Super Micro China super spy chip super scandal: US Homeland Security, UK spies back Amazon, Apple denials UK spymasters and US Homeland Security officials have supported Western tech companies' denials that Chinese agents were able to smuggle hidden surveillance chips into Super Micro servers. Mainstream media megastructure Bloomberg reported last week that Beijing's military intelligence pressured or bribed a Chinese …
The facts seem to say otherwise.
And I'm not talking about what companies say :
Fact #1 : Bloomberg says an FBI investigation is/was underway
Fact #2 : the FBI denies any investigation
This may be the Trump era of politics, but if the FBI unequivocally denies that there is an investigation, I believe the FBI.
So either Bloomberg reporters decided to try and cook up a story, which does indeed seem out of character to say the least, or somebody conned Bloomberg into publishing this story.
Conspiracy theorists, start your engines !
I see two scenarios, either somebody duped the reporters at Bloomberg, although that seems unlikely, given that they should still have a legal department that double checks the stories and facts, being a "real" news organisation.
Or it was an insider secret that the chips existed, the security services knew about it and were using it to provide misinformation to the Chinese and now it is blown up and their golden goose is about to be served up with stuffing and all the trimmings.
But even so, the likes of Apple and AWS would still be open to huge fines, if they are found to be lying.
Skeptical of the short theory - the SEC can track that too easily since Supermicro is the only target you could reasonably short. Who else could be duping Bloomberg, and why? They said they talked to the FBI, and I'm sure they'd connect to their sources through the FBI main number at least once to verify they really worked for the FBI.
Given the divide between the Trump administration and the FBI, I suppose its possible if the administration had a few people within the FBI make these claims, supply contacts with "Apple" and "Amazon" that weren't, to fool Bloomberg into posting this story. It is quite timely given Trump's battles with China - maybe the idea was to get the public behind his trade war even things don't turn out as rosy as Trump naively believes.
For Trump's admin it is no lose - if they get away with it they get the public on their side even if the China trade war gets messy and long lasting, If they get caught they blame the FBI and say see "this is proof they are incompetent and the top people should be fired" so they can sabotage Mueller's investigation.
There's 3rd scenario: Bloomberg is possibly considered "fake news" and the administration decided to make an example of them. Then again, maybe I just need a tinfoil hat.
The concept of what is credible and what is not is indeed clouded. In this case, we have a respected news agency, a shifting political landscape that issues contradictory news items, and a spy agency that wouldn't want to be outted. The companies (all of them) involved may be under a "secrets" embargo and dare not speak to this other than deny.
We're in "what's real and what's not real" land here. All anyone can do is speculate.
It has been the NYT and Washington Post that have broken most of the big stories that made Trump look bad (i.e. what he considers "fake news") but if Bloomberg was fooled then I wonder if it'll turn out the story was fished to the Times & Post and they didn't bite. If they were approached with that story and decided against it, I'm sure they are furiously tracking it now to see if they can determine whether its true or false.
if the bloomberg reporter was passing along unconfirmed information, they should have been a bit more careful about how it was stated. As written, it seems to be an expose of a massive scandalous breech of contract by manufacturers in China, with crimes no doubt committed on both ends of the Pacific.
However, if it's all FUD and headline trolling, Bloomberg deserves shame and ridicule for it.
I'd say the same for ANY news source, regardless of their political slant. I've said things like this about [P]MSNBC as well as [F,C]NN and the 3-letter networks in the USA (ABS, CBS, NBS - ok not 'BS' but ABC,NBC - still it's a nicname they deserve].
So if Bloomberg is now engaging in the SAME kinds of "fake news", they deserve whatever happens to them as a result of it.
HOWEVER, if the facts show that Bloomberg is RIGHT, then we have a serious problem here. Not only because of the hardware-based spying [some of the allegations in the Bloomberg article suggest that chips were mounted BETWEEN LAYERS inside the circuit board], but also because of the DENIALS by those parties that were allegedly involved. AWS and Apple should NEVER deny an investigation, assuming that they're interested in customer and corporate security (unless they're under a gag order for national security or something similar).
