The Big Hack: How China Used a Tiny Chip on Servers to Infiltrate U.S. Government, Military and Companies

submitted by expat from (bloomberg.com)

all 7 comments
sorted by:
top
newinsightfulfun

[–]Tom_Bombadil 6 insightful - 1 fun6 insightful - 0 fun7 insightful - 1 fun -  (2 children)

The US NSA is likely winning the bugged chip race by 100:1.

It would be a surprise to me, if our bugged chips didn't immediately inform the NSA that China was trying to bug the US with some entry level chips.

[–][deleted] 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (0 children)

I think you're right, considering Intel's secret CPU within the CPU their Management Engine https://en.wikipedia.org/wiki/Intel_Management_Engine

[–]expat[S] 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (0 children)

Well, remember the Navy ship crashes from earlier this year ?

Quote from the article: "Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships."

Still so sure ?

Especially knowing the steel issue (see my post below) ?

Coincidence or deliberate targeting ?

[–][deleted] 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (3 children)

If this turns into a full blown spy vs spy technology crisis, it could lead to more US tech manufacturing.

I believe the US and Israel have done similar dirty tech hacks, like intercepting new product shipments and installing a modified bios for them to have remote access.

[–]expat[S] 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (2 children)

Exactly what I was thinking with regards to the manufacturing. It would be important at least for crucial digital infrastructure. Think what was uncovered regarding deliberately low-quality Chinese-manufactured steel that was used to build U.S. military vessels, thereby weakening them. If steel manufacturing can be brought back to the U.S. (thus also reducing pipeline leakage e.g.), surely microtech manufacturing can be relocated back to the US as well.

With regards to your second point: yes, the Snowden leaks uncovered that. But that was on a smaller scale afaik: when a target ordered a piece of tech, the mail was intercepted and the appliance modified. But as you said: those were software modifications. What was uncovered in the article is a much more sophisticated and much larger operation. I don't know if you read through the whole piece (it is quite a read, I have to admit), but this bit simply made me gasp: "In one case, the malicious chips were thin enough that they’d been embedded between the layers of fiberglass onto which the other components were attached". So even if you took a magnifying glass to the components you would not stand a chance to detect that. And a company that purchases thousands of servers has zero chance to detect that, unless they pick up on some irregularity when running that piece of hardware.

[–][deleted] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (1 child)

what was uncovered regarding deliberately low-quality Chinese-manufactured steel that was used to build U.S. military vessels

Whoa I totally missed this story. Yeah this tech sabotage seems very similar.

"In one case, the malicious chips were thin enough that they’d been embedded between the layers of fiberglass onto which the other components were attached"

Yeah I hadn't read the story. Wow this is crazy. It seems it's time for more trusted US tech right now.

[–]expat[S] 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (0 children)

Yeah, maybe not exactly a national security issue (ISS excepted), but can someone buy Lenovo back, pretty please, so that we can all have decent tanks (ahem laptops) again ?