Here's what I think happened

By: Brett (ggtgp.delete@this.yahoo.com), October 5, 2018 4:17 pm
Room: Moderated Discussions
Doug S (foo.delete@this.bar.bar) on October 5, 2018 12:56 pm wrote:
> dmcq (dmcq.delete@this.fano.co.uk) on October 5, 2018 1:27 am wrote:
> > Maynard Handley (name99.delete@this.name99.org) on October 4, 2018 4:01 pm wrote:
> > > David Kanter (dkanter.delete@this.realworldtech.com) on October 4, 2018 8:23 am wrote:
> > > > Bloomberg released a fantastic report on Chinese intelligence inserting malicious
> > > > HW into supply chains for servers: https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies?srnd=premium
> > > >
> > > > It sure gives a different angle to the move to a hardware root-of-trust by the industry. In reality though,
> > > > I'm not sure if HW RoT is sufficient. You can always sniff capacitance across an exposed wire!
> > > >
> > > > David
> > >
> > > Apple just ratcheted up the level of denial:
> > > https://www.apple.com/newsroom/2018/10/what-businessweek-got-wrong-about-apple/
> > >
> > > Among other things:
> > > "Finally, in response to questions we have received from other news organizations since Businessweek
> > > published its story, we are not under any kind of gag order or other confidentiality obligations"
> >
> > Of course the would say that ;-) Anything they do now will just feed a feeding frenzy.
>
>
> The article says the information was very closely held within Apple, and the same is surely true of Amazon.
> I'll bet once this was discovered, the engineers involved go to their manager, who says we need to take this
> to the government. The FBI asks them not to discuss it with anyone else on national security grounds.
>
> Either the FBI talks to Bloomberg (either deliberately or via a leak) or the people at Apple/Amazon
> who know become concerned not getting any feedback from the FBI and worry other companies may be attacked
> and not know to defend themselves so they go to the press. Either way, when spokespeople at Apple/Amazon
> are contacted, they email various executives "hey do you know anything about this" and they contact
> some others but the people who know about it and didn't tell others within the company aren't contacted.
> Thus the company issues denials, because as far as anyone is aware the story is false.
>
> Meanwhile the guys who know about this read the story, then see their company making official denials. If they
> talk to someone "hey I was involved in this, it is true" then they might get in trouble. For making the company
> look bad issuing a denial they'd have to retract, for perhaps not following proper procedures when the FBI
> was contacted, for potentially whistleblowing to the press. They aren't likely to be rewarded for any of these
> things, and could possibly get fired (if they would leak this to the press, maybe they would leak other stuff,
> better get rid of them just in case) So there's an incentive for them to remain silent now.

FBI is a red herring to make denials easier, the CIA would have been contacted.
The parts came from China not the US.
< Previous Post in ThreadNext Post in Thread >
TopicPosted ByDate
Supply chains and trustDavid Kanter2018/10/04 08:23 AM
  Supply chains and trustMaynard Handley2018/10/04 09:57 AM
    Supply chains and trustMaynard Handley2018/10/04 10:01 AM
      Supply chains and trustwumpus2018/10/04 04:35 PM
      Supply chains and trustRobert Williams2018/10/08 06:30 PM
        Supply chains and trustMaynard Handley2018/10/08 07:21 PM
          Supply chains and trustRobert Williams2018/10/09 09:03 AM
            Supply chains and trustRobert Williams2018/10/09 09:08 AM
              Supply chains and trustMaynard Handley2018/10/09 09:27 AM
    Supply chains and trustdmcq2018/10/04 10:31 AM
      Supply chains and trustGabriele Svelto2018/10/04 11:32 AM
        Supply chains and trustBrett2018/10/04 11:52 AM
          Supply chains and trustMaynard Handley2018/10/04 12:08 PM
            Supply chains and trustAdrian2018/10/04 12:36 PM
              Supply chains and trustMaynard Handley2018/10/04 12:51 PM
              Supply chains and trustRob Thorpe2018/10/04 01:09 PM
            Supply chains and trustDavid Hess2018/10/04 12:38 PM
            Supply chains and trustBrett2018/10/04 12:52 PM
          Supply chains and trustDoug S2018/10/04 01:33 PM
        Supply chains and trustDavid Hess2018/10/04 12:09 PM
      Supply chains and trustDavid Hess2018/10/04 12:03 PM
    Supply chains and trustDoug S2018/10/04 01:45 PM
      Supply chains and trustGabriele Svelto2018/10/05 01:53 AM
        Supply chains and trustdmcq2018/10/05 03:51 AM
          Supply chains and trustGabriele Svelto2018/10/05 04:34 AM
        Supply chains and trustDoug S2018/10/05 12:46 PM
          Supply chains and trustGabriele Svelto2018/10/06 02:59 PM
            Supply chains and trustDavid Hess2018/10/06 04:12 PM
    Supply chains and trustJ2018/10/04 10:24 PM
      Supply chains and trustAndrew Clough2018/10/05 06:38 AM
        Supply chains and trustDavid Hess2018/10/06 04:16 PM
        Supply chains and trustMaxwell2018/10/06 04:37 PM
    Hit job on Super Micro?Maxwell2018/10/04 10:46 PM
      Hit job on Super Micro?Brett2018/10/05 12:55 AM
        Hit job on Super Micro?David Hess2018/10/06 04:15 PM
  Supply chains and trustKevin G2018/10/04 01:47 PM
    Raptor Engineering's RaptorGabriele Svelto2018/10/05 04:42 AM
    Supply chains and trustGroo2018/10/06 06:49 AM
      Supply chains and trustDavid Kanter2018/10/06 09:04 AM
        Supply chains and trustGroo2018/10/06 03:42 PM
          Supply chains and trustDavid Kanter2018/10/06 03:46 PM
            SuperMicro boards are not made in USAAdrian2018/10/07 12:08 AM
              SuperMicro boards are not made in USAAdrian2018/10/07 12:28 AM
          Supply chains and trustjuanrga2018/10/07 07:12 AM
        Supply chains and trustDavid Hess2018/10/06 04:24 PM
      Supply chains and trustWes Felter2018/10/07 03:35 PM
  What did the BOM entry look like?Mark Roulo2018/10/04 02:21 PM
  Supply chains and trustMaynard Handley2018/10/04 04:01 PM
    Supply chains and trustdmcq2018/10/05 01:27 AM
      Here's what I think happenedDoug S2018/10/05 12:56 PM
        Here's what I think happenedBrett2018/10/05 04:17 PM
          FBI wants to be your first contactex-apple2018/10/05 04:41 PM
          Here's what I think happenedDoug S2018/10/05 10:59 PM
            Why call CIA?David Kanter2018/10/06 09:01 AM
              Why call CIA?Doug S2018/10/06 09:33 AM
                Why call CIA?David Kanter2018/10/06 03:43 PM
        Here's what I think happenedMaynard Handley2018/10/05 04:23 PM
          Here's what I think happeneddmcq2018/10/06 04:52 AM
    Supply chains and trustDavid Hess2018/10/06 04:34 PM
  Supply chains and trustGroo2018/10/06 07:01 AM
    Supply chains and trustetudiant2018/10/07 04:36 AM
Reply to this Topic
Name:
Email:
Topic:
Body: No Text
How do you spell purple?