The great China Hack - Epic infiltration

Status
Not open for further replies.
Originally Posted by OVERKILL
I'd argue if we can afford to pay auto workers a living wage, we can do the same for folks doing motherboards and electronics. Yes, there will be a cut into margins, but those margins are pretty healthy.


01.gif
 
Originally Posted by OVERKILL
Originally Posted by StevieC
Not to start a war here but the US. Canada and the U.K. intelligence agencies just to name a few are just as guilty of this kind of thing maybe not on the hardware level but it's not like any of these countries I listed aren't engaged in similar things. Not saying it makes it right but before we go getting all righteous. It's just harder to find evidence because of the way it's being done doesn't leave physical traces as easily as finding a chip on a motherboard. But don't forget about the CIA router hacking that was brought to light.
wink.gif
(Not aimed at anyone, just a statement)

https://gizmodo.com/leaked-files-show-how-the-cia-can-hack-your-router-to-s-1796165706


But again, you aren't putting consumer routers inside aircraft carriers, so the ramifications aren't anywhere near the same level.

Cyber espionage has been and continues to be a thing. But generally it is done use exploits and software backdoors, not physical hardware. That's the massive difference here, as well as the specific equipment being affected.


Yes I mentioned that it might not be hardware, but also I'm sure whatever the US/UK/Canadian intelligence which is some of the most advanced in the world and shares information with each other, has access to whatever they want in some form.
 
Originally Posted by HemiHawk
Originally Posted by OVERKILL
I'd argue if we can afford to pay auto workers a living wage, we can do the same for folks doing motherboards and electronics. Yes, there will be a cut into margins, but those margins are pretty healthy.


01.gif



Especially considering most of it can be done by machine with component placers. Our robotics division of my work does this very thing.
 
Originally Posted by StevieC
Originally Posted by HemiHawk
Originally Posted by OVERKILL
I'd argue if we can afford to pay auto workers a living wage, we can do the same for folks doing motherboards and electronics. Yes, there will be a cut into margins, but those margins are pretty healthy.


01.gif



Especially considering most of it can be done by machine with component placers. Our robotics division of my work does this very thing.


Thats true. Not to get off topic too much but automation is a big issue facing the working class in the future. Outsourcing was the first big problem, but the next will be simply being replaced by a screen or robot (which has happened quite a bit already). Machine's don't take sick days or need benefits.
 
Originally Posted by StevieC
Another side effect of offshoring manufacturing to another country. One day we will look at the "true costs" of moving manufacturing to other jurisdictions whether it be quality issues or national security like this.
This is really sad and cause for concern.
frown.gif



+10
 
Originally Posted by pbm
It's obvious to me that China is a bigger threat to US than Russia despite the current frenzy against Russia by many in America.
PS: I tried to avoid making this a 'political' statement but if it is judged to be...delete it.


Absolutely! China is laying the groundwork for things that will happen in 50 or more years from now. We in the west are accustomed to think only in term of quarters thanks to the stock exchange
 
Originally Posted by OVERKILL
Originally Posted by pbm
It's obvious to me that China is a bigger threat to US than Russia despite the current frenzy against Russia by many in America.

PS: I tried to avoid making this a 'political' statement but if it is judged to be...delete it.

That's quite accurate. We sold our souls to the Chinese for cheap manufacturing and they in turn stole our IP and have been using this relationship to advance domestically and further the acquisition of sensitive information through cyber espionage technics like the one this article illustrates. But beyond simple surveillance, these plants allow for manipulation of data and could theoretically, depending on the use of the host server, be used to launch a nuclear strike.

Far, FAR more dangerous than Russian meddling, phishing or hacking. This allows a level of infiltration they couldn't come close to touching.


The biggest problem is that the people making these commercial agreements DO NOT KNOW how the chinese mind works and thereby are at a complete disadvantage OTOH the chinese know very well how ours works.
 
The whole safety thing has gone to the dogs! Now we have military hardware made entirely or partially by other countries. How safe is this?

Years ago all that pertained to defence was made within the country and under sever supervision. Now in the name of "economy" we farm it out with predictable results on safety.
 
Having had a successful 28 year career as a systems engineer for Hewlett-Packard, I remember voicing concerns when the autoworker's jobs were starting to be off shored. Business and government talking heads assured the public that "white collar" jobs would never be off shored - and that factory workers would be re-trained so that they would be better able to compete with the World's labor force. Well, we all know how that turned out!

But it's even worse than that now. The San Jose Mercury News recently reported that over 70% of the "high tech" jobs in Silicon Valley are now held by H1B visa holders. The Trojan Horse has made it inside our castle!

