US Government Sides with Apple and Amazon, Denying Bloomberg "Spy Chip" Report

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,003
The US Department of Homeland Security has published a press release in support of Amazon, Apple, and Super Micro’s contention that Bloomberg’s China spy-chip story is fake news. Echoing the UK’s National Cyber Security Centre, Homeland says it has “no reason to doubt the statements” made by these companies. The agency later notes it is “committed to the security and integrity” of technology used around the world, implying that if China did sneak tiny chips onto motherboard, they’d know about it.

Homeland Security protects the nation’s cyber defenses from both domestic and foreign threats. It’s rare for the government to issue a statement on an apparent threat which, according to Bloomberg, is a classified matter that’s been under federal investigation for three years. The reality is that days after this story broke, it seems many of the smartest, technically minded, rational cybersecurity experts still don’t know who to believe — Bloomberg, or everyone else.
 

glutto

Limp Gawd
Joined
Apr 8, 2003
Messages
396
It will be really interesting if these accusations can be proven true.

There should be enough suspected hardware floating around to confirm or deny the surface-mount version of this story.
 

Vader1975

Gawd
Joined
May 11, 2016
Messages
820
The US Department of Homeland Security has published a press release in support of Amazon, Apple, and Super Micro’s contention that Bloomberg’s China spy-chip story is fake news. Echoing the UK’s National Cyber Security Centre, Homeland says it has “no reason to doubt the statements” made by these companies. The agency later notes it is “committed to the security and integrity” of technology used around the world, implying that if China did sneak tiny chips onto motherboard, they’d know about it.

Homeland Security protects the nation’s cyber defenses from both domestic and foreign threats. It’s rare for the government to issue a statement on an apparent threat which, according to Bloomberg, is a classified matter that’s been under federal investigation for three years. The reality is that days after this story broke, it seems many of the smartest, technically minded, rational cybersecurity experts still don’t know who to believe — Bloomberg, or everyone else.

My faith in the Department of Homeland Security dropped tremendously in recent times.
 

DeathFromBelow

Supreme [H]ardness
Joined
Jul 15, 2005
Messages
7,316
Why bother planting chips on motherboards when CPU security has been broken for years?

Either way you need internet access to the target system, and exploits of Spectre/Meltdown give nation-states plausible deniability. Compromising the supply chain would be obvious.
 

viscountalpha

2[H]4U
Joined
Oct 16, 2011
Messages
2,618
Why bother planting chips on motherboards when CPU security has been broken for years?

Either way you need internet access to the target system, and exploits of Spectre/Meltdown give nation-states plausible deniability. Compromising the supply chain would be obvious.

Just target someone with a uefi virus and your golden.
 

BloodyIron

2[H]4U
Joined
Jul 11, 2005
Messages
3,439
Why exactly do you think Apple would be denying something with so much evidence?

I speculate it's probably because China/their factories, threatened Apple they would be fully cut off if Apple acknowledged the threat. If that happened, Apple would literally be out of business. Far cheaper to just lie.
 

PaulP

Gawd
Joined
Oct 31, 2016
Messages
776
Why exactly do you think Apple would be denying something with so much evidence?

I speculate it's probably because China/their factories, threatened Apple they would be fully cut off if Apple acknowledged the threat. If that happened, Apple would literally be out of business. Far cheaper to just lie.
What evidence? All I've seen is the Bloomberg article, and they don't present any hard evidence, just allegations.
 

Lakados

Supreme [H]ardness
Joined
Feb 3, 2014
Messages
6,939
Why exactly do you think Apple would be denying something with so much evidence?

I speculate it's probably because China/their factories, threatened Apple they would be fully cut off if Apple acknowledged the threat. If that happened, Apple would literally be out of business. Far cheaper to just lie.
Bloomberg’s evidence is they claim Apple and Amazon said it happened. Amazon and Apple say that they are mistaken, and they are recalling the time they purchased hardware that contained drivers that had malware bundled with it. Those drivers never made it to the production floor and the offending malware was removed.
 

Formula.350

[H]ard|Gawd
Joined
Sep 30, 2011
Messages
1,102
Why exactly do you think Apple would be denying something with so much evidence?

I speculate it's probably because China/their factories, threatened Apple they would be fully cut off if Apple acknowledged the threat. If that happened, Apple would literally be out of business. Far cheaper to just lie.
My question to you becomes... how exactly do you expect the Chinese gov't to pull off contacting Apple? Just call them up?
"Herro, Mishter Cewk. You do not know me, but I know you, and if you comfirm that you datashenter was compromished, den we--I mean den you Chinese factories will have a shudden deray of productsh. Understand, yes? *click*"
After the Bloomberg article went live I'm sure the NSA, CIA, DHS, and a bunch more alphabet soup organizations will have been monitoring phone calls to those companies they mentioned.
They also probably tapped their emails, so that'd be risky as well.
I'd assume they would have potentially been watching the top official's homes, too, and if so that'd rule out being able to drop off one of those newspaper clippings style ransom letters telling them to keep quiet lol
Or if someone came to pick any of them up and coincidentally drop them off at the Chinese Embassy.
Maybe they sent it in a fortune cookie with some Chinese Food they didn't order that gets delivered in the middle of the night... :p

My asshattery aside, I am genuinely curious how you were thinking they'd get contacted by the Chinese Gov't?


