Posted on 10/04/2018 8:46:18 AM PDT by Para-Ord.45
The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising Americas technology supply chain, according to extensive interviews with government and corporate sources.
There are two ways for spies to alter the guts of computer equipment. One, known as interdiction, consists of manipulating devices as theyre in transit from manufacturer to customer. This approach is favored by U.S. spy agencies, according to documents leaked by former National Security Agency contractor Edward Snowden. The other method involves seeding changes from the very beginning.
One country in particular has an advantage executing this kind of attack: China, which by some estimates makes 75 percent of the worlds mobile phones and 90 percent of its PCs.
(Excerpt) Read more at pjmedia.com ...
p
It would be a possibility. Would be a great way to test it with plausible deniability.
#17 Office 365 recently installed at my place of work, which is in dozens of countries. Makes it easy now for spies to get any info they want while sitting in their cubicle in say China or Russia. Microsoft had an outage a few weeks ago for Office 365 and many companies just had to wait for Microsoft to fix the problem. Would have been no problem if the company had a local mail server and not be dependent on a 3rd party.
The other half are spying on them!
That sucks. Reminds me of 4 decades ago when we had time-sharing terminals at work. I was in the Systems group and we were constantly screamed at when there was an outage and people were idle waiting to use the terminals. This was localized to our company with hundreds of users. I'm trying to imagine thousands if not millions of users complaining to Microsoft to fix connectivity!
P.S. there were a few times when I could have fixed the problem in 15 minutes, but my boss forced me not to, so the outage extended to a day or two. Politics, he was angling for a larger budget for hardware and software to "prevent" glitches. He always got his way. Made us workers under him look bad for not quickly fixing problems - sometimes it is politics and not incompetence.
whatever happened with the exploits that were so serious concerning intel products? There were 2 of them- can’t remember the name now, but they were suppsoed to slow the computer down below advertised speeds-
As you said, Apple controls ALL ASPECTS of the board design, the parts list, incoming inspection, assembly drawings and manufacturing. Nothing goes on any Apple product without absolutely being designed and qualified.
Other manufacturers buy reference designs based on a chip set. They are based upon the chipset and the cost. Other companies do not control, much less care about PCB designs or manufacturers issues. They want the assembly cheap, reliable and delivered on schedule.
Our Chinese toys are spying on us...
Supermicro's stock dropped 41% today.
Thanks.
(But you don’t weigh in on whether this could actually be done!)
I’ve worked in other “hi-tech” manufacturing and *everything* is audited in the product. Hard for me to believe an extra chip could be added to a board.
From the article:
...Liang added a comforting advantage: Supermicros motherboards would be engineered mostly in San Jose, close to the companys biggest clients, even if the products were manufactured overseas.
I found this chilling:
Amazons security team conducted its own investigation into AWSs Beijing facilities and found altered motherboards there as well, including more sophisticated designs than theyd previously encountered. In one case, the malicious chips were thin enough that theyd been embedded between the layers of fiberglass onto which the other components were attached, according to one person who saw pictures of the chips. That generation of chips was smaller than a sharpened pencil tip, the person says.How do you inspect for such tiny components?
its hard not to, very few fab house and pcb mfgers left here that are affordable. i do small prod runs here on-shore, mostly for timing and control.
For one, it was the original PCB designer that is responsible. They were in a position to:
1. Design in the component.
2. Write the functional test spec so that the test engineers would be able to read what test to apply and what voltages to expect on output.
Only the original designer could hide this. The PCB layout guy wouldn’t know the difference, and none of the manufacturing floor people would either.
As long as the board does what it is supposed to, nobody is going to review the designers work and say, “Hey, what’s this tiny little signal conditioner do?”
A signal conditioner, by the way, cleans up the signal, or applies math to it so that the signal does what you want (eliminates noise, etc.). A signal conditioner is different, I guess, from a filter (high pass, band pass, low pass).
Each board is just a collection of separate circuits. One test makes sure that two nets don’t accidentally become connected.
If something goes wrong on a net, then you start diving in and trying to figure out what happened and why it doesn’t work.
I tell you that whoever did this was good, because the had to make sure that whatever they put in there wouldn’t come up in an analysis of the specific circuit.
You’d go to back to the schematic, understand why the circuit works and what inputs and outputs are expected, and then drill down on the part, look at tolerances, rail voltages, ground pins, current level, etc.
This is so bad, at so many levels. Prior to this, the world just ‘black boxed’ this stuff. Give me a black box, I’ll plug in the inputs, and I expect outputs.
If it comes to communications and networking, that is now out for good.
It’s hard to do in scale operations, believe me.
Two words: Component backlog.
It is CRUSHING the industry right now. Lead times measured in double-digit months for almost everything.
Tantulum capacitors are back. Why? Because they are available.
So, you’re backlogged on just about everything else, but you’ve got plenty of signal conditioners?
And simple matters, because ultimately all of these parts interact. Why won’t this circuit go to 7V like it is supposed to? Why is the current a fraction of what it should be? How come I get an intermittent problem with this op amp?
Well, it might be because this little thing over here sits here doing nothing until somebody activates it, or until someone logs in.
To keep it hidden had to be hard.
Everyone is denying it this morning of course, but Bloomberg wouldn’t have run the story if they didn’t have the sources.
Their terminals are everywhere in Wall Street. Not stupid. Mendacious? Yup. Stupid, no.
im fully aware of the mlcc shortages,, that keeps me busy 2nd sourcing these days..
keeping it hidden isn’t that hard when a lot people are complicit in the process ..
oh well, happy circuits !!
The trick is minimizing the number of complicit people. Then you have to deal with the earnest, yet innocent, person that asks, “Hey, what’s this do? Why is this here?”
I recently read an article on included java script libraries, and the hidden garbage therein.
Thanks again for your input.
Blog post on this that seems like good info:
https://blog.senr.io/blog/impervious-implants-splintery-supply-chains
Start at “3. Internal-Peripheral Implants”
“I certainly want to believe that they did - so I think I will. “
Might as well. When it comes to “spy stuff” it’s best to just assume all public knowledge is false. Those that know bever tell.
Thanks.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.