  Supply chains and trustMaynard Handley2018/10/04 09:57 AM
    Supply chains and trustMaynard Handley2018/10/04 10:01 AM
      Supply chains and trustwumpus2018/10/04 04:35 PM
      Supply chains and trustRobert Williams2018/10/08 06:30 PM
        Supply chains and trustMaynard Handley2018/10/08 07:21 PM
          Supply chains and trustRobert Williams2018/10/09 09:03 AM
            Supply chains and trustRobert Williams2018/10/09 09:08 AM
              Supply chains and trustMaynard Handley2018/10/09 09:27 AM
    Supply chains and trustdmcq2018/10/04 10:31 AM
      Supply chains and trustGabriele Svelto2018/10/04 11:32 AM
        Supply chains and trustBrett2018/10/04 11:52 AM
          Supply chains and trustMaynard Handley2018/10/04 12:08 PM
            Supply chains and trustAdrian2018/10/04 12:36 PM
              Supply chains and trustMaynard Handley2018/10/04 12:51 PM
              Supply chains and trustRob Thorpe2018/10/04 01:09 PM
            Supply chains and trustDavid Hess2018/10/04 12:38 PM
            Supply chains and trustBrett2018/10/04 12:52 PM
          Supply chains and trustDoug S2018/10/04 01:33 PM
        Supply chains and trustDavid Hess2018/10/04 12:09 PM
      Supply chains and trustDavid Hess2018/10/04 12:03 PM
    Supply chains and trustDoug S2018/10/04 01:45 PM
      Supply chains and trustGabriele Svelto2018/10/05 01:53 AM
        Supply chains and trustdmcq2018/10/05 03:51 AM
          Supply chains and trustGabriele Svelto2018/10/05 04:34 AM
        Supply chains and trustDoug S2018/10/05 12:46 PM
          Supply chains and trustGabriele Svelto2018/10/06 02:59 PM
            Supply chains and trustDavid Hess2018/10/06 04:12 PM
    Supply chains and trustJ2018/10/04 10:24 PM
      Supply chains and trustAndrew Clough2018/10/05 06:38 AM
        Supply chains and trustDavid Hess2018/10/06 04:16 PM
        Supply chains and trustMaxwell2018/10/06 04:37 PM
    Hit job on Super Micro?Maxwell2018/10/04 10:46 PM
      Hit job on Super Micro?Brett2018/10/05 12:55 AM
        Hit job on Super Micro?David Hess2018/10/06 04:15 PM
  Supply chains and trustKevin G2018/10/04 01:47 PM
    Raptor Engineering's RaptorGabriele Svelto2018/10/05 04:42 AM
    Supply chains and trustGroo2018/10/06 06:49 AM
      Supply chains and trustDavid Kanter2018/10/06 09:04 AM
        Supply chains and trustGroo2018/10/06 03:42 PM
          Supply chains and trustDavid Kanter2018/10/06 03:46 PM
            SuperMicro boards are not made in USAAdrian2018/10/07 12:08 AM
              SuperMicro boards are not made in USAAdrian2018/10/07 12:28 AM
          Supply chains and trustjuanrga2018/10/07 07:12 AM
        Supply chains and trustDavid Hess2018/10/06 04:24 PM
      Supply chains and trustWes Felter2018/10/07 03:35 PM
  What did the BOM entry look like?Mark Roulo2018/10/04 02:21 PM
  Supply chains and trustMaynard Handley2018/10/04 04:01 PM
    Supply chains and trustdmcq2018/10/05 01:27 AM
      Here's what I think happenedDoug S2018/10/05 12:56 PM
        Here's what I think happenedBrett2018/10/05 04:17 PM
          FBI wants to be your first contactex-apple2018/10/05 04:41 PM
          Here's what I think happenedDoug S2018/10/05 10:59 PM
            Why call CIA?David Kanter2018/10/06 09:01 AM
              Why call CIA?Doug S2018/10/06 09:33 AM
                Why call CIA?David Kanter2018/10/06 03:43 PM
        Here's what I think happenedMaynard Handley2018/10/05 04:23 PM
          Here's what I think happeneddmcq2018/10/06 04:52 AM
    Supply chains and trustDavid Hess2018/10/06 04:34 PM
  Supply chains and trustGroo2018/10/06 07:01 AM
    Supply chains and trustetudiant2018/10/07 04:36 AM
Reply to this Topic
Name:
Email:
Topic:
Body: No Text
How do you spell green?