What evidence? All I've seen is the Bloomberg article, and they don't present any hard evidence, just allegations.
Which is what really has me on the fence... On the one hand, there's a trade war with China going on and then suddenly this article goes public. My gut reaction was it being someone from the Trump Administration knowing someone at Bloomberg (for all I know, Trump may have a stake in them *shrug*) and convinces them to write that article to win public favor to support the trade war and to move manufacturing to the US (or at least out of China) or to just distract them from the tariff-induced price hikes.

Then there's the fact that this is a communist country and whose government no doubt isn't that fond of the US government (particularly with Trump running the show). where we've both been spying on each other for who knows how long, but definitely has the means to create such a device, combined with the aforementioned motivation.

But it's that exact lack of any evidence that, honestly, makes either side rather plausible IMO. Nothing 'on the record' it seems, or any devices in-hand. Granted, that leaves what Apple, Amazon and Homeland having said more likely, but even that seems to have a peculiar vibe about it...


Frankly, I don't know if I'm even awake anymore. These past few months (well, since the election really), have felt like the plot to a book or movie.
If anyone sees Matt Damon racing down the street in a Mini Cooper, or kicking the shit out of a couple well armed dudes... let me know please? That way I know I'm in a lucid dream and work on my reality-checks to wake up!
 

ghostwich

2[H]4U
Joined
Sep 10, 2014
Messages
2,201
Yeah, just look at how much Twitter messes with Tesla stock.
To be fair, it's not Twitter, but Elon Musk, on Twitter.

I've joked that for what he's done to the stock price, someone should MTM his access to Twitter and redirect it to some fake version (LOL like some Mastodon).
 
  • Like
Reactions: mikeo
like this

Delicieuxz

[H]ard|Gawd
Joined
May 11, 2016
Messages
1,403
If Bloomberg's report was true, the US and UK governments would have no way to handle the situation and no recourse to fix it. The public acknowledgement would just cause panic and possibly crash stocks and spoil investment in Western companies, projects, and economies, and destroy public morale and public confidence in government agencies. All while Western companies would be humiliated by still having to buy and use bugged Chinese technology.

Also, the subject could bring attention to the subject that the UK and US governments don't want because it might expose some of the ways they are bugging technology, or at least bring back to discussion the fact that the US is hacking, back-dooring, and installing physical spy implants into every piece of technology that it can.


So, while not knowing what the facts are, I don't take the UK and US governments' assertion that there is no bug chip endemic to be confirmation that there isn't one. It may be that claiming there to be none would be exactly what Western governments would do if ever there were one.
 

BloodyIron

2[H]4U
Joined
Jul 11, 2005
Messages
3,439
Well for starters, Apple would have an established communications avenue with partners like Foxconn. The government probably already uses those avenues to ensure Apple is on the level with their laws there, so this would be nothing new from a communications avenue perspective.

As for evidence, I haven't seen it myself, but there are government bodies that claim to have evidence, which is what Bloomberg cites. I would not believe Bloomberg, of all entities, to say something as big as this, without having evidence in-hand. They're placing their reputation on the line here, and they have a very massive reputation in the business/investment/economic sectors. Hence why Supermicro's stock tanked after it was announced, because they are a trusted source.

Furthermore, Apple, Amazon and others could be saying this in response to USA NSLs that _could_ have been served to them, but if that were the case, it would be impossible to prove without a canary, due to the nature of NSLs.

Again, this is just SPECULATION on my part, I have ZERO EVIDENCE to support this.

My question to you becomes... how exactly do you expect the Chinese gov't to pull off contacting Apple? Just call them up?
"Herro, Mishter Cewk. You do not know me, but I know you, and if you comfirm that you datashenter was compromished, den we--I mean den you Chinese factories will have a shudden deray of productsh. Understand, yes? *click*"
After the Bloomberg article went live I'm sure the NSA, CIA, DHS, and a bunch more alphabet soup organizations will have been monitoring phone calls to those companies they mentioned.
They also probably tapped their emails, so that'd be risky as well.
I'd assume they would have potentially been watching the top official's homes, too, and if so that'd rule out being able to drop off one of those newspaper clippings style ransom letters telling them to keep quiet lol
Or if someone came to pick any of them up and coincidentally drop them off at the Chinese Embassy.
Maybe they sent it in a fortune cookie with some Chinese Food they didn't order that gets delivered in the middle of the night... :p

My asshattery aside, I am genuinely curious how you were thinking they'd get contacted by the Chinese Gov't?



Which is what really has me on the fence... On the one hand, there's a trade war with China going on and then suddenly this article goes public. My gut reaction was it being someone from the Trump Administration knowing someone at Bloomberg (for all I know, Trump may have a stake in them *shrug*) and convinces them to write that article to win public favor to support the trade war and to move manufacturing to the US (or at least out of China) or to just distract them from the tariff-induced price hikes.

