cyber warfare and attacks

John Fedup

The Bunker Group
A detailed story by Bloomberg and vigorous denials by Amazon and Apple. Given the financial implications for Apple and Amazon, how could their response be anything other than vigorous denial? That being said, GCHQ's response seems to support their denials. Certainly given the seriousness of this story, an investigation needs to be done to resolve this matter asap.
 

weaponwh

Member
the reason we didn't heard more from CNN or other news, probably because US government already deny it, and most expert have doubt over it. I think at some point bloomberg misunderstood something. If china has the ability to manufacture microchip size of pinhead, and has the ability to do what bloomberg claim, then they have no issue to compete with major chip maker such as Intel/AMD/Xilinx, the fact their chip is still generations behind modern chip shows they dont have that capability yet.

Making SPI/IC interface that small, sure, it can be done, but know what part of BIO/RAM bit file to modify and replace thats beyond current hardware capability. Remember those BITS are generated from compiler operated in an OS environment, to reverse that process and know what those bits means, you need run something similar, not possible via Only Hardware that small.


U.S. government sides with Apple and Amazon, effectively denying Bloomberg ‘spy chip’ report

U.S. government sides with Apple and Amazon, effectively denying Bloomberg ‘spy chip’ report
Homeland Security has said it has “no reason to doubt” statements by Apple, Amazon and Supermicro denying allegations made in a Bloomberg report published earlier this week.

It’s the first statement so far from the U.S. government on the report, casting doubt on the findings. Homeland Security’s statement echos near-identical comments from the U.K.’s National Cyber Security Center.
 
Last edited:

John Fedup

The Bunker Group
Again, this is a serious issue. It needs investigation. If the Bloomberg story is totally wrong, how did this happen? Were they setup or incompetent?
 

weaponwh

Member
look like Bloomberg story is false, perhaps from misunderstand at some point

Apple's Tim Cook calls for retraction on Chinese spy chip story: 'There's no truth to this'

Apple CEO Tim Cook is calling for Bloomberg to retract its story about Chinese spy chips embedded in the company's server equipment, telling Buzzfeed News in an interview, "This did not happen. There's no truth to this."

div > div.group > p:first-child" itemprop="cssSelector">
"I was involved in our response to this story from the beginning," Cook said according to Buzzfeed. "I personally talked to the Bloomberg reporters along with Bruce Sewell who was then our general counsel. We were very clear with them that this did not happen, and answered all their questions. ... Each time they brought this up to us, the story changed and each time we investigated we found nothing."

Cook also said Bloomberg should retract the story.
 

ngatimozart

Super Moderator
Staff member
Verified Defense Pro
look like Bloomberg story is false, perhaps from misunderstand at some point

Apple's Tim Cook calls for retraction on Chinese spy chip story: 'There's no truth to this'
May not be so clear cut. It's a classic he said she said. Would it not be Apple protecting itself? I am not saying that they are not telling the truth but they do have strong motivation for the outright denying of the Bloomberg story, because if they admitted that it was correct, then the possibility exists that their customers would abandon them because of perceived product security flaws. Stories like that have caused company collapses before regardless of whether the story was factually correct or not, so I do not blame Apple for outright denying the story.

Bloomberg would not have printed that story without reasonable evidence due to US criminal libel law and the US tendency to sue at the drop of a hat - lawyers at 10 paces, so somewhere in between the two stories there will be the actual facts of the matter.
 

John Fedup

The Bunker Group
I agree wrt the legal issues and it may also be in GCHQ as well as the NSA's interest to downplay this to the point we may never know the truth. Both organizations will be checking everything, I have no doubt about that.
 

weaponwh

Member
May not be so clear cut. It's a classic he said she said. Would it not be Apple protecting itself? I am not saying that they are not telling the truth but they do have strong motivation for the outright denying of the Bloomberg story, because if they admitted that it was correct, then the possibility exists that their customers would abandon them because of perceived product security flaws. Stories like that have caused company collapses before regardless of whether the story was factually correct or not, so I do not blame Apple for outright denying the story.

