hardware hacking

Hi.

Here's a must read on att-hacking hardware on huge scales to intercept highly secret gov networks and company secrets.
Very good, well-researched, quite scary. This explains many things.

Go read it.

A.

Jordan Robertson and Michael Riley, "The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies," Bloomberg, October 4, 2018,

https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

<p>The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.</p>

thank you for sharing

Very clever how the Chinese did this. Are there hardware chips inside other sensitive American equipment? Such as...missiles, submarines, F-16, f-18, f-35, f-22...?
Or are those chips from a secure source?

Anybody with knowledge of this?

The story is immensely bizarre now. You now have major publicly listed companies, who could have said no comment, publish rather extensive denials. While there is some wiggle room, they could get busted by the SEC if there are material lies in those statements.

Amazon offloading a whole datacenter is telling though. Which then raises the issue of what the hell is going on with Apple and their chinese iCloud operation. They went through this grand dog and pony show to tell people that only Apple really controls the core keys (so they can comply with lawful requests but can't assist in bulk surveillance), but the rest of iCloud must run on fairly standard servers which could be compromised in a similar manner (though one would suspect local employees more).

Then there's the whole thing about this being a engineered hit piece by PR lobbyists against Amazon because DoD was trying to go all Amazon for the JEDI cloud project, but it isn't like Microsoft or IBM could do any better.

The allegation of slipping chips in between PCB layers is particularly weird, because of how they are manufactured in bulk making it quite hard to do without being plainly obvious to everyone at the point of manufacture, as virtually no PCB's use layer embedded chips. Adding a new surface mount chip, such has been alleged on the recovery flash pad of a BMC, is something that could be done on the sly, though bulk doing that would require adding an additional chip picker on the line before the board goes through an SMT oven.

There are secure chip fabs, but they can't really do bulk manufacturing at consumer scales, usually limited to meeting cryptographic processor needs for the military. All bulk chip and PCB manufacturing has gone offshore (with perhaps the sole exception of Intel CPU fabs at their smallest geometries), because nobody is willing to pay the premium for secured domestic supply chains. You reap what you sow.

https://www.bloomberg.com/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecom

kcran567 said:

Very clever how the Chinese did this. Are there hardware chips inside other sensitive American equipment? Such as...missiles, submarines, F-16, f-18, f-35, f-22...?
Or are those chips from a secure source?

Anybody with knowledge of this?

Click to expand...

This is for servers, so not related to military hardware. I would say that weapon systems and such contain components whose supply chains are under careful observation.