In any case, I'm not 100% convinced to NOT purchase anything from SuperMicro, but I am concerned about 'things made in China' a bit more than I was before. China is going to have to come up with some kind of guarantee that the supply chain won't be manipulated like that - EVER. We've been suspecting them for too long, apparently with good reason, and past violations of our IP doesn't make them look like 'good guys', not at all.
Notwithstanding, some of the descriptions [chip the size of a grain of rice, or a sharpened pencil tip, between board layers even] is a little strange, to me. You'd need some pretty sophisticated stuff to interrupt a multi-Ghz signal and re-arrange the data like that. That kind of tech would be better served making a new CPU architecture or something like that. Rather than stealing tech, they could invent it instead. It's not profitable to them, in other words, to put that kind of tech expertise into spy chips that would THEN randomly target U.S. companies.
The technology described is perfectly feasible.
It's SPI flash speeds. Something that an Arduino-scale device can read and write.
The main stupidity of the story is that it's a ridiculously expensive and totally unnecessary way to do it.
It's cheaper and easier to fake a chip than a PCB.
The inserted chip was described as attacking the BCM in some way. So why not simply replace the flash chips for the BCM with one containing the alternative code to do whatever you wanted?
Either as simple data, or if you're really keen, as a fake chip containing write-once partition for your attack.
The pointless complexity of the described attack means that the story is almost certainly false.
but I am concerned about 'things made in China' a bit more than I was before
The problem is, you might be more concerned but there's little you can do about it. It is almost impossible to purchase any modern electronics that are 100% free of anything made in China. Off the top of my head the only computer not made in China is the iMac, which is made in a factory in Cork, Ireland - but the motherboard is almost certainly made in China, and many of the chips on it would come from mainland China or Taiwan. Pretty much impossible to buy a wifi router that wasn't made in China, you might find some phones and TVs made in South Korea instead but almost certainly some components in them come from China...
Of course like I always say, given a choice between being spied on by the US government or by the Chinese government, as an individual I choose the latter (obviously I'd choose differently if I'm talking about systems the DoD is using) The way I figure it, if the US government doesn't like what I say or do they can make my life a lot more miserable than China's can if they don't like what I say or do. And since I live in the US, and not China, the US government is a lot more likely to want to spy on me than China.
Re: manufacturing in China "there's little you can do about it"
well, I've had at least SOME influence on manufacturing choices (for customers) in the past. I assume the future isn't going to be much different [my line of work being related to that]. So if a customer says "make in China" I have one specific alternative U.S. based pic-n-place board builder to suggest instead, and possibly one in Mexico as well, and I might even reference the Bloomberg article when it comes to determining manufacturing 'outsource' choices.
I'm sure others might do this as well, too, and that's the point. Outsourcing your manufacturing to China is less attractive, now, for many reasons. And Mexico is looking a lot better.
/me sometimes gets bare boards done by a Canadian company. Fast turnaround, good quality, ok pricing for small quantities. More expensive but I want my Monday AM design back by Friday, and usually that happens.
and now under the cover of all the huffing and puffing from the various 3 letter agencies, and the ongoing he said to me, that she said to him, that you said to me ............................... shenaninigans from all the other 'interested' parties
Beijing will now most likely start THEIR engines and switch those little beasties ON :oP
I'm not so much surprised they _would_ do this, but if they really _could_ do this.
You cannot just solder a chip on a board to have it spy for you.
You cannot just "alter" data on an SPI bus by just being connected to it.
In short : Putting something unexpected on a server board is very likely to mess things totally up, if not at once, then when the first firmware update arrives...
I wondered about this too. I assume that the Chinese factories just assemble to the designed provided by Super Micro in the US. If this is the case, then surely adding components would require a detailed knowledge of these plans, the ability to change them and modification of the assembly process, and would need to be originated with the designers in the US? How much control to the factories in China have over design?
>You cannot just solder a chip on a board to have it spy for you.