Bloomberg would not have printed that story without reasonable evidence due to US criminal libel law and the US tendency to sue at the drop of a hat - lawyers at 10 paces, so somewhere in between the two stories there will be the actual facts of the matter.
maybe, but as an engineer my self, its almost impossible to pull of hardware hack that do what they said. furthermore security expert from UK and US deny it too.

I doubt apple/amazon would lie in this case, especially it jeopardize national security if they do so. also if its true, then the culprit is china, not apple/amazon, by lying it, it will just make situation much worse.


here is another article from supermicro

Chip company says it would be 'practically impossible' for hackers to breach Apple and Amazon

Super Micro Computer said in a letter to customers last week it will review its hardware for any proof of malicious chips as alleged in a recent media report, but that such a hack would be "practically impossible" to pull off.

"Despite the lack of any proof that a malicious hardware chip exists, we are undertaking a complicated and time-consuming review to further address the article," the company said in a letter to its customers dated Oct. 18.

A Bloomberg Businessweek story on Oct.4 cited 17 unidentified sources from intelligence agencies and businesses that claimed Chinese spies had placed computer chips inside equipment used by about 30 companies, including Apple and Amazon and multiple U.S. government agencies, which would give Beijing secret access to internal networks.


Super Micro denied the allegations made in the report and outlined in its letter to customers how complex such a hack would be. Super Micro was up as much as 5% at the beginning of trading on Monday. It trades on over-the-counter markets after its common stock was suspended from the Nasdaq after missing multiple SEC filing deadlines.

Not only would the alleged Chinese hackers need to skirt past regular testing, Super Micro executives wrote that the unauthorized hardware would make it "highly unlikely" for their motherboards to actually function. Even if the supposed hackers were Super Micro employees rather than contractors, "no single employee or team has unrestricted access to the entire design" of their motherboards, the letter says. The letter also says it would've been difficult for companies in Super Micro's supply chain to modify motherboards because suppliers do not have access to Super Micro's full designs.

Apple and Amazon have both denied claims in the Bloomberg report that they had found out about the chips in 2015. Apple CEO Tim Cook strongly denied the allegations of malicious hardware in its technology in a Buzzfeed News article published Friday. He also called for Bloomberg to retract the story.
 

weaponwh

Member
Bloomberg stands by China microchip article as denials and skepticism mount

Denials, skepticism and calls for a retraction are piling up in response to a Bloomberg article that said Chinese microchips had ended up in the computers of at least 30 major U.S. companies in a major cybersecurity breach. Bloomberg stands by the article.

Amazon is the latest company to deny claims in the Bloomberg Businessweek article on Oct. 4 that said China had hid small chips, the size of a pencil tip, in motherboards that ended up in servers used by 30 companies. The boards were made by the hardware manufacturer Super Micro.



Andy Jassy, chief executive of Amazon Web Services, tweeted Monday in solidarity with Apple CEO Tim Cook, who has also called for a retraction. Amazon and Apple are two of the companies named by Businessweek as having found the chips in their servers.

@tim_cook is right,” Jassy stated. “Bloomberg story is wrong about Amazon, too. They offered no proof, story kept changing, and showed no interest in our answers unless we could validate their theories. Reporters got played or took liberties. Bloomberg should retract.”Cook called for a retraction on Friday, telling BuzzFeed that Bloomberg had “no truth in their story about Apple” and urging Bloomberg to “do the right thing and retract it.”
Super Micro publicly refuted the accusations in a letter on Oct. 18.


“We are confident that a recent article, alleging a malicious hardware chip was implanted during the manufacturing process of our motherboards, is wrong,” Charles Liang, chief executive of Super Micro, said in the letter.

The U.S. Department of Homeland Security and Britain’s National Cyber Security Agency have also released statements doubting the validity of Bloomberg’s reporting.

Skepticism of the story among tech journalists and cybersecurity analysts has grown since it was published.

“The Bloomberg story is at the point where everyone we have talked to believes the story has significant holes or was outright fabricated,” tweeted Jason Koebler, editor-in-chief of Motherboard, Vice’s technology publication. “Bloomberg has to say or do something.”
Dan Kaminsky, a security researcher, tweeted, “I am 100% confident the Bloomberg story is specious, and the only question is which of many possible monsters from the Natsec universe got us here.

