Hardware Hack

by wjw on October 10, 2018

Now it looks as if the Chinese have managed to do a massive hardware hack into thousands of servers used by government agencies and major corporations.

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.

During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.

This attack was something graver than the software-based incidents the world has grown accustomed to seeing. Hardware hacks are more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get.

I had this in my 2011 novel Deep State, though I was a little more optimistic, and gave the tech magic to the US government.

Clearly some of the wrong people are reading my books.

mearsk October 10, 2018 at 9:40 am: The hack allegations are proving to be very controversial as Apple and Amazon swear up and down that no such hack happened and the Bloomberg guys made it up. Bloomberg hasn’t released any real physical evidence, so who knows if it really happened.
John Appel October 10, 2018 at 1:20 pm: Seconding Mearsk. There’s been a fair bit of pushback from reputable folks in the field who have pressed Bloomberg for evidence and specifics, but have gotten nothing back. Either Apple or AWS (forget which) has been very explicit about not finding the claimed outbound traffic despite looking for it, which is something large organizations (like the one I work for) do routinely. For the moment this one is in the “Plausible but definitely not confirmed.”
Robert M Roman October 10, 2018 at 2:21 pm: However, it’s not as if hardware is the only problem. From a brief item from engadget:

“By request from the Senate Armed Services Committee, GAO assessed the department’s readiness to deal with cyberattacks by looking at cybersecurity tests conducted on its weapons systems from 2012 to 2017. It found that testers were routinely able to infiltrate and commandeer the weapons systems they’re testing. In at least one case, they were able to find the correct administrator password in nine seconds, because the DoD never bothered changing the default. All the testers had to do was look it up on the internet. Further, they were able to operate undetected — the other testers meant to fend them off were unable to do so.”

https://www.engadget.com/2018/10/10/pentagon-weapons-systems-gao-report/
Etaoin Shrdlu October 10, 2018 at 2:29 pm: They’ve reportedly found a second buried in an ethernet controller chip.

This is why I do all my Bitcoin address and transaction generation on a Raspberry Pi that has never been connected to the internet and is never going to be connected to the internet.
Conrad Mazian October 10, 2018 at 7:27 pm: Bruce Schneier commented.

https://www.schneier.com/blog/archives/2018/10/chinese_supply_.html

Sounds like a definite “maybe”, leaning toward “plausible”. As he notes, the larger problem is that it _could_ be plausible and we don’t know for certain.
Minx October 11, 2018 at 3:10 am: Hey Walter, here’s basically the same thing but software side.

A battle royale shooter developed by Chinese dev/publisher Tencent Games and sold on Steam has been caught including a cryptominer and rootfolder keylogger that sends your system info to backend servers with Chinese IPs.

https://twitter.com/YOUNGWATERGOD/status/1048731272674041856

(In This Is Not A Game the Chinese company whose building Big Idea acquired had their servers tampered much the same, no? You continue to be an augur.)
DensityDuck October 16, 2018 at 3:29 pm: Of course there’s no evidence of anything happening. Of *course* Apple and Amazon have it on very good authority that nothing of the sort ever occurred.

Because if it *had*, then that would be bad. Like, bad that starts at every tech company shuts down for the next five or six years, and ends with message-in-five-parts situations. Therefore it can’t have happened. Whatever that means, whatever it takes, whatever story has to be told and sworn to be true, the thing that Bloomberg says happened cannot have happened.