by liberal japonicus
While we watch the shitstorm that is the Kavanaugh nomination wind down, the tag-team of the Count, cleek and nous (if I missed anyone, let me know) share the next.
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
the title comes from this
Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design.
Not sure how to say read the rest in Mandarin.
The Count also recommends this Fresh Air podcast which is not directly related, but a good listen.
This is being spun by Clickbait and his enablers as China interfering in our elections
White House Begins the China Counter-Narrative
Your thoughts, opinions and psychoanalytical bs are eagerly sought.
I note from the very interesting bloomberg article that some of the more advanced examples found were embedded within the fibreglass of the motherboard - which suggests that the factory in question must have been co-operating fully with Chinese intelligence.
The conclusion wasn’t encouraging:
In the three years since the briefing in McLean, no commercially viable way to detect attacks like the one on Supermicro’s motherboards has emerged—or has looked likely to emerge. Few companies have the resources of Apple and Amazon, and it took some luck even for them to spot the problem. “This stuff is at the cutting edge of the cutting edge, and there is no easy technological solution,” one of the people present in McLean says. “You have to invest in things that the world wants. You cannot invest in things that the world is not ready to accept yet.”
Posted by: Nigel | October 05, 2018 at 01:10 AM
What I think in general is that our obsession with obeying the market imperative to prefer the lowest cost provider - of material, labor, whatever - has compromised our national security. Economically, militarily, and/or in terms of intelligence.
There's a lot of stuff we rely on that we no longer source in-house. It's a vulnerability.
Posted by: russell | October 05, 2018 at 08:14 AM
There's a reason to be friendly and cooperate with other nations, even when we don't have to. We may be the biggest boy on the block, but not even close to the smartest.
Posted by: Ugh | October 05, 2018 at 08:23 AM
While it is worrying that if this is true, Chinese could change the code in machines, it seems a bit like the situation that I think was described in Spycatcher, where MI6 was able to bug the rooms the French negotiating team was going to use. While they were patting themselves on the back about knowing "every move made by the French during our abortive attempt to enter the Common Market", basically there was nothing that could be done about the French keeping the UK out of the Common Market.
Being able to change the code on a machine is different, but it only really comes into play if they want to pull down the whole edifice. My impression is that they are happy if the global economy keeps humming along, which is a big reason why they are so opposed to Trump.
Posted by: liberal japonicus | October 05, 2018 at 08:42 AM
Bloomberg seems an odd venue for this sort of story. I'm keeping my eye on a href="https://www.schneier.com/blog/archives/2018/10/chinese_supply_.html">Bruce Schneier's security blog and on Motherboard at Vice.com for further news. Schneier has been doing this sort of thing for years and Motherboard did some of the best reporting for both the Sony hack and the Guccifer/Fancy Bear hacking.
Neither of them have much to add right now since the story just broke, but I'd expect them to cover any expansions, clarifications, or new developments in the story. I trust both of these sources a lot more than I trust The Intercept.
Posted by: Nous | October 05, 2018 at 12:14 PM
Dangit, thought I had checked all that HTML. Oh well, at least it's not italics.
Posted by: Nous | October 05, 2018 at 12:15 PM
only an engineer would come up with something like "a href" rather than "link".
:(
Posted by: russell | October 05, 2018 at 12:27 PM
"link" ?
bah! it's the hypertext reference of an anchor tag!
clear as pie.
Posted by: cleek | October 05, 2018 at 12:47 PM
Murkowski's a "no." Maybe that will encourage others, but probably not.
Posted by: hairshirthedonist | October 05, 2018 at 01:17 PM
Wrong thread. Sorry.
Posted by: hairshirthedonist | October 05, 2018 at 01:18 PM