Posted on 10/11/2018 10:31:31 AM PDT by fishtank
China engineers an ingenious hack of two of America's biggest tech companies.
Or more of a frienemy “co-hack” insider-blessed job?
Time will tell.
You are having a brain fart. So you think Amazon and Google are the same company? I don't think so. Your reply constantly mentions Google and Apple as these 2 "fine" organizations. Look at the title "China's Insane Super Hack Infiltrated Apple, Amazon". Are you so brain dead that you confuse Amazon with Google? Get a grip man, and read the fine print - or the bold title. Sheesh!
As for it being debunked, Swordmaker has responded repeatedly in multiple threads as to this being fake news, with no substantiation whatsoever. You, sir, are naive as hell.
No I know they are not the same company, and you are stuck on your perspective that there is nothing to see here
Apple is in bed with the Chinese
The word is their servers have been compromised and others (including Google) use them
Facebook is finding out as have others like Google that their “top flight” security schemes have been compromised to the tune of 10’s of millions of users info compromised
There are common elements like the servers and other components that have been compromised, and I we hear from you is like a pig squealing no but you hang on the headline and refuse to even consider that there is an issue
So you seem like a one trick pony defending apple which led to my comment, you are so defensive of them which is typical of someone involved in some way, maybe an employee
Sorry I could not do this for you in crayons, but let’s see if this is more consumable and if your response is more informed versus ranting
Anything is possible
BTW is your fur Blue?
No, it isn't. There is only ONE SOURCE, Rina. . . BLOOMBERG which is NOT a tech source.
One does not MODIFY the design of a motherboard, to put a spurious surreptitious additional IC chip on the board, that will be examined by the American based designer using COMPUTERIZED QUALITY CONTROL protocols thinking it will get by them. Sticking another IC on the MB requires RE-ENGINEERING the motherboard from the ground up, especially a motherboard that may have up to eight lamina of circuit layers that have to be rerouted to adjust for the new IC. It would stick out like a RED FLAG saying HERE I AM, LOOK AT ME, FIND ME!
Bloomberg provided photographs of a grain of rice sized IC on the tip of a finger. . . but it was not what they claimed. It was a generic computer component. They did NOT provide any photos of their claimed IC in situ on any of the server boards.
Bloomberg's claims do not comport with history of the three major companies involved during the time frame and their interactions. They claimed that Amazon and Apple discovered these modified motherboards in the summer of 2015 and then Apple cancelled an order for 30,000 servers from a company that used Supermicro motherboards. . . and severed all relationship with the company. Amazon supposedly did similar. However that does NOT comport with the facts. Here are the actual facts.
Apple did eventually sever relationship with the company that was to provide the servers. . . but that was in the summer of 2016 due to their lack of ability to supply sufficient servers for Apple's needs, after buying over 2,500 servers for the iTunes Movie/Video servers before the supply dwindled and Apple had to look elsewhere. The reason that company could NOT meet Apple's server orders was because in the autumn of 2015 AMAZON bought the company which continued to use Supermicro motherboards, and still does to this day under Amazon's ownership to provide servers for Amazon Web Services and Amazon Prime Streaming Video/Movies Service.
These are NOT the actions of major corporations who have discovered surreptitious hacks on the products they are going to be using in mission critical functions.
Amazon, Apple, and San Jose based Super Micro Systems (Supermicro) have all issued official statements that no such surreptitious modifications have been found on Supermicro motherboards. They've been joined in those official statements by the UK's GCHQ (the UK's equivalent of the CIA & NSA) and the US's NSA, as well as the FBI in saying that they have NOT found or even heard of anything like this. Then, in addition, some of the tech people Bloomberg were using as sources and whom they did cite by name, have come out to say they were quoted OUT OF CONTEXT when they were talking about hypothetical possibilities. . . and that at least TWO of them stated categorically they told the reporters their theories they were trying to get background data on "made no sense" as there were far easier and much less obvious ways of doing what they were claiming this stupid chip on the motherboard would accomplish using the ALREADY existing hardware.
Is it a GOOD thing that an US manufacturer is going to make server grade motherboards here? You bet. . . but it is NOT due to this bogus claim.
It's not a matter of it being plausible. It's a matter of how easy it is to find. . . and how difficult it is hide a surreptitious chip on a motherboard that undergoes a computerized quality control to an American maker.
The other reason is if you want to do what Bloomberg is claiming there are so many other more clandestine, cheaper, and simpler ways to accomplish the very same things with OUT making it so damn obvious that it is glaringly obvious that someone is GUARANTEED to find it.
Again, we have only a report from BLOOMBERG, a non-tech source using anonymous sources. . . which is all they use for these reports. They've been caught before citing anonymous sources for FAKE NEWS in tech. MULTIPLE TIMES.