And when bilateral EQUAL or NO tariffs are discussed, we hear protests from both business and the public. Business says this will negatively affect their profits, which really means shareholders will be negatively affected. Additionally, the public still wants their cheap imported goods, even it puts their fellow citizens out of work. It's a form of NIMBY-ism. This is both selfish and shortsighted.

If we had 200 year lifespans I'd make it a point to learn "Chinese", because within that time they will own and control this country.

But AMERICAN business told us this was good. And it's what the AMERICAN public wanted.

It is the role of a nation's government to protect its citizens. World history will show just how negligent the American government was in providing these protections. And it was done for shareholders. It makes me blanche and laugh at the same time.

Oh well,

Scott
 
  • Like
Reactions: pbm
This is such a *low tech* method! The high tech method would involve embedding the tiny chip logic inside the (regular) chip itself. Who will notice that???
 
Last edited:
Originally Posted by oil_film_movies
....and those are just the ones found. Imagine how much is out there that hasn't been caught yet.


and the ones publicized.. Russians do well in human corruption, Chinese do that and everything else well - a distributed slow creep on both soft and hard fronts.
Iranians just sent a flotilla of copied stealth drones across Iraq and Syria and returned home unscathed.
While our 'agencies' are busy fighting for power.
 
Originally Posted by Vikas
This is such a *low tech* method! The high tech method would involve embedding the tiny chip logic inside the (regular) chip itself. Who will notice that???


Oh come on, Vikas. We know that's already being done!

Scott
 
Originally Posted by OVERKILL
Originally Posted by HemiHawk
I'm sure the US would never think of doing something like this
whistle.gif



The US is not the world's largest producer of semiconductors or communications equipment, China is. That's why these motherboards were all produced in China. That's why your iPhone or Android phone is produced in China. So while the US can "think" about this, they lack the means of execution, whilst China had it dropped directly in their lap.



You have no idea what you are talking about. Most of the R&D on these stuffs are in the US, and during manufacturing engineers are sent from the US to supervise the people oversea to assembly them (yes, assembly, not design).

If someone send you a different design than your original and you didn't catch it, you are dumb and should have been fired, not for security reason.

Super Micro makes good stuff, they are basically white box Dell EMC / HP Enterprise / IBM stuff at a fraction of the cost. You can remote into them for access like iKVM that your consumer grade stuff cannot, that's why you only need 10 people on premise to run a $10B data center, only to swap out bad parts, not typing on keyboards or looking at the monitors.
 
Originally Posted by HemiHawk
I fully agree with some of the reasons quoted as to why the Chinese were more easily able to pull this off via the motherboards. But government espionage is an ever evolving area. In the US (North America) we have a tendency to demonize every country but our own... You can be sure the US/Canada is thinking up new ways to do the exact same thing to other countries.
Capitalism means corporations can outsource if its cheaper elsewhere. If we like that model, this is one of the consequences.

Also, I do want to say I appreciate the link to the article. It is staggering stuff.

I noticed in the thread about Amazon's minimum wage increasing there were some who baulked at it. "I mowed the lawn in -20F weather for $1 an hour and was happy about it!". If we moved the production of these Chinese manufactured goods to the US, what would they want to pay people? Most on this board would argue the work doesn't deserve a living wage in NA.


This is just "business as usual", even between allies. I remember reading a European based news article that a EU government officials were furious that the files Snowden release indicated their own devices were hacked by the CIA. Of course, you won't read that in the US media.

US and Russia are much better, they didn't get caught like the stupid Chinese stunt they tried to pull. Look at how we got the Iranian centrifuge all messed up until a Russian security firm caught it, it was very well hidden and nobody noticed. Those Chinese needs to do better than this and not get caught.
 
Last edited:
Originally Posted by Pelican
Originally Posted by pbm
It's obvious to me that China is a bigger threat to US than Russia despite the current frenzy against Russia by many in America.
PS: I tried to avoid making this a 'political' statement but if it is judged to be...delete it.


Absolutely! China is laying the groundwork for things that will happen in 50 or more years from now. We in the west are accustomed to think only in term of quarters thanks to the stock exchange


To be fair, while I agree on your point about China laying some ground work for whats to come... Russia is as well. Their tactics and meddling has long lasting implications.
 
Originally Posted by PandaBear
Originally Posted by OVERKILL
Originally Posted by HemiHawk
I'm sure the US would never think of doing something like this
whistle.gif



The US is not the world's largest producer of semiconductors or communications equipment, China is. That's why these motherboards were all produced in China. That's why your iPhone or Android phone is produced in China. So while the US can "think" about this, they lack the means of execution, whilst China had it dropped directly in their lap.