Then there's the fact that this is a communist country and whose government no doubt isn't that fond of the US government (particularly with Trump running the show). where we've both been spying on each other for who knows how long, but definitely has the means to create such a device, combined with the aforementioned motivation.

But it's that exact lack of any evidence that, honestly, makes either side rather plausible IMO. Nothing 'on the record' it seems, or any devices in-hand. Granted, that leaves what Apple, Amazon and Homeland having said more likely, but even that seems to have a peculiar vibe about it...


Frankly, I don't know if I'm even awake anymore. These past few months (well, since the election really), have felt like the plot to a book or movie.
If anyone sees Matt Damon racing down the street in a Mini Cooper, or kicking the shit out of a couple well armed dudes... let me know please? That way I know I'm in a lucid dream and work on my reality-checks to wake up!
 

nomu

Gawd
Joined
Jul 30, 2006
Messages
818
That's such a bizarre way for two intelligence agencies to weigh in on this. "No reason to doubt" someone else's statement instead of acknowledging your own awareness? I get that it minimizes the release of your intelligence, but it's also leaving a giant unsightly gap to contort your statement within.
 

Exercate

Limp Gawd
Joined
Aug 25, 2015
Messages
204
Chips? ... What Chips?

implying that if China did sneak tiny chips onto motherboard, they’d know about it.

Maybe there are chips... Who knows for sure. HOWEVER - If anyone comes out with a statement like that, then the Chinese might take it as a "Double Dog Dare 'ya to"...
 

N4CR

Supreme [H]ardness
Joined
Oct 17, 2011
Messages
4,948
Of course it's impossible, because the US govt has never engaged in this either. Neither has NSA - those firmware backdoors were for 'national security' right?
BASED truthful govt looking out for the people as usual, amirite?

nsa-pwn-cisco-640x373.jpg


The whitewashing of this is hilarious and pathetic at once. As if we have a 3 year memory-hole limit!
 

xmadror

Gawd
Joined
Feb 13, 2012
Messages
848
They must have figured out how to feed the Chinese fake information via those chip and want them to remain where they are !!
 
D

Deleted member 93354

Guest
Why bother planting chips on motherboards when CPU security has been broken for years?

Either way you need internet access to the target system, and exploits of Spectre/Meltdown give nation-states plausible deniability. Compromising the supply chain would be obvious.

You have to get that CPU to run the broken code. For truly secure systems, they aren't allowed access to javascripting web and HTML/MIME emails. These include mission critical systems. who just serve one function. (And it ain't a surfin bro)
 

DeathFromBelow

Supreme [H]ardness
Joined
Jul 15, 2005
Messages
7,316
You have to get that CPU to run the broken code. For truly secure systems, they aren't allowed access to javascripting web and HTML/MIME emails. These include mission critical systems. who just serve one function. (And it ain't a surfin bro)

Between the CPU exploits and Row hammer I don't think there's been such a thing as 'truly secure' during the last decade.
 
D

Deleted member 93354

Guest
Between the CPU exploits and Row hammer I don't think there's been such a thing as 'truly secure' during the last decade.

Row Hammer has been fixed. Memory controller forces refresh of adjoining lines of the DRAM cells.
 

DeathFromBelow

Supreme [H]ardness
Joined
Jul 15, 2005
Messages
7,316
Row Hammer has been fixed. Memory controller forces refresh of adjoining lines of the DRAM cells.

Sure, but practically all high density DDR3 was affected and most of those machines are still in service. I still have some 8GB DDR3 modules that fail Row Hammer testing in service that I can't afford to replace atm.

I highly doubt the government/defense industry has gone through and replaced all their DDR3 modules.
 
Joined
Sep 15, 2017
Messages
216
Spying goes on, no doubt, by all sides. However, why would Chinese government spy by placing chips on Supermicro motherboards specifically - that does not compute. Methodology is just poor, and no ability to target anything. It is just a poor story, good enough to move stock price though.

Much more likely that this was a more sophisticated version of AMD "security flaws" agenda with China thrown into the mix for good effect on stock price. Good time to invest though and join in on the expected rebound.
 

Anemone

Gawd
Joined
Apr 5, 2004
Messages
903
It's deeply classified in all likelihood giving companies the requirement to deny it under security provisions. What is happening now with the denials is an attempt to get Bloomberg to add more weight to it's disclosure which is a very simplistic attempt to get them to divulge enough information that the leakers are caught. The truth I'd bet lies somewhere in between the two parties. There IS a problem that was detected but that problem did not arrive in use or has been removed from use by any end products the relevant companies sold onto end users. So they can claim there is no problem and meanwhile the tainted sources are being carefully examined which means there is an ongoing classified investigation. While people might get nervous (and it's reasonable to be cautious), there is little one can do to impact this situation as an end user save to be really thoughtful before buying direct China sourced tech items from Ebay or Amazon. The situation may have a new angle but it part of an ongoing set of security issues to China is just one party of many if you'll remember.
 

mikeo

Gawd
Joined
May 17, 2006
Messages
659
And the stock is back up, that bloomberg article may have just got me a 2080ti, lol if they ever come back in stock.
 
Top