Matrix Posted October 11, 2018 Share Posted October 11, 2018 In brief: More evidence of Chinese State-sponsored hardware hacking emerges as a US telecommunications company is in the sights of the modded motherboard supply chain attack revealed by Bloomberg last week. Bloomberg News has received information from security research firm, Sepio Systems, that a prominent US telecom has also fallen to the Chinese supply chain attack, adding another notch to the People Liberation Army's (PLA) belt. Reports of manufacturing shenanigans have continued this week with Sepio Systems' co-CEO, Yossi Appleboum, providing further proof of hacked motherboards used in servers, this time at an unnamed US telecommunications company. Due to the sensitive nature of the disclosure and potential impact on business, Sepio Systems did not reveal the name of the company, but it did describe the mod on the - again - Supermicro motherboard. Digging a little deeper, Bloomberg reached out to all major US telecom companies, and got upfront denials from all but T-Mobile, inferring that this may be the company in question. This time, the attack was admittedly different, and the details revealed an "implant" in the server's ethernet connector, which triggered "unusual communications", which techies at the telecom company were unable to account for. The tampered Supermicro server appeared as two different network devices, yet sharing the authority of the server, bypassing security filters. According to Mr Appleboum, it is not the first time he has seen contractors in China attempting to tamper with hardware, but it was the first time he saw it on a Supermicro product. The security company added that it was clear that the devices had been tampered at a Supermicro subcontractor’s facilities in Guangzhou, China. Last week Bloomberg had revealed, in a high-profile and controversial investigation, that Apple and Amazon were victims of Chinese intelligence operatives by way of Supermicro servers, used at those companies. The alleged hack would have taken place in China, since 2015, as subcontractors hired to build motherboards for Supermicro servers proceeded to solder on the hardware mod, which would then become part of the company's supply chain, and their clients' infrastructure. Apple and Amazon have categorically refuted the implication that their internal servers were feeding their IP to China's PLA operatives, not to mention the potentially ruinous revelation which could severely impact Supermicro Inc.'s business. While targeted companies have been quick to refute the hack, US officials are not discarding it outright and did not comment on the goings-on. It will not help the ongoing trade war between the US and China, that's for sure. source Link to comment Share on other sites More sharing options...
steven36 Posted October 11, 2018 Share Posted October 11, 2018 Quote Senators demand answers from Super Micro on Chinese backdoor hack Lawmakers on Capitol Hill are asking San Jose-based Super Micro Computer for more information about a possible breach of the company’s supply chain by Chinese spies, as described in a blockbuster investigative report from Bloomberg. Super Micro and a handful of its customers have denied the report, calling it inaccurate. In a letter made public Tuesday, Sen. John Thune, the top Republican on the Senate Commerce Committee, asked executives from Super Micro, Cupertino-based Apple and Amazon.com to give him more information on the purported hack by Friday. “Allegations that the U.S. hardware supply chain has been purposely tampered with by a foreign power must be taken seriously,” Thune wrote, according to Reuters. Separately, senators Marco Rubio and Richard Blumenthal sent a letter to Super Micro CEO Charles Liang, asking for additional information by next Wednesday. “If this news report is accurate, the potential infiltration of Chinese backdoors could provide a foothold for adversaries and competitors to engage in commercial espionage and launch destructive cyber attacks,” the pair wrote. Bloomberg spent months researching the story, which claimed Chinese spies had secretly installed microchips onto server motherboards sold by Super Micro. The microchips were designed to send simple commands to the server, opening up a digital backdoor to hackers. Compromised servers wound up at Apple, Amazon and several government agencies, Bloomberg reported. Apple and Amazon both issued firm denials of the report, which was published online Thursday and appeared on the cover of Bloomberg Businessweek’s print edition on Monday. Bloomberg stood by its reporting, and issued a fresh story on the hack Tuesday, saying a U.S. telecom giant had bought compromised servers, too. The four biggest U.S. telecoms — Sprint Corp., AT&T Inc., Verizon Communications and T-Mobile US — have all denied being the unidentified "major U.S. telecommunications company" in Tuesday's Bloomberg story. Super Micro shares plunged 41 percent following the first report, regained some ground this week, but fell 15 percent yesterday after the latest Bloomberg story. Apple dropped its Super Micro contract in 2016, after it said it found a security vulnerability in the company’s products. At the time, Super Micro said Apple had downloaded bad firmware, and had not discovered a problem with its hardware. Source Link to comment Share on other sites More sharing options...
BioHazard Posted October 11, 2018 Share Posted October 11, 2018 Link to comment Share on other sites More sharing options...
knowledge-Spammer Posted October 11, 2018 Share Posted October 11, 2018 y trump said that is Link to comment Share on other sites More sharing options...
Ha91 Posted October 11, 2018 Share Posted October 11, 2018 Haha 😛 It's Israeli establishment setting up fire severywhere 🤣 More push for INTEL stuff to be used, which ofcourse is an Israeli company - research-wise - and so all the data will flow through them in future (oops, currently is being done as well 😛) What do you think, @straycat19? You are usually at the top of tech and intel stuff? Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted October 12, 2018 Administrator Share Posted October 12, 2018 Concerning this. I'm not in support for any type of such spying no matter which side it is. I also think there should be international, UN lead ban on this. Hardware based spying has been a concern from decades, this further confirms the existence of it. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.