Announcement

Collapse

Computer Lab Guidelines

Here in the computer lab, we talk about cool tech, the newest coolest gadgets, and tackle your toughest tech questions.

If you need to refresh yourself on the decorum, now would be a good time. Forum Rules: here
See more
See less

Major Chinese hacking scheme.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Major Chinese hacking scheme.

    The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
    The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.

    In 2015, Amazon.com Inc. began quietly evaluating a startup called Elemental Technologies, a potential acquisition to help with a major expansion of its streaming video service, known today as Amazon Prime Video. Based in Portland, Ore.,
    ...
    To help with due diligence, AWS, which was overseeing the prospective acquisition, hired a third-party company to scrutinize Elemental’s security, according to one person familiar with the process. The first pass uncovered troubling issues, prompting AWS to take a closer look at Elemental’s main product: the expensive servers that customers installed in their networks to handle the video compression.
    ...
    Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.

    During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.

    ...
    The chips had been inserted during the manufacturing process, two officials say, by operatives from a unit of the People’s Liberation Army. In Supermicro, China’s spies appear to have found a perfect conduit for what U.S. officials now describe as the most significant supply chain attack known to have been carried out against American companies.

    One official says investigators found that it eventually affected almost 30 companies, including a major bank, government contractors, and the world’s most valuable company, Apple Inc. Apple was an important Supermicro customer and had planned to order more than 30,000 of its servers in two years for a new global network of data centers.

    more here:

    https://www.bloomberg.com/businessweek

    A long and interesting read.


  • #2
    It's Trump's fault.

    I win!!!!!!


    Securely anchored to the Rock amid every storm of trial, testing or tribulation.

    Comment


    • #3
      Originally posted by mossrose View Post
      It's Trump's fault.

      I win!!!!!!
      You are a Chinese spy!

      Comment


      • #4
        Originally posted by Sparko View Post
        You are a Chinese spy!


        Securely anchored to the Rock amid every storm of trial, testing or tribulation.

        Comment


        • #5
          You don't want to know what I initially thought the thread's title said at first glance.
          ~ Russell ("MelMak")

          "[Sing] and [make] melody in your heart to the Lord." -- Ephesians 5:19b

          Fight spam!

          Comment


          • #6
            I want to know.


            Securely anchored to the Rock amid every storm of trial, testing or tribulation.

            Comment


            • #7
              Apple is claiming it never happened.

              Apple told Congress it found no evidence of server tampering
              "Nothing was ever found," during scans of outbound traffic, it said

              In a letter to Congress, Apple reiterated that it found no evidence of microchip-based server tampering by Chinese agents that was reported by Bloomberg Businessweek. The company, along with Amazon and server manufacturer Super Micro, had previously released forceful denials of suspicions that its servers contained malicious components. The US Department of Homeland Security (DHS) and UK cybersecurity officials had also chimed in, saying they have no reason to doubt Amazon and Apple's denials.

              Apple VP for IT security Goerge Stathakopoulos sent letters to both the US House and Senate Commerce Committees, according to a Reuters report. "Apple's proprietary security tools are continuously scanning for precisely this kind of outbound traffic, as it indicates the existence of malware or other malicious activity," it stated. "Nothing was ever found."

              The letter also repeated press statements from Apple that it never discovered any backdoor components that could compromise user security. Apple originally said that it "conducted rigorous internal investigations based on [Bloomberg's] inquiries and each time we have found absolutely no evidence to support any of them." The company also noted that the story was based on 17 anonymous sources, with some allegations based on even fewer unnamed sources.

              https://www.engadget.com/2018/10/08/...cro-tampering/

              Comment


              • #8
                Scary as a LOT of server and pc system boards are manufactured in China. It could happen to more than one company IMO...
                "What has the Church gained if it is popular, but there is no conviction, no repentance, no power?" - A.W. Tozer

                "... there are two parties in Washington, the stupid party and the evil party, who occasionally get together and do something both stupid and evil, and this is called bipartisanship." - Everett Dirksen

                Comment


                • #9
                  Originally posted by Sparko View Post
                  Apple is claiming it never happened.

                  Apple told Congress it found no evidence of server tampering
                  "Nothing was ever found," during scans of outbound traffic, it said

                  In a letter to Congress, Apple reiterated that it found no evidence of microchip-based server tampering by Chinese agents that was reported by Bloomberg Businessweek. The company, along with Amazon and server manufacturer Super Micro, had previously released forceful denials of suspicions that its servers contained malicious components. The US Department of Homeland Security (DHS) and UK cybersecurity officials had also chimed in, saying they have no reason to doubt Amazon and Apple's denials.

                  Apple VP for IT security Goerge Stathakopoulos sent letters to both the US House and Senate Commerce Committees, according to a Reuters report. "Apple's proprietary security tools are continuously scanning for precisely this kind of outbound traffic, as it indicates the existence of malware or other malicious activity," it stated. "Nothing was ever found."

                  The letter also repeated press statements from Apple that it never discovered any backdoor components that could compromise user security. Apple originally said that it "conducted rigorous internal investigations based on [Bloomberg's] inquiries and each time we have found absolutely no evidence to support any of them." The company also noted that the story was based on 17 anonymous sources, with some allegations based on even fewer unnamed sources.

                  https://www.engadget.com/2018/10/08/...cro-tampering/
                  Amazaon is also denying the story (as is Super Micro), and DHS sees no reason to doubt the companies' statements.
                  Enter the Church and wash away your sins. For here there is a hospital and not a court of law. Do not be ashamed to enter the Church; be ashamed when you sin, but not when you repent. – St. John Chrysostom

                  Veritas vos Liberabit<>< Learn Greek <>< Look here for an Orthodox Church in America<><Ancient Faith Radio
                  sigpic
                  I recommend you do not try too hard and ...research as little as possible. Such weighty things give me a headache. - Shunyadragon, Baha'i apologist

                  Comment


                  • #10
                    Originally posted by One Bad Pig View Post
                    Amazaon is also denying the story (as is Super Micro), and DHS sees no reason to doubt the companies' statements.
                    So either they are covering it up for security or other reasons, or the story is fake. The detail in the OP story was pretty extensive for it to be fake.

                    Comment

                    Related Threads

                    Collapse

                    Topics Statistics Last Post
                    Started by Ronson, 03-20-2024, 07:20 PM
                    2 responses
                    28 views
                    0 likes
                    Last Post rogue06
                    by rogue06
                     
                    Started by Christian3, 03-15-2024, 10:15 AM
                    13 responses
                    64 views
                    0 likes
                    Last Post QuantaFille  
                    Working...
                    X