Supermicro is Investigating Bloomberg's Allegations

Reuters reports that Supermicro is looking for spy chips on their motherboards. In a letter to customers, the manufacturer denies the allegations Bloomberg made over two weeks ago, claiming that such a device would be "technically implausible." There are safeguards in Supermicro's supply chain that should theoretically prevent such a security breach from happening. Supermicro claims they have already conducted an extensive review, and found no evidence to suggest such a device exists. But, in spite of that strong denial, Supermicro is still "undertaking a complicated and time-consuming review to further address the article." Everyone involved in the story is still vehemently denying it, and so far, no one else has independently corroborated Bloomberg's story.

Our motherboard designs are extremely complex. This complexity makes it practically impossible to insert a functional, unauthorized component onto a motherboard without it being caught by any one, or all, of the checks in our manufacturing and assembly process. The complex design of the underlying layers of the board also makes it highly unlikely that an unauthorized hardware component, or an altered board, would function properly. Our motherboard technology involves multiple layers of circuitry. It would be virtually impossible for a third party, during the manufacturing process, to install and power a hardware device that could communicate effectively with our Baseboard Management Controller because such a third party would lack complete knowledge (known as "pin-to-pin knowledge") of the design. These designs are trade secrets protected by Supermicro. The system is designed so that no single Supermicro employee, single team, or contractor has unrestricted access to the complete motherboard design (including hardware, software, and firmware).

IF.. bloomberg is wrong.. end of the game for them, if not.. well thats not good either.

nah, They'll claim to be the victim of an elaborate hoax and the public will forget (they already have forgotten the story).

If it's not a hoax, then everyone else will play the victim to an "independent" bad actor and it'll be downplayed since the issue hasn't appeared to have resulted in any actual real-world use of the compromised hardware.

Either way, plausible deniability wins and nobody actually important will fall in either situation. Status Quo moves on.

Incredible claims require incredible proof. Bloomberg has set a high bar for itself.

"...protected trade secrets"

I laugh at that statement especially when dealing with China and their numerous copyright infringement violations.

To be clear, I'm not saying the claims are either true or false. Looking at China's theft history lends creedance to the claims brought forth by Bloomberg.

This is turning into a legit conspiracy boys.

Ski said:

This is turning into a legit conspiracy boys.

Click to expand...

Nah, a legit conspiracy is the mess that Saudi Arabia is doing right now.

This is unsubstantiated claims that appear to be directly related to market manipulation. Especially when viewed in the context of so many other stories that get put out that turn out to be false or misleading.

You'd be sure that if this is something legit, other countries/companies that dont have incentive to go along with a cover story would be corroborating the story with their own evidence as I'm sure these machines are being sold to all kinds of companies in all parts of the world.

The one thing that usually kills grand sized conspiracy theories is that they require enemies/competitors to work together and there are just so few instances where that would ever occur.

in the end though. What's more likely? an elaborate man in the middle attack who's only apparent hope of doing anything would be as a kill-switch or require some kind of on-site access to make use of. Or a way to manipulate short term market trends so certain day-traders can make bank, with just enough plausible deniability to not break any laws over it?

Darth Ender said:

What's more likely? an elaborate man in the middle attack who's only apparent hope of doing anything would be as a kill-switch or require some kind of on-site access to make use of. Or a way to manipulate short term market trends so certain day-traders can make bank, with just enough plausible deniability to not break any laws over it?

Click to expand...

It's not as sexy as the murder of the Saudi journalist, however, it still meets the requirements of a conspiracy because this story has been unsubstantiated since the beginning. So the question remains: why did the editor in chief at Bloomberg sign off on this piece with absolutely no corroborated evidence to back their claims up? No self resourcing newspaper would ever act so cavalier 20 years ago. What do they have to gain by instantly blaming the Chinese? Or it could also be a tactic to short the stock like you said because the higher ups at Bloomberg are colluding with outside parties.

Who knows...

Literally a conspiracy is two or more individuals conspiring against another; it could easily just be me and Hulk Hogan conspiring to steal the ice cream in your fridge and blame it on your wife.

Sounds to me like some criminal organization in China doped the supply pool. They are looking for easy money, not "trade secrets".

