How China Used a Tiny Chip to Infiltrate U.S. Companies

D

drhowarddrfine

Perhaps of significant interest to those who use SuperMicro servers specifically:

The Big Hack

During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.
Click to expand...
 
This problem is likely not specific to SuperMicro; server motherboards from other vendors are likely neither better nor worse in this respect. And I would assume that other agencies (such as the non-existing ones that are headquartered in Maryland) have done similar things. Perhaps not to server motherboards, perhaps to networking hardware and software.
 
The chip is described as being the size of a rice grain. I wonder if a more devious exploit would embed the functionality into an existing chip.

There also has to be a way for the chip to either declare it's presence or respond to a probe. It should be possible, after analyzing the extraneous chip, to write something to probe existing motherboards.

Another aside, anyone know of any motherboard manufacturers based in the US? Dell? Would be a good stock to buy.
 
Dell probably uses contract manufacturers to actually build its hardware, as do most other companies (HP, Lenovo, ...). Most PC board contract manufacturing happens in China these days. I only know one contract manufacturer that is not heavily China based, and that is Jabil Circuits, but I have no idea for whom Jabil builds boards, nor how big their market share in computer manufacturing is.

Why do you think this would make Dell a good investment? For a very long time, computer users (big and small) have not cared about security, whether it is CPU vulnerabilities (Intel, AMD, ...), motherboard service processor vulnerabilities, the NSA back door in encryption and Windows, and so on. For a long time computer customer have voted with their feet to buy the best value for their application, and I don't expect that to change. Whether Dell is a good investment or not depends on many things; the biggest factor being how they'll deal with the fact that the market for servers and server infrastructure (storage, networking, cooling) is going to be eaten by cloud providers. Or how to get consumers cost-effective and high-quality laptops (serving both the desired of the people who buy a $200 laptop at Costco and who buy a $2000 solid-metal laptop for corporate use). A security issue such as this is minor compared to other drivers of Dell's stock price.
 
Yes, but the big cloud providers (Amazon, Google, Microsoft, ...) or the big computer users (Facebook, Apple, ...) do not buy servers or infrastructure in the normal market; they get nearly everything custom built. I don't think you could find a Dell server in an AWS or Google data center.
 
My old employer in Germany did good business selling Swedish firewall technology (at least in the mid-2000s), because companies and government agencies were concerned about backdoors in US products. The only drawback: the system boards came from China....
 
I am not the least surprised, more surprised we were naive enough it happen. I thought they already got caught backdooring routers en route to the US.
 
ralphbsz said:
You think I'm kidding?
Click to expand...

Not at all. I don't put anything past them and you always know what you're talking about. They did discover a possible backdoor in routers and VoIP products but I thought they had been doing it en route.

I don't know why any of this should come as a shock. Cyberwarfare is nothing new and you have to give credit where credit is due for ingenuity. It's part of the bigger picture as I see it. The expansion of territory into the China Sea, theft of intellectual property rights, upgrading their military, loaning us more money that should possibly exist.

And then there's Russia. Forget taking down the powergrid. Their contingency plans for being on the losing end of a war with the US are nuking the Yellowstone Supervolcano and detonating Superweapons underwater off the coast to cause tidal waves who knows how tall. Wonder who thought of nuking Yellowstone? That is evil genius.

I don't have a very optimistic outlook for the years ahead.
 
ralphbsz said:
Yes, but the big cloud providers (Amazon, Google, Microsoft, ...) or the big computer users (Facebook, Apple, ...) do not buy servers or infrastructure in the normal market; they get nearly everything custom built. I don't think you could find a Dell server in an AWS or Google data center.
Click to expand...

Even though I live in WA, with server farms running clustered around the hydroelectric powerplants and Columbia River wind forms, I do not know for sure what the Cloud providers use for hardware or where they have it manufactured.

I have been following AMD's quartelrly financial reports and they are making significant inroads with the EYPC.
This Forbes article says many of the larger Cloud providers have been their customers.

Forbes, AMD/EYPC

AMD’s strategy for re-entering the server market was straight-forward: pursue the cloud as enterprise lags in adoption. This makes sense. Cloud providers are beholden to no server or CPU company, and they buy in volume. Conversely, enterprise IT organizations, some stung by AMD’s exit from the server market will need a little more convincing that it’s a good idea to invest in EPYC and again in AMD.

This strategy appears to be working out as AMD has been deployed in cloud giants Microsoft Azure, Baidu, and Tencent, in addition to Yahoo! Japan, Hivelocity and Packet (a bare metal cloud provider). The key here is the “d-word” – deployed. I have seen many non-Intel server CPUs tested, but very few deployed in volume and this makes a huge difference.

EPYC’s success in the cloud undoubtedly fueled the doubling of sales (QoQ) and double-digit revenue growth in 1Q of 2018. While recognizing that growth is being compared against very low revenue, the trends are positive.
Click to expand...
 
The stuff about AMD and server farms is definitely correct.

