« How the other half (of the world) lives | Main | Victories, Pyrrhic and otherwise »

October 04, 2018


I note from the very interesting bloomberg article that some of the more advanced examples found were embedded within the fibreglass of the motherboard - which suggests that the factory in question must have been co-operating fully with Chinese intelligence.

The conclusion wasn’t encouraging:
In the three years since the briefing in McLean, no commercially viable way to detect attacks like the one on Supermicro’s motherboards has emerged—or has looked likely to emerge. Few companies have the resources of Apple and Amazon, and it took some luck even for them to spot the problem. “This stuff is at the cutting edge of the cutting edge, and there is no easy technological solution,” one of the people present in McLean says. “You have to invest in things that the world wants. You cannot invest in things that the world is not ready to accept yet.”

What I think in general is that our obsession with obeying the market imperative to prefer the lowest cost provider - of material, labor, whatever - has compromised our national security. Economically, militarily, and/or in terms of intelligence.

There's a lot of stuff we rely on that we no longer source in-house. It's a vulnerability.

There's a reason to be friendly and cooperate with other nations, even when we don't have to. We may be the biggest boy on the block, but not even close to the smartest.

While it is worrying that if this is true, Chinese could change the code in machines, it seems a bit like the situation that I think was described in Spycatcher, where MI6 was able to bug the rooms the French negotiating team was going to use. While they were patting themselves on the back about knowing "every move made by the French during our abortive attempt to enter the Common Market", basically there was nothing that could be done about the French keeping the UK out of the Common Market.

Being able to change the code on a machine is different, but it only really comes into play if they want to pull down the whole edifice. My impression is that they are happy if the global economy keeps humming along, which is a big reason why they are so opposed to Trump.

Bloomberg seems an odd venue for this sort of story. I'm keeping my eye on a href="https://www.schneier.com/blog/archives/2018/10/chinese_supply_.html">Bruce Schneier's security blog and on Motherboard at Vice.com for further news. Schneier has been doing this sort of thing for years and Motherboard did some of the best reporting for both the Sony hack and the Guccifer/Fancy Bear hacking.

Neither of them have much to add right now since the story just broke, but I'd expect them to cover any expansions, clarifications, or new developments in the story. I trust both of these sources a lot more than I trust The Intercept.

Dangit, thought I had checked all that HTML. Oh well, at least it's not italics.

only an engineer would come up with something like "a href" rather than "link".


"link" ?

bah! it's the hypertext reference of an anchor tag!

clear as pie.

Murkowski's a "no." Maybe that will encourage others, but probably not.

Wrong thread. Sorry.

The comments to this entry are closed.