Supermicro just puts the boards together. They still buy parts from third party suppliers. They don't make the chips themselves. The sellers of the parts are a dime a dozen and they come and go quickly China. Its more likely that one of the suppliers Supermicro was using was supplying them with rigged lan chips.

You only need 1 of these chips to land in a good spot for it all to pay off if all you are looking for is money.

An attack of this sort, trying to spy on someone in this manner is not efficient, nor is there any guarantee that you will gain anything useful from it, as you have no way to control where the boards go. Money on the other hand is all over the place. Bitcoin as well. Last I checked, bitcoin farms need lots of lan chips...

Part of me feels like Bloomberg wouldn't have just published this without some reason... they stand to lose much from false reporting especially after the hit Supermicro just took. They opened themselves up to a huge lawsuit if there is no legitimacy to this claim. I think there was something newsworthy to be reported about, but the journalism was shoddy and they didn't look deep enough and blamed the wrong people. Its easy to blame China for spying, and it would make some big headlines if this was the case. A story about rigged chips being distributed through suppliers in China would be nothing more than a fart in a hurricane, so they went with the first story instead.

Elon Musk shelled over 20 million for his faux pas, lets see what Bloomberg does...

Me, I blame Canada. Moose are evil... they are so tricky even their name is confusing... is it plural? Singular? Both?

well, everything was a conspiracy until it was leaked, and the leaker thus became public enemy no.1. They already have set an example of what happened to these guys . I don;t think anyone is willing to sacrifice their lives for something like this. Looks like we need to wait 20 years or so for something, if anything.

as for why no chips are found, well they prob have already been purged years ago. As in, this bug situation has not been an active situation for quite some time, which is prob why the gov didn't put pull the Bloomberg story, and it suits the current foreign policy of slowly allowing more stories of Chinese espionage efforts onto mass media , to culture a more positive response towards tougher relations with China.

My definition of conspiracy requires something a tiny bit more substantial than a single entity making a claim with absolutely no evidence to back it up...however weak that evidence might be.

Show some photos of the actual part. Show some kind of paper trail of the fabrication of such a part. Show a proof of concept for how it could actually work in practice. Something.

If everything someone might say about something else can be called a conspiracy if the other party denies it, then we've reduced the word to something that has no meaning. It essentially becomes a synonym to "statement" or "claim".

Darth Ender said:

nah, They'll claim to be the victim of an elaborate hoax and the public will forget (they already have forgotten the story).

If it's not a hoax, then everyone else will play the victim to an "independent" bad actor and it'll be downplayed since the issue hasn't appeared to have resulted in any actual real-world use of the compromised hardware.

Either way, plausible deniability wins and nobody actually important will fall in either situation. Status Quo moves on.

Click to expand...

I wouldn't put it past China to try to do something like this. Heck, I wouldn't put it past the NSA. It makes perfect sense why a government would want complete access to the largest corporations computers.

But at the same time, it also is reasonable to assume someone wanted to make a quick buck off the stock market by shorting SMCI, and paid a few people to make up this story. It would be very interesting to see if any institutional investors made large bets against SMCI prior to the Bloomberg leaks. But obviously, the way the system works, if that happened to be the truth, they won't be the ones going to jail. It will just be some patsy.

Darth Ender said:

My definition of conspiracy requires something a tiny bit more substantial than a single entity making a claim with absolutely no evidence to back it up...however weak that evidence might be.

Show some photos of the actual part. Show some kind of paper trail of the fabrication of such a part. Show a proof of concept for how it could actually work in practice. Something.

If everything someone might say about something else can be called a conspiracy if the other party denies it, then we've reduced the word to something that has no meaning. It essentially becomes a synonym to "statement" or "claim".

Click to expand...

lul, wut?

The article came out same day as Vice President Pence's Cold War w/China speech at the Hudson Institute.

Can't someone offer a bounty to produce one of these boards?

AlphaAtlas said:

The system is designed so that no single Supermicro employee, single team, or contractor has unrestricted access to the complete motherboard design (including hardware, software, and firmware).

Click to expand...

Hmmm - sounds just like Micro$oft's business model for Windows 10.