Look at PCBs: in many cases you will find many free pads. Some are used for future expansion, for added chips for the model one step up and, mostly, or for test points. Bloomberg makes an issue of Supermicro having Chinese language engineers who held many of the more productive (in their words) telephone conferences in Mandarin Chinese. The hint is that a Supermicro engineer made room for a chip not part of the design, possibly disguised as test points for use in manufacturing, that later was used by Chinese government to fit a chip on.
Back in the day when I was an electronic designer we made sure we had a lot of test points and I have not seen this has changed.
"You cannot just solder a chip on a board to have it spy for you."
well the allegation is that they had modified the board's design. The manufacturer has the gerber files [or whatever has the design on it], and it wouldn't take a lot to edit those to include a "something" to which a new chip would be soldered [or embedded within the layers even].
I understand the tech to embed devices between layers has already been used by Apple, or so I've read. In some cases it might be highly useful to do that [example, power supply bypass capacitors or a resistor array]. Series resistors are often used to abate 'unintentional radiator' signal noise, and so a resistor array conveniently placed between IO pins and their destination INSIDE of the board would be convenient (assuming it could be done).
In any case the tech apparently DOES exist to insert components. So the allegation is PLAUSIBLE and that's fear-inducing enough. Whether or not a manufacturer can be bribed/strong-armed into actually DOING that is another story.
And if it's on an SPI bus between a BIOS ROM and an SoC, such that it could re-program the BIOS slightly during a flash update, or read 'special instructions' in place of the ACTUAL flash, it could be pretty bad.
/me considers Intel's ME being invoked, for example. It might not take a lot of 'extra instructions' to make that happen, nor to cover its own tracks afterwards, and to invoke the on-chip LAN to "phone home"... and listen for commands while running.
which means that a call for a hardware mod to SHUT OFF Intel's Management Engine [with a jumper, let's say] now makes even MORE sense.
I don't think it's that difficult to do something like what is mentioned in the original article. Everyone needs to understand that the "chips" we see on circuit boards aren't the real chip. The actual die inside the package is much smaller than what we see on a board. The die can be as small as .1mm square. The dies are placed into much larger packages so that they can be soldered to a circuit board.
If properly done, a die could be placed between layers like an embedded via. It would take a great deal of knowledge and skill to do it, but it could be done. With some of the innovative assembly techniques being developed by companies like Apple (as much as I dislike Apple), the Chinese contract manufacturers have been taught how to do some crazy things.
Tapping something like an SPI bus isn't that hard. It's only 4 signals. One could create a chip that would normally be a pass-through, but would change commands when it needed to. I have done quite a bit of SPI software and hardware, and I can see how this could be done. It would be rally hard, but when state sponsored, it's possible.
Our government would not even blink at spending $100 million on something like this. With that kind of money, it would be easy to find a few very talented engineers that could pull this off.
I remember back in the 90's people were opening up ICs and probing them under a microscope in live running circuits to break the encryption on satellite TV receivers. If people will do this to get free TV channels, what do you think a government with nearly unlimited funds can do?
"if an USA owned or controlled company was doing the same."
I would be _extremely_ surprised if a USA company did something like this. After the lawsuits shut down their company and drove it into bankruptcy, the principal board members might actually face criminal charges. The legal bills would be enormous (breech of contract being #1 on that list).
We don't have a supply bottleneck here that involves the government (aka government 'owned' companies), nor a somewhat oppressive communist government that has the will [and ability] to demand/coerce that kind of cooperation from its citizens. The mistrust of government in THIS country is pretty overwhelming. Finding someone who'd put up with that would be difficult. People would quit their jobs first, before cooperating (not THAT hard to find another one, ya know?). And, some people live to be "whistleblowers" for things like that, with its instant fame, TV interviews, and book deals.
I doubt that anyone in the UK would try to get away with something like this either, for similar reasons. Nor the EU in general. Russia, on the other hand, might try something like that. But we don't buy "Made in Russia" stuff all that much, do we?
Super Micro Computer Ltd *is* a US owned and controlled company.
Yes, Mr & Mrs Charles Liang are ethnically Taiwanese (and therefore predisposed to not trust mainland China), but the company is a classic Silicon Valley startup made good.
