10-05-2018, 02:20 AM
(This post was last modified: 10-05-2018, 09:03 AM by SteelCrysis.)
https://www.extremetech.com/computing/27...-backdoors
Quote:For years, security researchers have warned that unscrupulous hardware manufacturers or foreign governments could hijack the manufacturing process, installing backdoors into equipment that would be difficult to detect or stop. Now, we’ve caught the Chinese red-handed, and the fallout could be ugly.
...
It should be noted that Apple, Amazon, Supermicro, and the Chinese government all contest this story with various arguments about how it’s wrong. Bloomberg notes that their denials are countered by:
Quote:[Six] current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government’s investigation. One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon; the official and one of the insiders also described Amazon’s cooperation with the government investigation. In addition to the three Apple insiders, four of the six U.S. officials confirmed that Apple was a victim. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks.Under the circumstances, we’ll be taking the word of Bloomberg over the word of some corporate flunkies trying to protect their own stock prices. Apple and Amazon have strongly denied the claims, and Bloomberg has strongly defended them. Given the potential implications of acknowledging you’ve deployed backdoored hardware, the companies in question have every reason to lie. For that matter, it’s possible that the companies are under a national security agreement not to acknowledge these attacks to avoid tipping the perpetrators off that the US was aware of them at all. If such an agreement was made back in 2015 – 2016, it wouldn’t have been suspended today just because Bloomberg went public (in fact, if you recall from the Snowden controversy, there were discussions about what program details could be discussed publicly even after news of their existence had formally leaked). Apple has gone so far to as to disclaim this as well, but Bloomberg isn’t backing down either.
We have to give you one additional quote from the Bloomberg piece, which goes into extensive detail in how the hack was carried out and why we’re certain it’s connected to the Chinese government. It deals with why companies were interested in Elemental Technologies servers in the first place:
...
These attacks are part of why the Trump Administration’s embargo against China has targeted computer components. And it may help explain why most computer manufacturers had no luck getting themselves exempted from tariff considerations.

