By: Doug S (foo.delete@this.bar.bar), October 5, 2018 11:56 am
Room: Moderated Discussions
dmcq (dmcq.delete@this.fano.co.uk) on October 5, 2018 1:27 am wrote:
> Maynard Handley (name99.delete@this.name99.org) on October 4, 2018 4:01 pm wrote:
> > David Kanter (dkanter.delete@this.realworldtech.com) on October 4, 2018 8:23 am wrote:
> > > Bloomberg released a fantastic report on Chinese intelligence inserting malicious
> > > HW into supply chains for servers: https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies?srnd=premium
> > >
> > > It sure gives a different angle to the move to a hardware root-of-trust by the industry. In reality though,
> > > I'm not sure if HW RoT is sufficient. You can always sniff capacitance across an exposed wire!
> > >
> > > David
> >
> > Apple just ratcheted up the level of denial:
> > https://www.apple.com/newsroom/2018/10/what-businessweek-got-wrong-about-apple/
> >
> > Among other things:
> > "Finally, in response to questions we have received from other news organizations since Businessweek
> > published its story, we are not under any kind of gag order or other confidentiality obligations"
>
> Of course the would say that ;-) Anything they do now will just feed a feeding frenzy.
The article says the information was very closely held within Apple, and the same is surely true of Amazon. I'll bet once this was discovered, the engineers involved go to their manager, who says we need to take this to the government. The FBI asks them not to discuss it with anyone else on national security grounds.
Either the FBI talks to Bloomberg (either deliberately or via a leak) or the people at Apple/Amazon who know become concerned not getting any feedback from the FBI and worry other companies may be attacked and not know to defend themselves so they go to the press. Either way, when spokespeople at Apple/Amazon are contacted, they email various executives "hey do you know anything about this" and they contact some others but the people who know about it and didn't tell others within the company aren't contacted. Thus the company issues denials, because as far as anyone is aware the story is false.
Meanwhile the guys who know about this read the story, then see their company making official denials. If they talk to someone "hey I was involved in this, it is true" then they might get in trouble. For making the company look bad issuing a denial they'd have to retract, for perhaps not following proper procedures when the FBI was contacted, for potentially whistleblowing to the press. They aren't likely to be rewarded for any of these things, and could possibly get fired (if they would leak this to the press, maybe they would leak other stuff, better get rid of them just in case) So there's an incentive for them to remain silent now.
> Maynard Handley (name99.delete@this.name99.org) on October 4, 2018 4:01 pm wrote:
> > David Kanter (dkanter.delete@this.realworldtech.com) on October 4, 2018 8:23 am wrote:
> > > Bloomberg released a fantastic report on Chinese intelligence inserting malicious
> > > HW into supply chains for servers: https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies?srnd=premium
> > >
> > > It sure gives a different angle to the move to a hardware root-of-trust by the industry. In reality though,
> > > I'm not sure if HW RoT is sufficient. You can always sniff capacitance across an exposed wire!
> > >
> > > David
> >
> > Apple just ratcheted up the level of denial:
> > https://www.apple.com/newsroom/2018/10/what-businessweek-got-wrong-about-apple/
> >
> > Among other things:
> > "Finally, in response to questions we have received from other news organizations since Businessweek
> > published its story, we are not under any kind of gag order or other confidentiality obligations"
>
> Of course the would say that ;-) Anything they do now will just feed a feeding frenzy.
The article says the information was very closely held within Apple, and the same is surely true of Amazon. I'll bet once this was discovered, the engineers involved go to their manager, who says we need to take this to the government. The FBI asks them not to discuss it with anyone else on national security grounds.
Either the FBI talks to Bloomberg (either deliberately or via a leak) or the people at Apple/Amazon who know become concerned not getting any feedback from the FBI and worry other companies may be attacked and not know to defend themselves so they go to the press. Either way, when spokespeople at Apple/Amazon are contacted, they email various executives "hey do you know anything about this" and they contact some others but the people who know about it and didn't tell others within the company aren't contacted. Thus the company issues denials, because as far as anyone is aware the story is false.
Meanwhile the guys who know about this read the story, then see their company making official denials. If they talk to someone "hey I was involved in this, it is true" then they might get in trouble. For making the company look bad issuing a denial they'd have to retract, for perhaps not following proper procedures when the FBI was contacted, for potentially whistleblowing to the press. They aren't likely to be rewarded for any of these things, and could possibly get fired (if they would leak this to the press, maybe they would leak other stuff, better get rid of them just in case) So there's an incentive for them to remain silent now.