I'm reminded of an acquaintance who asserted that Google was peddling Russian influence based on Mr. Brin's ethnicity... not entirely sure how that squared with Mr Page's lack of Russian connections, but then my tinfoil hat never quite fitted me!
After the lawsuits shut down their company and drove it into bankruptcy,
Yeah, just like Equifax! Oh, wait.
the principal board members might actually face criminal charges
Considering the vast difficulty of proving any of them knew anything about it, I doubt any AG would even try to take it to trial. If I were on the board of a company, and decided to engage in shady dealings, you can damn well bet that my lawyer would be copied on any communications, to attach privilege.
breech of contract being #1 on that list
OK, I admit that if your breeches contract, you may have something to worry about. But let's not get our knickers in a twist over it.
The story sounds a bit bull because of the compute power and the ways you'd have to screw with data lines at memory speeds and not introduce noise and not make the system massively unstable to make it a thing - it'd be easier just to screw with firmware like the NSA did with Cisco gear. If this is real then China is way way ahead of the west in both subversive technologies and technology in general and I have a hard time believing it. It's not that it's not a thing so much as how large the chip would have to be to do what's claimed, look at something like a PHY for display port and consider the chip would have to be more complex than that. Exactly. People would notice.
That said it's not really the company so much as the Chinese government infiltrating the company that is the risk. No reason SMC would ever have to know any more that Gemalto or Cisco or anybody else would. That being said you'd also have to mess with various design and QA processes - basically SMC would have to never inspect any boards going out the factory and coming back under RMA etc or do any continuous improvement to not be complicit if it's actually a thing..
It all sounds a bit miniformationy to me and I'm definitely *not* a tinfoil hatter.
>data lines at memory speeds
You are thinking of attacking the memory bus. That is hard. Easier then to attack the SPI bus - it is slow and a serial bus that requires only a few wires.
>it'd be easier just to screw with firmware like the NSA did with Cisco gear
That assumes the firmware is installed in China and not in the US: Chinese contract manufacturers assemble the electronics but does not necessarily upload software. It is safer to do that back home to avoid more secrets leaking (probably blown anyway but people do hope) and you can claim some work on production is done in the US. So china might not have that possibility.
If we assume that Bloomberg has got it wrong and also assume that Bloomberg would not want to dent its reputation by asserting bollocks then a lot of effort must have gone into pulling the wool over Bloomberg's eyes. Knitting that wool is probably beyond the abilities of pranksters and would need to be state actors.
What would a country gain by hurting Bloomberg ? Maybe one that wants to make it harder for us to distinguish between fact and fiction, one that generates fake news that it does not like reputable journalism from showing that the news is fake. If we do not know what is true or false then we become confused and less able to make good decisions.
Another possibility is that the five eyes were in on this and do not want it exposed. This I doubt.
> What would a country gain by hurting Bloomberg ?
I'm not saying it definitely is this, but if a country were already engaging in a trade war with China in an attempt to bring manufacturing home, then using a credible(ish) story like this to undermine confidence in the Chinese end of the supply chain could prove rather beneficial.
There's a rather large country in that position, who's administrations over time have been known to be less than bothered about generating misinformation to achieve perceived gains. Such an immoral administration would probably have no issues in conjuring up some credible 'sources' too - particularly when those sources are simply talking about having seen reports, pics etc rather than providing them to the targeted news organisation.
By all accounts, it would not be the first time Bloomberg has been played by Govt leaks.
Another possibility is that the five eyes were in on this and do not want it exposed. This I doubt. ...... alain williams
You might like to doubt that, alain, if you want to believe they have any effective intelligence to share with each other. And if you can't, is it very reasonable to conclude that they don't ‽ .
"What would a country gain by hurting Bloomberg ? Maybe one that wants to make it harder for us to distinguish between fact and fiction, one that generates fake news that it does not like reputable journalism from showing that the news is fake. "
The usual suspects.
It'd take a lot of work to narrow down that list.
Why assume it was malicious?
