Chinese manufacturer puts hardware backdoor onto Supermicro server boards.

[VK3DRB]

Whether it is true or not about the fake capacitor, we all know Chinese communist government is the world's biggest crime syndicate.

For a start, the free world needs to confiscate all foreign properties, securities and loot smuggled abroad by the members and the families of the Central Committee of the Chinese Communist Party. The billions of dollars can be used to help pay some of the damage to western companies caused by China's rampant and shameless IP theft. 

[TimNJ]

The plot thickens. Apparently an ftp server of Supermicro got hacked a while back and served infected firmware. This was the reason Apple stopped working with Supermicro, according to Apple. Reports are that they initially denied any of this happening back then. Maybe their gag order ran out after a while?

https://www.macrumors.com/2017/02/23/apple-ends-relationship-with-super-micro/

Really? Drop an entire vendor because one lab machine had infected firmware? And then deny that there was a security incident? And then come back and admit that they did find bad firmware?

I don't think we can really trust Apple at this point. If true, they'll deny this to the grave.

When you discover a security breach, why tell your shareholders when you can also not tell your shareholders?

[bd139]

Whether it is true or not about the fake capacitor, we all know Chinese communist government is the world's biggest crime syndicate.

For a start, the free world needs to confiscate all foreign properties, securities and loot smuggled abroad by the members and the families of the Central Committee of the Chinese Communist Party. The billions of dollars can be used to help pay some of the damage to western companies caused by China's rampant and shameless IP theft. 

Let's not blanket blame China here yet or start pointing fingers. Chinese universities are pretty much shitting on the West at the moment on new developments so I'm not sure that's even realistic.

There's a whole list of reasons here to not point fingers yet: https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present)

The plot thickens. Apparently an ftp server of Supermicro got hacked a while back and served infected firmware. This was the reason Apple stopped working with Supermicro, according to Apple. Reports are that they initially denied any of this happening back then. Maybe their gag order ran out after a while?

https://www.macrumors.com/2017/02/23/apple-ends-relationship-with-super-micro/

Really? Drop an entire vendor because one lab machine had infected firmware? And then deny that there was a security incident? And then come back and admit that they did find bad firmware?

I don't think we can really trust Apple at this point. If true, they'll deny this to the grave.

When you discover a security breach, why tell your shareholders when you can also not tell your shareholders?

Apple have done that numerous times. They got a better deal elsewhere and used that as leverage to get out of the current one.

[TimNJ]

The plot thickens. Apparently an ftp server of Supermicro got hacked a while back and served infected firmware. This was the reason Apple stopped working with Supermicro, according to Apple. Reports are that they initially denied any of this happening back then. Maybe their gag order ran out after a while?

https://www.macrumors.com/2017/02/23/apple-ends-relationship-with-super-micro/

Really? Drop an entire vendor because one lab machine had infected firmware? And then deny that there was a security incident? And then come back and admit that they did find bad firmware?

I don't think we can really trust Apple at this point. If true, they'll deny this to the grave.

When you discover a security breach, why tell your shareholders when you can also not tell your shareholders?

Apple have done that numerous times. They got a better deal elsewhere and used that as leverage to get out of the current one.

They have used a security "concern" to get out of a contract with a vendor (even if it wasn't that big of a deal)? Maybe.

Still don't give me warm and fuzzies that they lied about it.

[BravoV]

I guess someone at UK National Cyber Security Centre pissed off with Trump ... 

https://www.cnbc.com/2018/10/05/uk-cyber-security-agency-backs-apple-amazon-china-hack-denials.html

[Bud]

In the Thermal Imaging sub forum a complete compromise of the E4 camera security was achieved by modifying just 1 bit of a cpu instruction code. So things may be possible to achieve with a clever approach instead of a dumb one and you may not need access to the full cpu or ram bus, just to a part of it.

[Bud]

I guess someone at UK National Cyber Security Centre pissed off with Trump ... 

https://www.cnbc.com/2018/10/05/uk-cyber-security-agency-backs-apple-amazon-china-hack-denials.html

So how come they have become so sure about having no doubt that fast ?

[bd139]

I guess someone at UK National Cyber Security Centre pissed off with Trump ... 

https://www.cnbc.com/2018/10/05/uk-cyber-security-agency-backs-apple-amazon-china-hack-denials.html

So how come they have become so sure about having no doubt that fast ?