You have no idea what you are talking about. Most of the R&D on these stuffs are in the US, and during manufacturing engineers are sent from the US to supervise the people oversea to assembly them (yes, assembly, not design).

If someone send you a different design than your original and you didn't catch it, you are dumb and should have been fired, not for security reason.

Super Micro makes good stuff, they are basically white box Dell EMC / HP Enterprise / IBM stuff at a fraction of the cost. You can remote into them for access like iKVM that your consumer grade stuff cannot, that's why you only need 10 people on premise to run a $10B data center, only to swap out bad parts, not typing on keyboards or looking at the monitors.


And apparently your reading comprehension sucks if we are going to start tossing insults.

I said producer, not designer.

This issue was not a design issue, it was a manufacturing issue as detailed in the article, which I am not sure you bothered to read.

I am well aware of what SuperMicro represents, having used their products frequently over the last 20 years.

This issue should have been caught by SuperMicro before these companies received their product. The end user is not the one that spec'd the board design or components, that was SuperMicro. The fact that Amazon caught it with an audit and SuperMicro was seemingly unaware speaks volumes. Not sure if you have personal ties to them or something else that has made you so defensive but blaming the customer seems ridiculous.
 
Originally Posted by Vikas
This is such a *low tech* method! The high tech method would involve embedding the tiny chip logic inside the (regular) chip itself. Who will notice that???


Yup, the best is to "corrupt" the IP chip companies licensed from Synopsys and Cadence, then anything they designed can be accessed, without the designers even know about it.
 
Originally Posted by OVERKILL
And apparently your reading comprehension sucks if we are going to start tossing insults.

I said producer, not designer.

This issue was not a design issue, it was a manufacturing issue as detailed in the article, which I am not sure you bothered to read.

I am well aware of what SuperMicro represents, having used their products frequently over the last 20 years.

This issue should have been caught by SuperMicro before these companies received their product. The end user is not the one that spec'd the board design or components, that was SuperMicro. The fact that Amazon caught it with an audit and SuperMicro was seemingly unaware speaks volumes. Not sure if you have personal ties to them or something else that has made you so defensive but blaming the customer seems ridiculous.


Personal tie? No, but have done enough contract manufacturing related work that I know changes like this should not have been "caught off guard". PCB changes are usually big enough that you will not be able to fool people, because you have to change the test and the result interpretation, and the yield, and all sorts of other stuff. The design already has the pads in place to insert these chips, that's for sure, otherwise you can't fool people and change their designs. The customers probably asked them to not populate a few chips they only use for design / debugging in mass production, and then the manufacturers have some left and they just put them in anyways (to reduce variations or make manufacturing easier, i.e. more test to improve yield) at no charge. You see that a lot if you get penalized for yield loss (i.e. typically 98.5% when mature, 90% when launch). Throwing in a free chip is cheaper than a lost.

I've also done security audit and know that you will ALWAYS find something, big or small, and you'll never catch everything.

I'm more interested in why it isn't mentioned which chip they are talking about. My bet is a debug access chip on SMBus or UART, something useful for debugging, maybe even just the phy to the chip or a resistor to enable / disable the existing debug features. I have seen contract manufacturers throw in a few popcorns for free so they don't have 2^6 kind of configurations they have to keep inventories on, and get sloppy and didn't document these stuff.

https://www.kgw.com/article/money/a...l-technologies-server-hack/283-600850935

Is it really a hack? Or just propaganda? My money is betting that Dell and HP are trying to smear Super Micro so they don't lose more customer to the cheaper sources. Let's be serious here. How are they going to access the server when it is in a data center, guarded by all sorts of security check on the network? Even if you open it all up you won't be able to access it without being seen.
 
Last edited:
Originally Posted by PandaBear
I remember reading a European based news article that a EU government officials were furious that the files Snowden release indicated their own devices were hacked by the CIA. Of course, you won't read that in the US media.


Actually, I believe that was covered in the US media, if we are talking about the same thing, which was the phones of EU officials hacked by the CIA. I believe Merkel's phone was one of those and you were right, they were furious.
 
Originally Posted by PandaBear
Originally Posted by Vikas
This is such a *low tech* method! The high tech method would involve embedding the tiny chip logic inside the (regular) chip itself. Who will notice that???


Yup, the best is to "corrupt" the IP chip companies licensed from Synopsys and Cadence, then anything they designed can be accessed, without the designers even know about it.


I'm in agreement here and of course this may already be taking place as well.
 
Status
Not open for further replies.
Back
Top