This time they are been fed information from a company, Sepio Systems, a recent startup, whose entire business is selling software to mitigate against the installation of surreptitious chips on standard reference motherboards and other hardware. Sepio's co-CEO, Yossi Appleboum, is the fellow who has been advising Bloomberg's non-tech writers on these articles including the one on the Ethernet connector discovery, which he claims he found when he was "called in by a major telecom company" which he says he cannot name due to "it would violate his non-disclosure agreement", yet he proceeds to reveal everything else about why he was called in, what he found, where he found it, that it was on a Supermicro server motherboard, etc. just won't say WHICH "major telecom" company need the services of his startup security scanning to find that ONE SINGLE SERVER out of their thousands that had a mis-behaving Ethernet connector. (Other NAMED major telecoms that use Supermicro servers have AGAIN made official statements they have NOT found anything amiss with their servers, the ethernet connectors, or anything to cause them to think there was a problem, denying Bloomberg's claims, once again.)
And only one? Give me a break. If China were going to do this, they'd do it wholesale, to thousands of Ethernet connectors, not just one. How would they know their malicious spy Ethernet connector would wind up in a critical usage location to provide them with anything useful. Appleboum stated this one was in a streaming video server. Not much useful going through that connector. So they'd use a scatter gun approach, putting them in ALL motherboards, not just a one-off. I think if he found anything, it was just an aberrant malfunction. Only one out of thousands doesn't make sense. Logic says it's another Bloomberg FAKE NEWS FEAR article.
Frankly, that smells.
If you go back to the beginning of the discussion of this thread, it is about a supposed hack of server motherboards for Apple and Amazon. However, there is absolutely no proof whatsoever that it happened. Just pure conjecture and accusations, which were strongly denied and denounced by Apple and Amazon. Just like that Dr. Ford b*tch threw out accusations against Judge Kavanaugh without a scintilla of proof, mobs are quick to grab hold of the accusations and deem the accuser as "credible". That is the situation here, there is no credibility behind this YouTube rant. No proof, no chips shown, no information other than vague hints of anonymous sources. Both Apple and Amazon have strenuously denied the accusations.
Apple went so far as to testify to Congress that the Bloomberg report is a fabrication. The company would not do that, because it would damage the company and its leaders to lie to Congress. Google news articles on this subject, and you will find there is no backing whatsoever for the Bloomberg report or the accusations. The National Cyber Security Centre (NCSC) said it had "no reason to doubt" Apple and Amazon's assessments. This Bloomberg story is a hoax. So how do you feel about your support of Dr. Ford now? Antifa much?
I'm not going to tell you it's not possible. I'm going to tell you it's stupid. Why go to the trouble of redesigning an already designed motherboard from scratch to adman easily found, unnecessary, easily discovered on Quality Control IC chip, when the same function can be buried inside an existing IC, or just written to firmware or other code that doesn't invoke until a specific signal s received. Any IC chip that has access to the bus can have additional circuitry added in its multilevel that could only be found by shaving down through the layers and scanning with an electron microscope and reverse engineering its purpose. It could be stuffed in a memory stick. . . and for all purposes, no one would be the wiser. Perhaps monitoring might notice unusual energy usage, unusual traffic, etc. . . but you'd need to be monitoring.
So, while possible, why do it?
Infiltrated or invited in?
Infiltrated or invited in?
But, Laz, Appleboum found ONLY ONE out of supposedly thousands of scanned servers, according to his own account. That makes zero sense. There is no assurance that any one compromised Supermicro motherboard is going to wind up in a critical location to be able to glean and then transmit useful intelligence. This makes ZERO sense as an intelligence exploit.
I suggested monitoring power consumption as a way of monitoring for such things. . . but you also have to look at the source. Appleboum's company, a startup, is being pushed by Bloomberg, which is known for publishing FAKE NEWS about other companies and stocks they are interested in manipulating. The sole named source for ALL of this is Sepio and Appleboum with the rest being anonymous and all others are denying it ever happened.
IS it theoretically possible? Yes, of course. . . but even the expert source techs that Bloomberg used in the articles are crying FOUL saying they were misquoted with the articles citing them out-of-context as stating it WAS being done when they were talking hypotheticals. . . and NOT quoting them when they told the authors that doing what was being described "just doesn't make any sense" because there were easier, cheaper, and far less obvious ways to do it using the existing hardware on the boards.
The concept has always been sound. . . It's a method the CIA has used since, well since computers were invented. Sharyl Attkisson's home iMac computer was hacked by someone breaking into her house and placing surreptitious chips both on the logic board and in the keyboard. The keyboard chips were key loggers, separate from the one's on the logic board and transmitted to a radio receiver attached to an optical line the bad guys had actually installed into her house. The chips added to the logic board also transmitted to the same optical line. They nicely allowed her internet connection to go through the optical cable as well, improving her connectivity. . . but that was for their benefit. . . but adding malicious chips is not new.