Five eyes.

NCSC is part of GCHQ.

[BravoV]

I guess someone at UK National Cyber Security Centre pissed off with Trump ... 

https://www.cnbc.com/2018/10/05/uk-cyber-security-agency-backs-apple-amazon-china-hack-denials.html

So how come they have become so sure about having no doubt that fast ?

I dunno  .. maybe ... just maybe they're not as competence as Bloomberg's reporter ? Maybe ... 

But this new message is clear, UK already took side.

Now, what interesting ahead is, if .. again, a big IF .. later, they come out again to reverse that statement, than that means someone at GCHQ got f**ked real hard, probably caused by a phone call made from Washington to Downing street 10. 

[Stray Electron]

I guess someone at UK National Cyber Security Centre pissed off with Trump ... 

https://www.cnbc.com/2018/10/05/uk-cyber-security-agency-backs-apple-amazon-china-hack-denials.html

30 "Unnamed sources".  Yeah, I'm sure that we can trust that report.  <sarcasm off>

[BravoV]

I guess someone at UK National Cyber Security Centre pissed off with Trump ... 

https://www.cnbc.com/2018/10/05/uk-cyber-security-agency-backs-apple-amazon-china-hack-denials.html

30 "Unnamed sources".  Yeah, I'm sure that we can trust that report.  <sarcasm off>

C'mon, its not that hard.

The source -> https://www.reuters.com/article/us-china-cyber-britain/uk-cyber-security-agency-backs-apple-amazon-china-hack-denials-idUSKCN1MF1DN

Reporting by Guy Faulconbridge and Mark Hosenball; editing by Sarah Young

Put the CNBC as its more familiar for Northern America audiences, instead of Reuters. 

[Bud]

In the Thermal Imaging sub forum a complete compromise of the E4 camera security was achieved by modifying just 1 bit of a cpu instruction code.

ARM's conditional execution bit?

No

[Bud]

Let Apple and Amazon to testify before Congress. This seems to be America's favorite show this season,

[BravoV]

Let Apple and Amazon to testify before Congress. This seems to be America's favorite show this season,

Its a norm, even in the land of pure capitalism heaven, you just can not grow too big or too rich, even legit. Pure total submission and down with your knee is mandatory, hence what happened to big corporations, Microsoft experienced this too in the past, or will get bullied & grilled until they're fully surrendered.

Nope, money flow handsomely alone to gov and house of representative creatures is not enough. 

[donotdespisethesnake]

Whether it is true or not about the fake capacitor, we all know Chinese communist government is the world's biggest crime syndicate.

For a start, the free world needs to confiscate all foreign properties, securities and loot smuggled abroad by the members and the families of the Central Committee of the Chinese Communist Party. The billions of dollars can be used to help pay some of the damage to western companies caused by China's rampant and shameless IP theft.

 

"I don't care about the truth, I have swallowed the anti-Chinese propaganda hook, line and sinker!"

[mnementh]

The more interesting part of this diversion, to me at least....

With it going on, where are all the smart, tech-savvy people NOT paying attention?

All the preparations for a midterm election just weeks away that will literally define this nation's fundamental agenda for generations to come.

Not only does it create a diversion, but also it casts yet another potential external scapegoat into the center arena for inevitable compromised electoral outcomes, of course distracting us from the incumbent congressional corruption anybody with a whit of sense knows has been at fault all along.

mnem
Cassandra can suck it.

[ajb]

There are hi-res pictures on Twitter of the exact board with no suspicious/malicious chip installed. It's possible that only server boards headed to Apple, AWS, et al. got the special treatment. I'm sure an order from Apple warrants a standalone production run.

Well, if you take the Bloomberg article at face value, virtually every chip components is potentially malicious.  Without any information on the nature of the exploit, you can't even really narrow it down that far, other than making educated guesses.  Even if you decap and analyze every single IC, and carefully inspect every chip component, and completely tear apart the PCB to look for embedded components, at best you could prove that the particular specimen was not compromised, but who knows how many different units from how many different production runs and design variants are out there.  So if the article *is* FUD or propaganda, being so difficult to definitively disprove is certainly an advantage. 

