• Super Micro says review found no malicious chips in motherboards
    14 replies, posted
https://www.reuters.com/article/us-supermicro-chips/super-micro-says-review-found-no-malicious-chips-in-motherboards-idUSKBN1OA12R SAN FRANCISCO (Reuters) - Computer hardware maker Super Micro Computer Inc told customers on Tuesday that an outside investigations firm had found no evidence of any malicious hardware in its current or older-model motherboards. In a letter to customers, the San Jose, California, company said it was not surprised by the result of the review it commissioned in October after a Bloomberg article reported that spies for the Chinese government had tainted Super Micro equipment to eavesdrop on its clients. Super Micro had denied the allegations made in the report.
If there isn't a snooping chip on the mobos like the Bloomberg article posted (I had my skepticism about it), then what's the motive behind the original article or the supposed security researchers who broke that news?
headlines and sales
This report is very applicable to my field of expertise, and I've been extremely skeptical of the Bloomberg report since it came out. Things just weren't adding up for me. Yes, what they described is *definitely* possible, but the execution on the scale described is just unheard of. There still remains a serious burden of proof that is just entirely lacking. This should be the biggest news in chip security ever released. Chinese government has supposedly owned our cloud infrastructure with the most sophisticated hardware attack ever performed, yet the security world still knows basically nothing of the actual attack? I really, really hope we get more information on this, because at the moment it sure just feels like a huge FUD campaign in wake of a market deathly afraid of chip security incidents after Spectre/Meltdown.
I think perhaps politics and money? It's all pretty weird. Even for Huawei and ZTE the evidence seems to be lacking, but I haven't been up to date with recent issues. https://motherboard.vice.com/en_us/article/59w49b/huawei-surveillance-no-evidence https://www.reuters.com/article/us-huawei-spying/white-house-ordered-review-found-no-evidence-of-huawei-spying-sources-idUSBRE89G1Q920121018 An old article from 2012.
The Bloomberg article was full of weird language and fallacies that made it clear it wasn't written by people who understand IT or IT security. Supermicro should consider a defamation lawsuit, this kind of reporting is irresponsible.
I mean with the sheer severity of the attack, it wouldn't be out of the realm of possibility that cloud providers were forced to keep mum by security services (not exactly sure which US agency would cover that though)
This is a reminder that Bloomberg had a mere fourteen anonymous sources for their story. Now, fourteen sources sounds like a hell of a lot, but consider the scope of the conspiracy alleged by Bloomberg. We're talking about an operation that begins with Chinese intelligence services and several major computer component manufacturers and ends up ultimately with Amazon, Apple, Google, and other major tech companies. The scope and scale of this operation means at least a thousand people are personally affected. But Bloomberg could only find 14 people who knew anything about it, and all of the tech giants and major equipment vendors denied any and all knowledge or evidence of the alleged tampering. Literally no one but Bloomberg had any information on this alleged conspiracy. Even the NSA put out a public statement that amounted to "uhhh if you know anything at all about this supposed hardware tampering conspiracy please call us because we ain't got shit". Bloomberg got played hard and they fell for it.
Stock manipulation, probably. Apple and Amazon shares fell a bit (relative to these news) but Supermicro got hit hard.
Huewei is a different beast. They earnt a complete ban in setting up Australias 5G network. Due to our version of the NSA coming out to say its a threat to national security.
Manipulation by proxy, good way for the perps to get the results they want scott free if that is indeed true.
now the government will have its day in court to show they are an arm of the chinese government too.
I keep looking into it, and there is absolutely no conclusive evidence either way. It checks out the the "Five Eyes" governments are going to say they are security risks. They are all allies and if there is a risk, they won't take it. Fair enough. But when it comes to advising the general public about it, it seems to come off as "fear-mongering". It still appears that nobody has even a log of unexplained web traffic going back to Chinese servers. You would think that if national governments would go "hey, this is what we are seeing, don't buy their shit". If they are seeing it in normal consumer products, it obviously isn't some huge secret, because anybody could see it. But they seem to keeping awfully "hush-hush" about any proof they are seeing. Not to get all conspiracy up in this, but they can't control ZTE and Huawei. Who's to say that they won't put backdoors on devices the Five Eyes wants? That would be enough of a reason to discourage the public from buying their devices. Of course, its not like the Chinese government is some innocent saint that is misunderstood either. They do have a track record of watching their citizens and don't even hide it. All I can say is this whole thing is super shady and I don't know what to believe.
Coworker found this article, hmmmmm. https://files.facepunch.com/forum/upload/132374/d4ebb74e-eece-4556-b47c-4627bb759b24/thinking.png https://www.businessinsider.com/bloomberg-reporters-compensation-2013-12
NSA and FBI would most likely silence them.
Sorry, you need to Log In to post a reply to this thread.