Despite rising speculation about the anonymity of the majority of sources in the article and the lack of physical evidence regarding the affected motherboards, Bloomberg has remained publicly confident in its reporting. In a statement, Bloomberg Businessweek said the article was supported by “over 100 interviews” and was corroborated by 17 individual sources, “including government officials and insiders at the companies” who spoke to the
publication anonymously.

John Micklethwait, the editor-in-chief of Bloomberg News, told a group of editors last week that the article is “an example of what we can do well when we put our resources on an enterprise project and we will continue to do so,” according to The Washington Post.

Some sources who have spoken on the record with Bloomberg have come forward to question the framing of what they said.

Joe Fitzpatrick, a hardware security expert quoted in Bloomberg’s Oct. 4 article said five days later in a podcast on Risky.Biz, which deals with the information security industry, that his statements had been “taken out of context.”


Yossi Appleboum, chief executive of cybersecurity company Sepio Systems, was quoted in a follow-up article by Bloomberg that claimed a major U.S. telecom company had been affected by a compromised ethernet connector produced by Super Micro.

“I am angry and I am nervous and I hate what happened to the story,” Appleboum stated in an interview, adding that he sees hardware security as a broad problem.
 

John Fedup

The Bunker Group
This "Atlantic Magazine" article discusses the divide between Silicon Valley and the Pentagon and why it is a threat to national security. Clearly China and Russia don't have this problem. The reference about Google helping China while ignoring US government business is beyond hypocritical IMO. Perhaps a new tax on anal behaviour like this would have shareholders smartening up Google's board. The ratio of engineers to lawyers in the Senate is appalling, one frigging guy! I guess this is flaw is best illustrated by Orin Hatch's question to Facebook's CEO, how can you make money when you don't have user fees?........duh. Sure hope something can be done about this.

The Growing Gulf Between Silicon Valley and Washington - The Atlantic
 

t68

Well-Known Member
This "Atlantic Magazine" article discusses the divide between Silicon Valley and the Pentagon and why it is a threat to national security. Clearly China and Russia don't have this problem. The reference about Google helping China while ignoring US government business is beyond hypocritical IMO. Perhaps a new tax on anal behaviour like this would have shareholders smartening up Google's board. The ratio of engineers to lawyers in the Senate is appalling, one frigging guy! I guess this is flaw is best illustrated by Orin Hatch's question to Facebook's CEO, how can you make money when you don't have user fees?........duh. Sure hope something can be done about this.

The Growing Gulf Between Silicon Valley and Washington - The Atlantic
A very interesting article and highlights just how far the difference is in ideological thinking even in ones own sphere of generations, I can attest to that sort of thinking, tech has certainly made life more comfortable growing up from the 60/70's but I'm still at a loss with all the functions on my mobile phone and don't understand the need, but I'm still amazed in this day and age the my mum still has a banking passport she uses at her local bank (the only down side she can only use it at her local bank)
 

ngatimozart

Super Moderator
Staff member
Verified Defense Pro
A very interesting article and highlights just how far the difference is in ideological thinking even in ones own sphere of generations, I can attest to that sort of thinking, tech has certainly made life more comfortable growing up from the 60/70's but I'm still at a loss with all the functions on my mobile phone and don't understand the need, but I'm still amazed in this day and age the my mum still has a banking passport she uses at her local bank (the only down side she can only use it at her local bank)
Off topic, but here in NZ bank books have been history for ages. It's all electronic now and my mum in her 90's has to use her EFTPOS (Electronic Funds Transfer @ Point Of Sale) card and tele-banking etc. She has a cheque book but that hardly gets used now. Getting her to use a cellphone was a mission in itself. She got her stubborn up and working and took ages to out stubborn her. :D
 
  • Like
Reactions: t68

John Fedup

The Bunker Group
Same situation here in Canada, all non-cash transactions by smart cards. As for mother, uses her card but prefers my sister to handle the banking. Cellphones....a bridge too far.
 
Top