Ars Technica's article on the topic points out that Apple and Amazon's rebuttals are interesting in how strong and unambiguous they are.  The government could legally compel them not to reveal information about what Bloomberg's reported, but generally could not legally compel them to lie about it.  So if they were under some order not to report such information, you'd expect evasion rather than outright and strenuous denial.  Which isn't to say that they aren't outright lying, but it doesn't appear very likely.

What China wants is not really that much. All we want is the west to leave us alone as long as we don't touch a NATO country.

And the west just will not. China will never be peaceful until the west stops policing near China.

I don't know about other western countries, but the US has treaty obligations in the region.  Korea and Japan in particular have in interest in checking China's military and economic influence, and strong military/economic ties with the US.  Balance of power is practically a natural law of geopolitics.  Regardless of your opinion on North Korea, maritime territorial disputes, or any of the other hot buttons in the area, it's hardly as simple as saying the west just needs to get out of China's way.  I'm also not sure that other countries in the region would be so happy about seeing a less restrained China. . .

[apis]

It's been on the major news stations in Scandinavia now, and they spin it as if it's true, although they mention
that apple and amazon denies it.

In China, the government, not the people, owns he land.

Actually, that is the same everywhere; only governments "owns" territory. Control is a perhaps a better word than own. Usually through military means, but sometimes also because of tradition. Each country have different rules of how they then divide the rights to use that land among their citizens though. If you "own" some property in e.g. Sweden or the USA, you are really just sort of leasing it; you have a contract with the government giving you a monopoly on using some part of the territory in certain ways, e.g. for farming or for mining or building a house, but there are limits to what you can do with it.

[Red Squirrel]

Yeah sadly even in north america the government really owns/controls the land.  You can buy land you own it in the legal sense, but if the government or a corporation wants it, they get it.  They can also tell you what you're not allowed to do on it etc.  It's actually BS.   Though there are unorganized townships where you tend to have more freedom with the land you buy.  It's my dream to eventually live in one.   Would be great to be able to build anything without needing permits etc.

[VK3DRB]

The billions of dollars can be used to help pay some of the damage to western companies caused by China's rampant and shameless IP theft.

In the 1990s, China blatantly cloned entire designs....
China doesn't care about right or wrong, China only cares about power....

That is the ultimate free pass to dictatorship. The only thing that prevents Chinese government from physically suppressing its unrest people and its separatism states is the fear of being sanctioned by the west.

Disgree.... not the 1990's... now. There are exact copies of creative patented or copyrighted work by Australian companies and individuals which thieving pirates sell stuff blatantly around the world. IP theft is rampant. Not "copy watch" of the 1990's, but entire designs of high value items where you cannot tell the difference.

This might surprise you... http://www.techguide.com.au/news/the-worlds-greatest-technologies-that-were-invented-in-australia/
Not bad for a free country of between 8 and 25 million people in a remote part of the world, compared to China with 1.4 billion people.

I agree the Chinese communist government cares only about power. Because ultimately it is a tool for the princelings and their privileged families to save face and accumulate massive amounts of money. That is why they are terrified of democracy.

http://www.abc.net.au/radio/programs/worldtoday/is-china-stealing-intellectual-property/10302836

[VK3DRB]

I agree the Chinese communist government cares only about power.

I bet you've never lived in China. Chinese government is corrupted as hell, but many Chinese people are way more corrupted.
Everyone in China, if has some sort of power, is corrupted. At least the government is being supervised and has to obey the law, at least to certain extent.

Farmers sell poisonous food to urban citizens, doctors prescribe unnecessary lab tests for making some cut, teachers give special attentions to students with rich dads, and the list goes on.
I bet if there is any power, even if just a little bit, that can change other people's living quality by just a tiny margin, the power will be monetized

Now in such a context, Chinese government is fairly clean, compared with the F*ed up society.

I spent a few months in Tianjin in 1980's and 90's. In fact, I set up the first computer manufacturing line in all of China. No I have not lived there long term, but I know what goes on and witnessed some odd things shall we say. The most decent people I met were engineers over there... they were not the type to be corrupt, and they were great to work with.

