By: Brett (ggtgp.delete@this.yahoo.com), October 5, 2018 4:17 pm
Room: Moderated Discussions
Doug S (foo.delete@this.bar.bar) on October 5, 2018 12:56 pm wrote:
> dmcq (dmcq.delete@this.fano.co.uk) on October 5, 2018 1:27 am wrote:
> > Maynard Handley (name99.delete@this.name99.org) on October 4, 2018 4:01 pm wrote:
> > > David Kanter (dkanter.delete@this.realworldtech.com) on October 4, 2018 8:23 am wrote:
> > > > Bloomberg released a fantastic report on Chinese intelligence inserting malicious
> > > > HW into supply chains for servers: https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies?srnd=premium
> > > >
> > > > It sure gives a different angle to the move to a hardware root-of-trust by the industry. In reality though,
> > > > I'm not sure if HW RoT is sufficient. You can always sniff capacitance across an exposed wire!
> > > >
> > > > David
> > >
> > > Apple just ratcheted up the level of denial:
> > > https://www.apple.com/newsroom/2018/10/what-businessweek-got-wrong-about-apple/
> > >
> > > Among other things:
> > > "Finally, in response to questions we have received from other news organizations since Businessweek
> > > published its story, we are not under any kind of gag order or other confidentiality obligations"
> >
> > Of course the would say that ;-) Anything they do now will just feed a feeding frenzy.
>
>
> The article says the information was very closely held within Apple, and the same is surely true of Amazon.
> I'll bet once this was discovered, the engineers involved go to their manager, who says we need to take this
> to the government. The FBI asks them not to discuss it with anyone else on national security grounds.
>
> Either the FBI talks to Bloomberg (either deliberately or via a leak) or the people at Apple/Amazon
> who know become concerned not getting any feedback from the FBI and worry other companies may be attacked
> and not know to defend themselves so they go to the press. Either way, when spokespeople at Apple/Amazon
> are contacted, they email various executives "hey do you know anything about this" and they contact
> some others but the people who know about it and didn't tell others within the company aren't contacted.
> Thus the company issues denials, because as far as anyone is aware the story is false.
>
> Meanwhile the guys who know about this read the story, then see their company making official denials. If they
> talk to someone "hey I was involved in this, it is true" then they might get in trouble. For making the company
> look bad issuing a denial they'd have to retract, for perhaps not following proper procedures when the FBI
> was contacted, for potentially whistleblowing to the press. They aren't likely to be rewarded for any of these
> things, and could possibly get fired (if they would leak this to the press, maybe they would leak other stuff,
> better get rid of them just in case) So there's an incentive for them to remain silent now.
FBI is a red herring to make denials easier, the CIA would have been contacted.
The parts came from China not the US.
> dmcq (dmcq.delete@this.fano.co.uk) on October 5, 2018 1:27 am wrote:
> > Maynard Handley (name99.delete@this.name99.org) on October 4, 2018 4:01 pm wrote:
> > > David Kanter (dkanter.delete@this.realworldtech.com) on October 4, 2018 8:23 am wrote:
> > > > Bloomberg released a fantastic report on Chinese intelligence inserting malicious
> > > > HW into supply chains for servers: https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies?srnd=premium
> > > >
> > > > It sure gives a different angle to the move to a hardware root-of-trust by the industry. In reality though,
> > > > I'm not sure if HW RoT is sufficient. You can always sniff capacitance across an exposed wire!
> > > >
> > > > David
> > >
> > > Apple just ratcheted up the level of denial:
> > > https://www.apple.com/newsroom/2018/10/what-businessweek-got-wrong-about-apple/
> > >
> > > Among other things:
> > > "Finally, in response to questions we have received from other news organizations since Businessweek
> > > published its story, we are not under any kind of gag order or other confidentiality obligations"
> >
> > Of course the would say that ;-) Anything they do now will just feed a feeding frenzy.
>
>
> The article says the information was very closely held within Apple, and the same is surely true of Amazon.
> I'll bet once this was discovered, the engineers involved go to their manager, who says we need to take this
> to the government. The FBI asks them not to discuss it with anyone else on national security grounds.
>
> Either the FBI talks to Bloomberg (either deliberately or via a leak) or the people at Apple/Amazon
> who know become concerned not getting any feedback from the FBI and worry other companies may be attacked
> and not know to defend themselves so they go to the press. Either way, when spokespeople at Apple/Amazon
> are contacted, they email various executives "hey do you know anything about this" and they contact
> some others but the people who know about it and didn't tell others within the company aren't contacted.
> Thus the company issues denials, because as far as anyone is aware the story is false.
>
> Meanwhile the guys who know about this read the story, then see their company making official denials. If they
> talk to someone "hey I was involved in this, it is true" then they might get in trouble. For making the company
> look bad issuing a denial they'd have to retract, for perhaps not following proper procedures when the FBI
> was contacted, for potentially whistleblowing to the press. They aren't likely to be rewarded for any of these
> things, and could possibly get fired (if they would leak this to the press, maybe they would leak other stuff,
> better get rid of them just in case) So there's an incentive for them to remain silent now.
