Deutsch
English
Recently, the IT landscape was shuck at its core when Bloomberg Businessweek reported that mainboards from market leader Supermicro came with tiny spy chips no bigger than the size of a grain of rice. If this turned out to be true, most data centers would be at risk of data theft or computer sabotage. The main potential victims were said to be US cloud service providers with their gigantic databases. And while fierce debate rages on, there's also a political side. So who's deceiving whom?
But first things first: According to Bloomberg Businessweek, Apple and Amazon had already discovered spy chips on motherboards used in their cloud servers in 2015 and had also notified the FBI. Chinese hardware giant Supermicro had manufactured the boards and it was suspected the Chinese People's Liberation Army were behind the attack. Agents had supposedly gained access to manufacturing plants and bribed or threatened foremen before the minuscule chips were incorporated into the assembly process. Servers from Amazon and many other companies were affected while consumer PCs were not. Even though there were no technical details given, everything pointed to a remote access attack.
17 anonymous government sources were said to have conducted extensive investigations and companies reportedly already replaced the affected hardware. Bloomberg firmly believed this story to be true, yet were unwilling to name sources, since the matter was deemed too sensitive. What followed were dementis from all sides. Supermicro, Apple, Amazon, Elemental, whoever was named in the report objected vehemently. Amazon sent Steve Schmidt, chief of information security, into the fight and even the always secretive NSA issued a dementi. Everyone claimed they neither knew of the attack nor cooperated with Bloomberg on the story. Instead of careful maneuvering, we saw definitive statements with no room for doubt. Smells like a hoax - or a huge scandal everyone seeks to sweep under the rug, depending on your reading.
Who'd notice an additional chip? What lends it plausibility is that, for a long time, Apple had been a major customer of Supermicro until business relations c ame to an abrupt end in 2015 when Apple removed all Supermicro motherboards from their servers and severed all ties with the company. The move came as a surprise to the IT industry. For Bloomberg Businessweek, their reputation is on the line and a hoax would be a devastating blow, but it's the affected companies that have the most to lose as a lack of trust would likely result in billions of losses on the stock market or even a sales ban. Insiders believe the affected companies will keep denying the claims until denial is no longer possible, but it hasn't come to that yet. It's hard to predict how customers would react if they knew their cloud-hosted data was read by Chinese authorities. In any case, it would be a serious blow to the reputation of US cloud service providers as secure data havens. If there had been reasonable suspicion, users of Supermicro hardware (still a market leader) would have had to be notified to avoid putting data security at risk in general.
So who lied? At present, I wouldn't want to vouch for the dependability of US government sources. Since Trump came into office, there have been various reports of attacks from Russia or the Far East without substantial evidence presented. Whether it was Kaspersky, who were suspected of industrial espionage, ZTE, whose devices were subjected to an import ban for the same reason, or Huawei, not a single accusation was substantiated with evidence. Many experts consider these actions part of an overall strategy to hamper competition and force foreign trading partners into offering more favorable conditions for US companies. So it's possible Supermicro is the next victim of an unfair trade war.
Supply chains can be long - and insecure
Whatever the outcome may be, the whole affair h as triggered a thought process in many decision makers. Theoretically, it's possible to launch an extensive spy campaign based on hidden microchips. Manufacturing processes and supply chains simply aren't monitored enough to detect an additional tiny chip slipped into the muddle of capacitors, slots and ports. It would be visually undetectable and there's an ongoing debate whether it could ever be found by analyzing data traffic later.
So should we continue to use hardware from a country that, to put it mildly, isn't exactly a close ally and could very well pursue its own interests? What do you think? Genuine story or hoax?
We've been content to pay high prices for products Made in China for several decades. The high price was due to the greedy US corporations paying the Chinese workforce low wages and no benefits. Made in China: Seagate external drive, Logitech speakers, mouse, Acer monitor, Canon printer and coffee mug. China has become a economic power today with a large middle-class.
If any of the US puppet states' population saw first hand what they can buy in China for $100.00 there would be a revolution. Those $1000.00 cell phones sold here aren't worth anything in China. Their $10.00 mobile device sold in China domestically make ours look old skewl. I no longer believe anything the US media has to say. It's for entertainment purposes aimed at the poorly educated. Now who is the slave?
Hi Sven,
I have been reading here that many people don't trust the 'Cloud' but to get to this site they are connected to the Internet with a server of their choice and pay a regular fee.
A server provides a service, in this case a large bank of computers in many parts of the world ........ the 'Cloud' is a large bank of computers in many parts of the world.
Let them be made aware that the utilities and infrastructure companies' which supply all the necessities for modern living keep each users' information in the 'Cloud' ..... not in a manilla folder in a filing cabinet in an office ! !
Thanks Sven
For helping confirm what most suspect.
Thanks joanofarc06 for confirming that what I do which is what you do is better and not backward thinking.
I am happier that I am in control.
I would also like to share that, since I had a lot of difficulty with my pc processor running slow, I decided to not keep my PC's connected 24/7 and only connect them to the net half hour per day or less, for updates in 3 years, I have not been plagued with processor problems.