You want corrupt? The HSBC bank is the bank of choice for Mexican drug cartels for money laundering and currency smuggling. I know someone who told me he smuggled a very large sum of money into Australia from China under full support, knowledge and guidance from HSBC. The problem is HSBC is "too big to fail", and no-one has the guts or integrity to bring them to account; not even the US or the Chinese government. The US govt only gave HSBC a small slap on the wrist for them knowingly profiteering from Mexican drug cartel drug trafficking. And yet if a poor man from the hood sells some crack on the streets, he gets 20 years prison - if the cops don't shoot him first.

I think one of the big problems in China is money is a god over there, called Mammon. A very shallow belief system indeed.

Entrepreneurial, or just plain greedy?... http://www.abc.net.au/news/2018-04-26/daigou-chinese-personal-shopping-$1-billion-industry/9671012

[ajb]

If the west stay out of human right issues of China and stop sanctioning China for suppressing separatists, China will not need to be excluded from ITAR list, and then China will not have to clone all western technologies if we have a steady, political-free supply of them.

Drifting pretty far off topic here, but that's not what ITAR is about.  ITAR is about technology and materials with military value, nothing to do with human rights.  In fact, AFAICT there are no active US sanctions against China or Chinese entities for human rights reasons, although such actions have been discussed as a result of China's treatment of Uyghers (and if what's been reported about that doesn't count as "physically suppressing", I'm not sure what does, short of actual ethnic cleansing).  Aside from ITAR, there are blanket export restrictions on China for nuclear, chemical, and biological weapons controls, national security, and regional stability reasons (but similar controls are also in place for most countries, including many allies of the US, although not as severe) and I did find references to active sanctions on Chinese entities and individuals relating to Iran, North Korea, and trafficking in arms and narcotics.  For better or for worse, it's hard to gather support for human rights-based sanctions.  Maybe something will happen soon, but most people in the US are much more concerned with problems closer to home at the moment.

[funkyant]

Off topic, but also kind of on topic:

https://www.businessinsider.es/boeing-may-have-used-firm-to-plant-anti-spacex-oped-2018-10?r=US&IR=T

[VK3DRB]

When I say computer, I meant 8086 based PC.

In the 1980's, Hong Kong was THE place for pirated computers and software, especially at the Golden Centre in the aptly named Sham Shui Po. Most of the boards came from sweatshops in Hong Kong and Taiwan, not the PRC. The "rotten Apples" were even assembled in Hong Kong. These were almost always "build-to-order", often while you wait, often using a chair or the floor as a workbench. ESD protection did not even register with these people. The Golden Centre in Hong Kong also was the world's biggest piracy centre for commercial software, according to The Bulletin Magazine in 1986. The place had been raided by the HK cops several times, but after a short stint in jail the the crooks were soon peddling their wares again.
 
Dick Smith's System 80, a cheaper "clone" to the Tandy TRS-80, was made in Hong Kong in 1979 by a company called EACA, which was involved in crime.

China was just getting out of the Maoist dark ages in 1979 after the dictator died in 1976. There is no way they could go from an impoverished third world peasant-based country to making anything remotely resembling quality electronics within 3 years.

[bd139]

My father used to import clone computer stuff made in the late 1970s into the UK so manufacturing was definitely going on before that. China wasn’t quite as believed - parts of it had been sold out for manufacturing. Then he started importing PC clones and memory into Europe. Ironically he had a bigger production outfit than Dell at the time. I spent most of my years in the 1980s living in an import warehouse basically and being booth gremlin at CeBit.

This exposure is what made me want to be an EE and do silicon design. Ended up in software. Doh.

Stuff from HK/China wasn’t cloned at all and wasn’t crap. This was new stuff totally in house. The only thing they did was use the compatible ISA interface. A lot of the early clone market was developed in the US as well (think Tseng Labs etc) and they set up an OEM chain in HK/Taiwan and subcontracted out to new factories in China mainland.

It’s quite frankly scary how fast they ramped up production.

Someone there says jump and the answer is *boing*.

Someone here says jump and the answer is “persuade me to jump” then after two weeks they fuck off and find somewhere that doesn’t make them jump as high then shitpost on glassdoor.

Shit doesn’t get cloned. The APIs and interfaces do for compatibility but what’s inside is original. And we only have ourselves to blame. West can’t compete now because it’s lazy, bureaucratic and inefficient.