FBI is a red herring to make denials easier, the CIA would have been contacted.
The parts came from China not the US.
| Topic | Posted By | Date |
|---|---|---|
| Supply chains and trust | David Kanter | 2018/10/04 08:23 AM |
| Supply chains and trust | Maynard Handley | 2018/10/04 09:57 AM |
| Supply chains and trust | Maynard Handley | 2018/10/04 10:01 AM |
| Supply chains and trust | wumpus | 2018/10/04 04:35 PM |
| Supply chains and trust | Robert Williams | 2018/10/08 06:30 PM |
| Supply chains and trust | Maynard Handley | 2018/10/08 07:21 PM |
| Supply chains and trust | Robert Williams | 2018/10/09 09:03 AM |
| Supply chains and trust | Robert Williams | 2018/10/09 09:08 AM |
| Supply chains and trust | Maynard Handley | 2018/10/09 09:27 AM |
| Supply chains and trust | dmcq | 2018/10/04 10:31 AM |
| Supply chains and trust | Gabriele Svelto | 2018/10/04 11:32 AM |
| Supply chains and trust | Brett | 2018/10/04 11:52 AM |
| Supply chains and trust | Maynard Handley | 2018/10/04 12:08 PM |
| Supply chains and trust | Adrian | 2018/10/04 12:36 PM |
| Supply chains and trust | Maynard Handley | 2018/10/04 12:51 PM |
| Supply chains and trust | Rob Thorpe | 2018/10/04 01:09 PM |
| Supply chains and trust | David Hess | 2018/10/04 12:38 PM |
| Supply chains and trust | Brett | 2018/10/04 12:52 PM |
| Supply chains and trust | Doug S | 2018/10/04 01:33 PM |
| Supply chains and trust | David Hess | 2018/10/04 12:09 PM |
| Supply chains and trust | David Hess | 2018/10/04 12:03 PM |
| Supply chains and trust | Doug S | 2018/10/04 01:45 PM |
| Supply chains and trust | Gabriele Svelto | 2018/10/05 01:53 AM |
| Supply chains and trust | dmcq | 2018/10/05 03:51 AM |
| Supply chains and trust | Gabriele Svelto | 2018/10/05 04:34 AM |
| Supply chains and trust | Doug S | 2018/10/05 12:46 PM |
| Supply chains and trust | Gabriele Svelto | 2018/10/06 02:59 PM |
| Supply chains and trust | David Hess | 2018/10/06 04:12 PM |
| Supply chains and trust | J | 2018/10/04 10:24 PM |
| Supply chains and trust | Andrew Clough | 2018/10/05 06:38 AM |
| Supply chains and trust | David Hess | 2018/10/06 04:16 PM |
| Supply chains and trust | Maxwell | 2018/10/06 04:37 PM |
| Hit job on Super Micro? | Maxwell | 2018/10/04 10:46 PM |
| Hit job on Super Micro? | Brett | 2018/10/05 12:55 AM |
| Hit job on Super Micro? | David Hess | 2018/10/06 04:15 PM |
| Supply chains and trust | Kevin G | 2018/10/04 01:47 PM |
| Raptor Engineering's Raptor | Gabriele Svelto | 2018/10/05 04:42 AM |
| Supply chains and trust | Groo | 2018/10/06 06:49 AM |
| Supply chains and trust | David Kanter | 2018/10/06 09:04 AM |
| Supply chains and trust | Groo | 2018/10/06 03:42 PM |
| Supply chains and trust | David Kanter | 2018/10/06 03:46 PM |
| SuperMicro boards are not made in USA | Adrian | 2018/10/07 12:08 AM |
| SuperMicro boards are not made in USA | Adrian | 2018/10/07 12:28 AM |
| Supply chains and trust | juanrga | 2018/10/07 07:12 AM |
| Supply chains and trust | David Hess | 2018/10/06 04:24 PM |
| Supply chains and trust | Wes Felter | 2018/10/07 03:35 PM |
| What did the BOM entry look like? | Mark Roulo | 2018/10/04 02:21 PM |
| Supply chains and trust | Maynard Handley | 2018/10/04 04:01 PM |
| Supply chains and trust | dmcq | 2018/10/05 01:27 AM |
| Here's what I think happened | Doug S | 2018/10/05 12:56 PM |
| Here's what I think happened | Brett | 2018/10/05 04:17 PM |
| FBI wants to be your first contact | ex-apple | 2018/10/05 04:41 PM |
| Here's what I think happened | Doug S | 2018/10/05 10:59 PM |
| Why call CIA? | David Kanter | 2018/10/06 09:01 AM |
| Why call CIA? | Doug S | 2018/10/06 09:33 AM |
| Why call CIA? | David Kanter | 2018/10/06 03:43 PM |
| Here's what I think happened | Maynard Handley | 2018/10/05 04:23 PM |
| Here's what I think happened | dmcq | 2018/10/06 04:52 AM |
| Supply chains and trust | David Hess | 2018/10/06 04:34 PM |
| Supply chains and trust | Groo | 2018/10/06 07:01 AM |
| Supply chains and trust | etudiant | 2018/10/07 04:36 AM |