I can see a scenario where the FBI issued a notice to big tech firms to watch their supply chains carefully for threats introduced by state actors. That notice gets distilled in to a memo for people in to the company who need to worry about that kind of thing. The memo gets discussed by people who receive it and by some kind of (ahem) Chinese whispers process some confused underlings get the impression that it isn't just a warning but an actual active threat that the company is dealing with.
The leakers could have honestly believed what they were telling the reporters without it necessarily being true.
I think I have heard that before... lemme think, that "TRAITOR OF AMERICAN PEOPLE!" hiding in Moscow, didn't MS strongly reject suggestions they'd ever, EVER let their hardware be accessed by the you-know-whom for the you-know-what-purposes?
apply Occam's razor to this, then the most likely thing is that Bloomberg has been duped.
how hard would it actually be for some organisation to come up with the number of informants that Bloomberg got its reports from, putting into place enough paper trails to make the sources look real.
then look who suffered and who gained.
Just curious as to why the NCSC in the UK spoke up so rapidly in support of US corporates rather than simply denying knowledge about what had, until that point, been a Chinese/US issue?
Either there is something to this story or Bloomberg have had an incredibly complicated scam played against them with the aim of discrediting Chinese manufacturing ... If the first, there's a massive and organised closing of corporate and governmental ranks, if the latter it smells of very high level organisation. Either way I have a bad feeling that there are Governmental organisations with more fingers in this than they should have ...
Of course the absolute conspiracy theory would say the Chinese did it, the US discovered it very early and turned the system to deliver false information to its masters ( making it a double agent ). That way the US have to deny any earlier knowledge and will be wanting to kick Bloomberg for cutting off a known spy link ...
"Just curious as to why the NCSC in the UK spoke up so rapidly in support of US corporates rather than simply denying knowledge about what had, until that point, been a Chinese/US issue?"
Splitting that into two -
Why they spoke up so rapidly? Maybe someone in the media asked them for a response.
Why they gave the answer whey did? Because it smelled as wrong to them as it seems to have done to most others with a clue.
Let's take this a little further.
The rice grain sized chip purportedly created by Chinese engineers, could, like so many high tech gizmos have been designed in the West and then reverse engineered.
We know only too well to what ends our own agencies will go to, to gather every minute detail they can, without any regard for legality or morality.
Now if our own agencies had been Borging motherboards into the collective, wouldn't they be denying any and all stories, regardless of who the finger is pointing at?
And wouldn't their instructions to those companies who are complicit in this be to vehemently deny everything and not just trot out the usual lame disclaimers.
It's not unreasonable to think that Chinese agencies would take the West's tech and use it in the motherboards the NSA specifically don't want Borging.
"One particularly annoying thing is that the graphics used in the blockbuster article – depicting the spy chip and its placement on the board – look to be purely illustrative"
The whole thing seems pretty weird. There are good reasons for keeping sources anonymous and not just dumping all the information and data handed to journalists into the public view, but usually it's made clear that said journalists have been shown stuff to make them believe something really is going on. Even if they don't publish it all, there are always comments along the lines of "We have been shown internal documents that appear to confirm...".
Except in this case, any hint of evidence seems to be missing entirely. One source claims to have heard something at a meeting, a second source claims to have seen a confidential report, and a third source claims to have seen some photos. At no point is it ever suggested that any of these reports or photos have actually seen by anyone at Bloomberg. Or anyone else for that matter. The graphics are purely illustrative because even the journalists at the heart of the claims literally don't have anything real to show us. At this point we should be debating exactly what parts of the internal report really mean, why bits have had to be redacted, whether maybe the whole thing is a fake, and so on. Instead all we can do is question whether a report even exists for us to debate.
The whole point of journalism is to say that something happened. We might not have all the facts and there might be plenty of arguments about exactly what happened, why, and what it all really means, but something definitely happened. In this case, all we have is that something might have happened but no-one has any evidence to say it actually did. When the entire claim is based on "someone said they saw a picture once", Bloomberg may as well be announcing that Chinese chips have been seen in a double-decker bus on the Moon.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