| Topic | Posted By | Date |
|---|---|---|
| Supply chains and trust | David Kanter | 2018/10/04 07:23 AM |
| Supply chains and trust | Maynard Handley | 2018/10/04 08:57 AM |
| Supply chains and trust | Maynard Handley | 2018/10/04 09:01 AM |
| Supply chains and trust | wumpus | 2018/10/04 03:35 PM |
| Supply chains and trust | Robert Williams | 2018/10/08 05:30 PM |
| Supply chains and trust | Maynard Handley | 2018/10/08 06:21 PM |
| Supply chains and trust | Robert Williams | 2018/10/09 08:03 AM |
| Supply chains and trust | Robert Williams | 2018/10/09 08:08 AM |
| Supply chains and trust | Maynard Handley | 2018/10/09 08:27 AM |
| Supply chains and trust | dmcq | 2018/10/04 09:31 AM |
| Supply chains and trust | Gabriele Svelto | 2018/10/04 10:32 AM |
| Supply chains and trust | Brett | 2018/10/04 10:52 AM |
| Supply chains and trust | Maynard Handley | 2018/10/04 11:08 AM |
| Supply chains and trust | Adrian | 2018/10/04 11:36 AM |
| Supply chains and trust | Maynard Handley | 2018/10/04 11:51 AM |
| Supply chains and trust | Rob Thorpe | 2018/10/04 12:09 PM |
| Supply chains and trust | David Hess | 2018/10/04 11:38 AM |
| Supply chains and trust | Brett | 2018/10/04 11:52 AM |
| Supply chains and trust | Doug S | 2018/10/04 12:33 PM |
| Supply chains and trust | David Hess | 2018/10/04 11:09 AM |
| Supply chains and trust | David Hess | 2018/10/04 11:03 AM |
| Supply chains and trust | Doug S | 2018/10/04 12:45 PM |
| Supply chains and trust | Gabriele Svelto | 2018/10/05 12:53 AM |
| Supply chains and trust | dmcq | 2018/10/05 02:51 AM |
| Supply chains and trust | Gabriele Svelto | 2018/10/05 03:34 AM |
| Supply chains and trust | Doug S | 2018/10/05 11:46 AM |
| Supply chains and trust | Gabriele Svelto | 2018/10/06 01:59 PM |
| Supply chains and trust | David Hess | 2018/10/06 03:12 PM |
| Supply chains and trust | J | 2018/10/04 09:24 PM |
| Supply chains and trust | Andrew Clough | 2018/10/05 05:38 AM |
| Supply chains and trust | David Hess | 2018/10/06 03:16 PM |
| Supply chains and trust | Maxwell | 2018/10/06 03:37 PM |
| Hit job on Super Micro? | Maxwell | 2018/10/04 09:46 PM |
| Hit job on Super Micro? | Brett | 2018/10/04 11:55 PM |
| Hit job on Super Micro? | David Hess | 2018/10/06 03:15 PM |
| Supply chains and trust | Kevin G | 2018/10/04 12:47 PM |
| Raptor Engineering's Raptor | Gabriele Svelto | 2018/10/05 03:42 AM |
| Supply chains and trust | Groo | 2018/10/06 05:49 AM |
| Supply chains and trust | David Kanter | 2018/10/06 08:04 AM |
| Supply chains and trust | Groo | 2018/10/06 02:42 PM |
| Supply chains and trust | David Kanter | 2018/10/06 02:46 PM |
| SuperMicro boards are not made in USA | Adrian | 2018/10/06 11:08 PM |
| SuperMicro boards are not made in USA | Adrian | 2018/10/06 11:28 PM |
| Supply chains and trust | juanrga | 2018/10/07 06:12 AM |
| Supply chains and trust | David Hess | 2018/10/06 03:24 PM |
| Supply chains and trust | Wes Felter | 2018/10/07 02:35 PM |
| What did the BOM entry look like? | Mark Roulo | 2018/10/04 01:21 PM |
| Supply chains and trust | Maynard Handley | 2018/10/04 03:01 PM |
| Supply chains and trust | dmcq | 2018/10/05 12:27 AM |
| Here's what I think happened | Doug S | 2018/10/05 11:56 AM |
| Here's what I think happened | Brett | 2018/10/05 03:17 PM |
| FBI wants to be your first contact | ex-apple | 2018/10/05 03:41 PM |
| Here's what I think happened | Doug S | 2018/10/05 09:59 PM |
| Why call CIA? | David Kanter | 2018/10/06 08:01 AM |
| Why call CIA? | Doug S | 2018/10/06 08:33 AM |
| Why call CIA? | David Kanter | 2018/10/06 02:43 PM |
| Here's what I think happened | Maynard Handley | 2018/10/05 03:23 PM |
| Here's what I think happened | dmcq | 2018/10/06 03:52 AM |
| Supply chains and trust | David Hess | 2018/10/06 03:34 PM |
| Supply chains and trust | Groo | 2018/10/06 06:01 AM |
| Supply chains and trust | etudiant | 2018/10/07 03:36 AM |