For several years, there have been several really big customers of computers: The federal government, Amazon, Google, Microsoft, and so on. The big cloud providers build their own hardware (motherboards, enclosures, networking), but they buy components such as processor chips, disk drives, RAM DIMMs, and smaller stuff. The federal government for the most part buys off-the-shelf servers (but mostly high-end servers, with a lot of that being supercomputers from Cray and IBM); I don't know what hardware they use for their internal secret cloud-like deployments (the big NSA data center in Utah for example, which does not contain supercomputers, and I have never heard what hardware they bought). Most of that stuff uses Intel CPUs (and obviously a mix of Seagate and WD drives, there being de-facto no other disk manufacturers any more).

Now, the fact that Intel had a de-facto monopoly on CPUs really bugged these big users, in particular the federal government and Google. So they have been trying to keep the competition to Intel artificially alive: Using IBM Power chips and AMD Opterons for supercomputers, trying to have a little bit of ARM servers and AMD server chips. And it seems that this has succeeded to the point where now ARM and AMD are beginning to be viable competitors to Intel. We might be in a situation where in a year or two AMD might have a double-digit percent market share (could be as much as 50%) in the "server" market, which today mostly means big cloud users. Personally, I would welcome that; the Intel monopoly has made me just as uncomfortable as everyone else. But what we need to remember: If it weren't for the generosity of "donors" like the national labs and Google, ARM servers and AMD would be dead today.
 
Japanese proverb: "Business is the long sword". And espionage on that level is just business, nothing personal. The problem is that most nations no longer have the ability to build systems from scratch, as a report about the iPhone once documented. What did everybody expect?
When Boing won the bid to supply the equivalent of AF1 to China (they seem to have had a hidden finance source for being so cheap) some of their personel ended up in jail there because the bird was immediately checked for 'additional equipment' which was also found in the bed posts f.e.

One should check the silicon delivered from anywhere for add ons. One good way to slip something into an ARM core is to make an add of #0 to the PC set the supervisor mode status flag. So you would need to check all these no-op and illegal-op combos if they do as expected.
 
DriverBuilder said:
In this article they mentioned "the microchip altered the operating system’s core so it could accept modifications". I wonder is this affects FreeBSD OS?
Click to expand...
Think BMC = IME (Intel Management Engine) and that's where this chip was attached (according to reports), then decide for yourself if it could affect any operating system on that hardware.
 
My question is, what can the FreeBSD community do to protect its users (and the platform) against these adversaries and flaws?

Does the community care enough about the issue to advocate for and encourage alternatives? Or do we just want to bicker and regurgitate what some of us already know?
 
tingo said:
Think BMC = IME (Intel Management Engine) and that's where this chip was attached (according to reports), then decide for yourself if it could affect any operating system on that hardware.
Click to expand...

I'm much more concerned with the IME than with Intel chip exploits. I can mitigate those to an extent by not allowing scripting in my browser, they worry me as much as a JavaScript trojan.

The only method I've seen described to deal with IME backdoors carries the caveat "Use at your own risk; the methods to disable Intel ME were described as “risky and may damage or destroy your computer.”

I care very much about computer security and learned the importance of it early on, but at a point become somewhat desensitized to what is a never-ending list of things to worry about. I can only maintain a state of hyper-vigilance for about 2 years till what I was so worried about initially slowly becomes a normal part of everyday life and deal with new entries on the list as needed.

That's not to say I become lax or complacent.
 
ralphbsz said:
If it weren't for the generosity of "donors" like the national labs and Google, ARM servers and AMD would be dead today.
Click to expand...
I always find it quite interesting that the reason why AMD is around in the first place is because IBM at the time refused to be tied down to a single vendor (Intel) for its hardware so it somehow got Intel to license out the rights to its chip designs so that IBM would go with them. This again felt like an artificial deal.

Would this ever happen again? Is Intel too big and would decline the contract terms?

Is Intel quite pissed off that this happened and that it created (I guess it's main competitor) its own competition? I am assuming there is much regret.

Would Intel ever be allowed to buy out AMD? The fact that AMD is originally dependent on Intel's patents etc. surely gives it quite a good argument / case against potential anti-monopoly lawsuits
 
Some reading material: "Dark Territory: The Secret History of Cyber War," by Fred Kaplan. The author cites some declassified events worth reading.
 
I miss these tin foil hat posts. It's true that most nations put some kind of backdoor. I was just on votesmart and saw that, here, there has been legislation put forward to install killswitches in cellphones (I guess the lawmakers don't realize those are already there).

The crazy part about this story is how widespread it was before our domestic agencies detected/released knowledge about it.

Most of these agencies put resources towards these things in accordance with market share, which tends to be linked to usability. If you don't want to worry about this kind of stuff, good luck building an invulnerable system. I'll take our US backdoors over the chinese, though, as the chinese tend to leave them more or less open for other actors.

Taking tinfoil hat off now...
 
DriverBuilder said:
In this article they mentioned "the microchip altered the operating system’s core so it could accept modifications". I wonder is this affects FreeBSD OS?
Click to expand...

I think this was a CPU level exploit, so technically, it could exploit an OS not yet developed for aforementioned platform.
 
You must log in or register to reply here.
Back
Top