bloomberg on supermicro: sky is falling
markr at signal100.com
Thu Oct 4 19:43:59 UTC 2018
On 04/10/2018 20:26, William Herrin wrote:
> On Thu, Oct 4, 2018 at 3:07 PM Denys Fedoryshchenko <denys at visp.net.lb> wrote:
>> It would be better for them(AMZN, SMCI, AAPL) to prove that these
>> events did not take place - in court.
> "Can't prove a negative."
You can in effect do so by suing for defamation. It's then up to the
person who has made allegedly defamatory claims to prove their claims.
If they can't prove their claims in court then the claims are, in
effect, proven to be false.
However, I'm not sure that Amazon, Apple or Supermicro have actually
been defamed by the article in question. In other words, there could be
nothing to sue for. The PLA and Chinese government would have been
defamed (if the claims are untrue) but that's a different matter. Any
lawyers wants to offer an opinion?
> The Bloomberg article described them as looking like 'signal
> conditioning couplers" on the motherboard. There is no such part on
> server boards but maybe they meant optoisolators or power conditioning
> capacitors. The former is a hard place to tweak the BMC from without a
> high probability of crashing it. The latter doesn't touch the data
> lines at all.
The mystery object in the pictures in the article seemed to me to (sort
of) resemble a surface mount power conditioning capacitor. Note that
there was no suggestion that the mystery objects were connected in place
of capacitors; the article merely claimed that they were visually
disguised. They would obviously have to connect to data lines somewhere
to do what is claimed.
> They also quoted someone describing such a hack as being "like
> witnessing a unicorn jumping over a rainbow." I agree.
It doesn't seem so unreasonable to me. If true, this is not a matter of
fitting the mystery components to random hardware and hoping that they
go somewhere useful. Instead, these were specific models of hardware
being manufactured for specific customers for use in specific
locations/roles. In other words, it was near-guaranteed that the
hardware (or at least some of it) would end up being used in a location
that carried 'interesting' target data. As such, this would be, if true,
an example of very carefully targetted espionage, not some random lucky
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the NANOG