Supermicro along with Apple and Amazon refute claims in Bloomberg story

I would expect a lawsuit to be imminent as Super MIcro has a very good case for damages. Amazon just handed the case to them by saying we told Bloomberg reporters for months that this server espionage was not the case.

 

Bloomberg = Fake news. I don't like Trump but he's right about the whole "fake news" thing in the media.

 

Not just for Bloomberg ...This is a totally recycled story we've got here. The original story clearly said 'Amazon, Apple, and Supermicro disputed summaries of Bloomberg Businessweek’s reporting.'

I'm not so sure about that. This sounds feasible to me. One chip can do a lot.

Nothing new here yet. We still know nothing for sure.
Right now we've allegedly got anonymous 17 sources confirming various parts of this story.
My faith in 'anonymous sources' = 0.
We've got no sample, or even picture, of the hardware in question.
The FBI's refusal to comment, and denials of knowledge by all of the parties involved would be normal for a 'secret FBI investigation'.

 

This is the danger. Taking one story like this and painting all of media with it. So, no he's isn't especially since what he's claiming is 'fake news' are factual articles about him. So lets be careful in how we describe things.
Back on topic.
This story smelled from the beginning to me simply from the lack of even one physical device being uncovered. Not a one.

 

actually, in cases like these, the chance of Bloomberg (or the traditional media) being "fake" with allegations like these is zero.

why zero? because every printed story naming names and companies have been triple verified to avoid libel.

Bloomberg is first and foremost a business media outlet.

the fact that we've heard from corporate public relations means nothing. if these allegations were false the lawyers would be talking, not P.R. hacks.

 

Next time, "let's be careful" and stay on topic in the first place...

There's just no logic to back that up. If by "every printed story naming names", you mean the one Bloomberg story that we're talking about, the one that didn't name any names, and you just going on the authors word that everything is super verified and double fact checked with a blue star, then you just missed the point.

The strength of your opinion doesn't ~= fact.

 

That's correct. With few wires, there is only feasible vector of attack. That's flash memory for BIOS or other part. There just 3 additional wires from GND and Vcc are needed.
But their description is so vague that this simple to describe attack vector is very likely out of question.

 

Have to say, that if these claims would be so wrong there would be Cease and Desist Order issued already for Bloomberg. Only PR responding and denying it gives it some actual legitimacy. After all someone making false claims about you is enough ground for a lawsuit. Since that has not happened...

 

When was the last time you heard of Cease and Desist Order pulled over fake news? Ever...?

Lawsuit over what?
Reporting that "according to extensive interviews with government and corporate sources [...]" and quoting people "one official says [...]" is hardly illegal.

 

WRONG
they named the companies, who are able to sue for false claims, market interference, and a chilling effect.

and i'm not going on ANYBODY's WORD.
you are obviously unacquainted with business at the corporate level. "Bloomberg" is not just highly regarded, It Has Professional Standards that lead its industry.

i stand by every word i posted.

until the lawyers for Amazon, SuperMicro, and Apple speak i stand with Bloomberg.

and obtw, it is simplicity itself (not counting the actual device) for the Chinese to plant bugs in specific batches of mobo's.
they're in China, with Chinese workers, working for a Chinese company that is beholden to its repressive government.

i've spent the first 10 years of my career riding herd on Dual Use electronics (because of Cold War export controls) and i can testify factually on the pervasive attempts to buy, steal, copy, or borrow technology by the Russians and Chinese. it never stops...ever.

 

not just the lack of evidence of it, i asked a pcb engineer and she said the particular placement of the chip would make it impossible to tell actual data from electronic noise.

 

Amazon's response wasn't from a "PR hack".... It was from the Chief Information Security Officer at AWS...

Bloomberg claims that affected systems were sold to specific customers. The issue here is that the manufacturing plant in China would not know exactly what customers would get what boards, making it impossible to target specific companies. The manufacturing plant would also have to modify intended circuits and add a lot of new circuits to account for the functionality of these "smaller than a grain of rice" chips. When did China develop the technology to create such a small chip and all the traces necessary to pull off such a feat? The necessary traces alone would make the chip larger than a grain of rice.

 

you are forgetting that this is a state actor.
SuperMicro may or may not know where the shipments are bound, but China can easily manipulate that with export controls.
also, passive sensor technology has been progressing by leaps and bounds. who knows what the State Labs in China (or here) produce?
the U.S., back when only the U.S. and Japan made computer components, had back-doors into just about every hdd and a lot of the early networks. some of which were hardware, not software. i know this for a fact as i worked for the premier manufacturer of optical drives and optical technology and we had to operate under certain controls...and these were ROM.
every early laptop was essentially "bugged" until Chinese manufacturing came online.
this is not paranoia, it's fact of record so i'm very cynical.

 

Apparently, neither was a concrete case given where this alleged placement of chips really happened, nor who gave the information away. Fake news coming from the pentagon?
https://translate.google.at/transla...m4.orf.at/stories/2940104/&edit-text=&act=url

 

"fact-free"

 

The Chinese manufacturers have no way of knowing which SuperMicro customers are going to receive which boards unless SuperMicro ignores security protocols and tells the manufacturing plant.

I worked for a manufacturing plant. Due to potential security issues, we only knew what company commissioned the manufacture of parts, the design specifications, the number of units to produce and the production deadline. If anyone inquired as to who the parts were destined for, they were removed from the property by security personnel. We were even forbidden from discussing exactly what parts our particular departments were producing.

I find it hard to believe that a server company, selling products to the US Gov't, would not have similar security protocols in place to ensure the safety of their customers. I also find it hard to believe that SuperMicro would not verify their product designs upon receipt of said products. That's generally part of QA.

 

As this story has unfolded, another networking company...with it's CIO a former Mossad information tech officer, and the former head of the Mossad as it's CEO (Sepio systems) has found more evidence of Chinese hardware tampering.

"Unusual communications from a Supermicro server and a subsequent physical inspection revealed an implant built into the server’s Ethernet connector, a component that's used to attach network cables to the computer, Appleboum said.



The executive said he has seen similar manipulations of different vendors' computer hardware made by contractors in China, not just products from Supermicro. “Supermicro is a victim -- so is everyone else,” he said. Appleboum said his concern is that there are countless points in the supply chain in China where manipulations can be introduced, and deducing them can in many cases be impossible. “That's the problem with the Chinese supply chain,” he said."

Sykosis, i know you have a hard time with this, i do not.
i've worked in electronics and electronics manufacturing for almost 40 years and i know this is not just possible or even probable, it is Most Likely. the US has been doing stuff like this for decades (especially IBM, HP, WD, et al) so why do you think China, with it's new access to markets would not? seriously, you are quite smart, but you are also naive.

 

Do you maybe have a link for further reading into that?