Thanks
VVG
Here are some more startling facts from AOL search using
key word "spy chip"
1. Dr, Catherine alberecht web site : spy chips
She claimed that RFID chips have long been used by
govt and businesses to track users for whatever purposes.
Guess which country invented RFID? No prize given.
2. csoonline.com said Nasa implanted CISCO equipment
with survellience program and backdoor.
3, I also tried to go to the Alibaba domestic website.
Even if I know Chinese, it is difficult to navigate if when I am
not a user. It is divivded into sections for mortals like u
and me, portal for small buyers, and portal for bulk
bus.
Using AOL image, only one chip was shown clearly as
Broadcom BCM4317. The rest shown (from Bloomberg?) are
only picture of motherboard with any chip sign or details.
The alibaba website for chips is https://ec.1688.com/dz.html?spm=a260g.10381182.j50e5xny.d83.71652ddbGYbExc
That chip BCM4317 , sorry I could not fine them perhaps
in the CtoC section for reg. users only. But even in the
small buyers section there are hundreds of chips for anyone
to buy from a few Yuan to a few hundred.
My last question to Bloomberg is, why not come out with
a sequel , called out some experts and identify the chips.
And answer my doubt if China is so good, why did ZTE
and even Alibaba' cloud severs and so many other internet
companies in China are still using US chips? Why didnt they
use their own chips?
I like the comment of Mr Grumpy.
In addition we must not forget the fact that the best (big) super computer in the world is in China and also there are proofs of Quantic Computer advanced research there-who will be capable to pass any form of encryption known! So,I think they will not bother with a hardware hacking method instead of an invisible one.IMHO it's a market strategy!
All the best!
According to one HK chinese web site (ifeng.com),
one Chinese net citizen has identified the so called
spy chip (since it is used in so many Apple, Amazon
etc devices it should be easy to identify them,
espeicaly to the tech savy ) that so call spy chip
is sold openly in Alibaba's taobao (and probably
T-mail their interntional platform too), for only
US5 a piece (probablybulk price, I did not check
out Taobao, sorry).
So any one want to spy on US or any got. buy that
chip!
To me, this sounds like USA" china phobia. They do not
want to lose being No.1. and come out with all kinds
of fanatastic theories and obstacles.
I am neither on US or China's side. But the history of
Civilisation told us nothing is forever. What seems might
in one era will be gone in the next ear. So is right and wrong Unlike US, China has gone through five thousands years of
multiple dynasties. It has been invaded by Mongul, Ching
etc and each dynasty lasted only 500 years or less.
That civilisation is the only one still striving when Rome,
Egypt, etc have come and come. There must be something
about it.
History will tell.
We may rue the day that we went digital for a whole range of reasons not least the possibility of 'others' messing with our computer 'stuff' without our knowledge.
There is no telling by the average Joe/Jane what clandestine operatives can do with all the digital technology that surrounds our daily lives in these early years of the 21st century.
Even as a domestic customer I am almost entirely dependant on the internet and therefore at the mercy of it being available at my home address as after all it is very convenient to just sit at the keyboard and do things like banking and paying bills and have the occasional on-line shopping spree, etc., etc.
This became very evident to me recently as my ISP supplied modem/router failed and it took nearly 10 days for a replacement to arrive at my home.
That meant in the mean time no home phone, no email on PC, no wifi, no Ethernet internet connection and no TV streaming service. Suddenly I was thrown back into an analogue world to do simple things like paying accounts on time but even that was frustrated as many accounts now only come via email. Ugh.
Yes, the digital revolution seemed innocent enough when it started - was it in the 80's? - but it is too late to turn back now unless one commits to going fully off the grid and live in a subsistence style in some out of the way place.
Considering the development of military island bases outside of the Chinese national waters by the Chinese nothing would surprise me. The need for military information dominance would be great.
I agree about the cloud, why would someone trust keeping information in a cloud. I have used Dropbox to transfer files from my computer to phone or tablet and visa versa, but nothing information sensitive. I use direct contact for that if it is something I need to transfer. I don't like having my files, etc out of my physical control. As for using hardware from a country that isn't a close ally, I am not sure I would even trust hardware from a trusted ally that much more. I can only hope that the chips is a hoax and continue to stay away from cloud networks.
@ Bernie Diesen,
Indeed, but it's not only back doors that are a problem. With the rise of Big Data, pretty much all new devices claim to be 'smart', but all that means is that they collect and send undisclosed data to undisclosed data centre(s) to be shared with / sold to undisclosed third parties that will do the same.
@joanofark06, I get want you mean, and with NAS, anyone can have their own private 'cloud'. In a way , cloud storage services are just another way to get people dependent on yet another subscription service they may not need. However, It's inconvenient to carry a 4Tb drive around with you in case you need to get a file on the go.
I have had many USB flash drives fail, so I find it hard to trust them with critical files. Not only that, those nasty viruses can be transferred between devices and computers. I do use a free cloud service for work files, just so I can print them, or share some example solutions with students. It would take a while to pass a flash drive around the class.
