Replies

Another independent analyst found more of them.

Source? One. BLOOMBERG again! . . . and, no, it's not the same, it's supposedly something hidden elsewhere, this time in the Ethernet connector on one server out of thousands! They can't even keep the story straight. Like Christine Blasey Ford, Bloomberg needs to get one theory and stick to it, instead of changing their story with each retelling. Other companies using the SAME SYSTEM FOUND NOTHING AMISS where this guy claimed to find "something" in the Ethernet connector!!!

Please tell us how the Ethernet connector on a STREAMING VIDEO SERVER is going to compromise critical data on the device's storage? The original article was bogus and this one is again citing someone who is talking about something he claims happened three years ago! WHERE ARE THE CRITICAL INCIDENT REPORTS? They don't exist!

As I said in other postings, there are far easier and cheaper ways, not to mention far less detectible, ways to accomplish this same result using the existing hardware than trying to add additional hardware that will be easy to find. To quote REAL EXPERTS THAT BLOOMBERG'S WRITERS QUOTED OUT OF CONTEXT, "THIS MAKES NO SENSE!"

We are still working with a single source news source who has a history of publishing FAKE NEWS, and again, no corroborating evidence! It's some nobody with an anecdote about an unnamed US telecom company, by someone who wants his fifteen minutes of fame, for which he has ZERO photos, zero hardware, and just his claims.

The Bloomberg story doesn't identify the telecommunications company "due to Appleboum's nondisclosure agreement with the client."[. . .]

Yossi told Bloomberg he's seen similar manipulations in other vendors' hardware made by contractors in China. He also told Bloomberg there are countless points in the supply chain in China where hacked hardware can be introduced.

His statement alone is a violation of a nondisclosure agreement. I've signed such nondisclosures and I am not even permitted to reveal WHAT I worked on, WHAT I found, I'm not permitted to say I even worked there. . . unless it is specifically allowed. This bozo names the brand of server. . . IMPERMISSIBLE AS ALL HELL! He says why he was called in, what he found and where???? Yet we're supposed to believe the ONLY thing in the NDA is the name of the company? If you believe that, I've got five trainloads of Christine Blasey Ford's Kavanaugh's Senate Testimony to sell you cheap. . . you'll believe anything!

One other thing I find extremely suspicious is his claim that an unnamed "major telecom company" would bring in a less than two-year old start-up company to "scan their servers" for something amiss. These major telecom businesses have top quality security people WORKING FOR THEM completely capable of doing that, in fact, capable of writing the code to do it and monitor the outgoing traffic! They aren't going to hire some start-up with a few employees and no real track record to have any access to their servers. Ain't gonna happen. No way!

Yossi's unqualified statement about "similar manipulations in other vendors' hardware" is a blatant generalized nonsense throwaway line from someone with an agenda. If he's seen this manipulated hardware, where are the critical incident reports he and his company have made on them? CRICKETS! I can't find them. They don't exist!

Look, BTerclinger, one of the so-called sources in the ORIGINAL Bloomberg article has already called them out for misquoting him and taking his theoretical explanations of how it could be done and mischaracterizing them as how it IS BEING DONE, and attributing it to him, when he actually told them their theory "Made no sense!"

This one doesn't either.

Oh ho. . . Bloomberg Businessnews is hyping Sepio Systems. . . and guess what Sepio System sells? Software to supposedly mitigate against malicious supply chain hardware insertion issues! And guess who works for Sepio Systems? Yossi Applebaum. . . who is the source of this current finding, and I bet their previous article. Guess when Sepio Systems was founded. . . 2016. . .

This is EXACTLY the same as news appearing announcing new malicious malware being discovered just as an anti-malware company is launching a new product. . . the great disappearing Macbot hoax from 2014 comes to mind when Dr.Web was announcing its first Mac Business Antivirus and claimed they found a 600,000 member Macbot. . . except not a single infected Mac was ever found in the wild, but their honeypot was reporting SSIDs of Macs that were not even sold yet, or in some instances had yet to even be manufactured, or others that did not have JAVA (a prerequisite for infection) installed on them. . . and the numbers reported as infected on the honeypot server kept shrinking over a three week period until they disappeared completely. . . meanwhile the media had a feeding frenzy. . . just as in this case. . . and people like you, BTerclinger were chortling about how Apple Macs were finally getting infected like Windows PCs. Except it was a hoax marketing ploy.

This was EXACTLY the type of FAKE NEWS Bloomberg has been found to print in the past, news that in some way benefitted a business the were hyping or trying to knock down!

Another independent analyst found more of them.

You obviously did not bother to read the articles involved if you think anyone has found any at all.

"I sent him a link to Mouser, a catalog where you can buy a 0.006 x 0.003 inch coupler. Turns out that’s the exact coupler in all the images in the story."

That's one of the points I was making. . . no legitimate photos of the malicious chip, no malicious chip exists.

You cite an article about "more of them" . . . but that's NOT what your linked article claims. . . it claims the self-identified and self-announced hero of the BLOOMBERG sourced announcement (again) found ONE (1) Supermicro server, out of what appears to be thousands at an unnamed "major telecom company" that had an "implant built into an Ethernet connector" that was doing something hinky. . . but didn't say what. . . and in fact. doesn't know.

Try reading for comprehension. That means more than the headlines.