They were as obvious as hell when forensic IT specialists examined her computer.
The Obama administration intercepted Angala Merkel's brand new iPhone in transit from Apple to her front door and inserted an extra IC that would transmit everything she said, emailed, and texted on that iPhone to the CIA, because they couldn't crack the iPhone's operating system to do it for them. . . so they had to do it via extra hardware. Again, when it was opened up, the kludge was obvious.
The same in these cases. . . a metal case for the Ethernet connector when untouched ones are plastic? Obvious. EZ to exclude compromised boards. Is that what a professional intelligence agency would do? No. They'd cover the cooling metal with plastic. . . but even then, it would be found.
The REAL history is quite different from Bloomberg's fantasy Tall Tale. . . and it does NOT support their claims at all. The history, the facts, proves their claims as false. The facts are like Kavanaugh's calendar. The fly in the face of Bloomberg's writer's assertions and disprove their claims.
Both Amazon and Apple were buying their servers from Elemental Systems, an American company that built rack mounted servers using Supermicro motherboards, also an American company headquartered and designed in San Jose, CA, which were built in China by a subcontractor, but which went under stringent quality control checks by Supermicro.
According to the Bloomberg tall tale, both Apple and Amazon found the compromised motherboards in Summer of 2015 and cancelled their orders. However that is NOT what actually happened. The truth is that Amazon BOUGHT the entire Elemental Company, lock, stock, and Supermicro contract barrel, in the Autumn of 2015 to assure their continued supply of rack mount servers. . . and Elemental continued to supply their now corporate owner company, Amazon, and sister companies Amazon Web Services (AWS), and Amazon Prime Video/Movie Service, with Rack Mount servers and slowly started cutting off their other contracted customers as the demand from Amazon grew.
Apple did NOT sever relationship with Elemental and Supermicro when the supposedly found compromised motherboards in Summer 2015, but waited until the Summer of 2016 when their supplies could not meet Apple's requirements and Apple had to look elsewhere for rack mount servers. By then Apple had bought and installed approximately 2,500 Elemental Servers POST summer of 2015 with Supermicro motherboards. . . so never did complete their intended 30,000 order due to Elemental dedicating its production to Amazon's needs.
Not a single one of these companies filed the LEGALLY REQUIRED security alert they routinely report on every other exploit, vulnerability, flaw, etc., they find. None, Zip, nada, so that others would avoid being compromised by this invasion of security.
Instead, Amazon bought the Elemental Systems, the company that supposedly was going to sell them the compromised spy hardware. . . the company that then continued to buy the supposed compromised component hardware from Supermicro, the wholesale company who provided compromised hardware. Apple went ahead and continued to buy the supposedly compromised servers after supposedly finding the spy chip on the motherboard.
These are the facts, not speculation, not rumor. Apple made an official statement to it's facts, as did Amazon, joined by the CEO of Amazon Web Services. All three state categorically they have NOT found anything untoward on the servers containing Supermicro motherboards. Supermicro, who's stock has taken an almost 80% hit and is now trading as a penny stock after being delisted from NASDAQ due to Bloomberg's unrelenting hit pieces, has officially stated they do extreme quality assurance checks on their products that come from their manufacturers in China and have found NOTHING added and no modifications. . . and no one has come forward from ANY CUSTOMERS of Supermicro to show a compromised board. NONE, ZIP, NADA. All we have are anonymous sources published in Bloomberg.
These are NOT the actions of companies which found the products they intended to be using were compromised with spy hardware.
Until you show me REAL EVIDENCE, it's FAKE NEWS from a serial FAKE NEWS Publisher. . . spreading FUD, Fear, Uncertainty, and Doubt.
Apple makes no servers. This shows the level of your ignorance. . .
The server motherboards being discussed here were made by Supermicro, another American company based in San Jose, California, that was supplying its motherboards to another American company, Elemental Systems, that was making the rack mount servers that were going to be sold to both Apple and Amazon, however, as the Bloomberg fake news article claims, BOTH Apple and Amazon discovered the surreptitiously added component on the motherboards in the Elemental Servers in the Summer of 2015 BEFORE they ever deployed even a single server. So, 100American, neither Amazon or Apple, according to Bloomberg, the ONLY SOURCE FOR THIS STORY, neither company was ever compromised because they never installed a single compromised server!
The claims Apple's and Amazon's servers were compromised come from people who have a SEVERE READING COMPREHENSION PROBLEM who believe the FAKE NEWS liars writing for Bloomberg. . . but mis-read what even those liars write.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.