Cloud services do have uses, but I wouldn't use one for everything.
Thank you Sven,
Very interesting, and how is your ankle, much better I trust.
The subject can easily be clarified by spies versus spies, and when researching in-depth it doesn't make any difference to our current way of living, Que Sera, whatever will be will be.
The 'Cloud', what is fearful about the 'Cloud', a bank of servers with almost everyone's private and personal information therein.
Governments, Law enforcement agencies/Police, Military, Banks, Medical information, Births, Marriages, Deaths, CCTV, Facial Recognition, and to top it off.....any place where a person's name and address is presented and kept.
If it wasn't for the 'Cloud', there would never be enough individual computers built annually to hold the information which is in the 'Cloud'.
Accepting or being fearful of the 'Cloud' is irrelevant, it is what it is, modern technology in our modern world, just as my great-grandmother refused to have electricity in her home, she was sure it was used by the 'Enemy' to listen to conversations.
Spies are inserted in many things, my friend has a 'spy' in his chest next to his heart and doctors, anywhere in the world can log in to the 'Cloud' and monitor how well his recent treatment is functioning.
The 'spy' in the sky is able to read the price of a stamp on a letter being posted ....... Que Sera ... Ad Infinitum ......
Thanks, my ankle's fine again. You're right, the cloud storage goes far beyond our vacation photos and nobody knows how secure it is. By the way, my grandparents never had electricity because they considered it witchcraft and a health hazard. :)
The cloud? Ha, I don't why anyone would trust their data, to something like that! Their are external drives, that you can buy, that can keep TB's (Terabytes) of your info. If you need more room than that...
I, myself, have a 4 Terabyte drive, and after a few years, have filled it up, with music, documents, websites, pictures, etc.
So I bought another one, for another that will last me for years. No cloud for me!
Also, USB's or "thumb drives" are very small, and are sold most everywhere, but mostly box stores, such as Walmart, Target, etc. They hold from the very least amount of a few Megabytes, to like 128 MB, or more.
Why trust someone else to hold your data, when you can hold it all yourself? I don't get the "cloud".....I must be missing something great about it.
What are the chances that countries who have the capability to snoop are spying on others? I would think it is quite high, and why not? We need to know what they are doing, and they need to know what we're up to too, especially since the nosiest countries in the world (USA + Israel) have been busy spying on each other and everyone else for years! I have no proof of this, but if you could provide me the proof that this is not the case, I would be shocked!
Then there is the issue of what is state-sponsored and what is independent rogue hackers doing their best to infiltrate and sabotage. It's a jungle out there and no one is following any rules. Dog eat dog. And when the USA gets hacked, and they vehemently claim it was Russian or Chinese government operatives, who's to say that's true? Nothing substantiated so far. It's just accusations and smear campaigns, and they are good at that.
I remember about 10 or so years ago, Seagate hard drives were shipped world wide with firmware that put a back door into any computer with their hard drive installed. So this is possible and very hard to detect. It was said that our intelligence agency (CIA/FBI) was behind it.
Oh dear, China bashing again. Not you, Sven, the organisations you wrote about. With the fairly recent INTEL / AMD chip fiasco, I wonder how much of that potential exploit was intentional.
Well, what's all the fuss all about anyway when many of those cloud users log into Google, Facebook, Twitter, Microsoft and other spy & stalk technology providers.
Amazon must have quite a large shadow profile per user that the users may not be aware of. Talk about the pot calling the kettle black.
I suppose there are photos of the said boards and chips as tentative proof somewhere.
Anyway, there weren't chips, they were UFOs that had crash-landed on the boards, but the miniature aliens had already escaped before they were discovered.
Who actually found these near undetectable chips anyway? Did some tech guy do some maintenance and notice one?
I also dislike China bashing and I always try to explain why, for example, surveillance is accepted by larger groups. To my knowledge, there's no evidence, as is the case with Huawei and others...
Who knows-BUT knowing their methods- really possible - so assume the worst-and you will never be caught out.
Basic security considerations would indicate that bringing manufacturing back to the home country would be the best course of action especially for Government computers.
I would not be surprised to learn of a backdoor into computers being created at the motherboard level. Such a weak point would be almost impossible to detect at it would be enabled before any software would be active on the system. Years ago I had an Amiga computer one of the things I liked about it was that a portion of the O/S was on a programmable chip that would be very hard to change remotely. I believe a similar technology could be used to day as most O/S updates are incremental anyway providing new curtains for the "windows" without fixing the frame.
Genuine or hoax .. doesn't make any difference I wouldn't believe any of them and don't have investments in them.
Never assume they wouldn't if they could.
Genuine story or hoax time will tell. For the time being, to be aware of the pros and cons is way far better than being in the shade.
It doesn't really matter if the Chinese government had spy chips planted in hardware sold in the West, or not. What matters is that the Chinese government does whatever it sees as being in the best interests of their country and the Communist Party. They may not be overt enemies, but they certainly aren't allies. Why give hostages to fortune by buying technology from them that they could, potentially, use to spy on us?