<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 04/10/2018 20:26, William Herrin wrote:<br>
<blockquote
cite="mid:CAP-guGUQBM0ZaGOXUtyAgh=mO8Zdo=Jxj9t=pjKMjM0=FfTS3g@mail.gmail.com"
type="cite">
<pre wrap="">On Thu, Oct 4, 2018 at 3:07 PM Denys Fedoryshchenko <a class="moz-txt-link-rfc2396E" href="mailto:denys@visp.net.lb"><denys@visp.net.lb></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">It would be better for them(AMZN, SMCI, AAPL) to prove that these
events did not take place - in court.
</pre>
</blockquote>
<pre wrap="">
"Can't prove a negative."</pre>
</blockquote>
<br>
You can in effect do so by suing for defamation. It's then up to the
person who has made allegedly defamatory claims to prove their
claims. If they can't prove their claims in court then the claims
are, in effect, proven to be false.<br>
<br>
However, I'm not sure that Amazon, Apple or Supermicro have actually
been defamed by the article in question. In other words, there could
be nothing to sue for. The PLA and Chinese government would have
been defamed (if the claims are untrue) but that's a different
matter. Any lawyers wants to offer an opinion?<br>
<br>
<blockquote
cite="mid:CAP-guGUQBM0ZaGOXUtyAgh=mO8Zdo=Jxj9t=pjKMjM0=FfTS3g@mail.gmail.com"
type="cite">
<pre wrap="">The Bloomberg article described them as looking like 'signal
conditioning couplers" on the motherboard. There is no such part on
server boards but maybe they meant optoisolators or power conditioning
capacitors. The former is a hard place to tweak the BMC from without a
high probability of crashing it. The latter doesn't touch the data
lines at all.</pre>
</blockquote>
<br>
The mystery object in the pictures in the article seemed to me to
(sort of) resemble a surface mount power conditioning capacitor.
Note that there was no suggestion that the mystery objects were
connected in place of capacitors; the article merely claimed that
they were visually disguised. They would obviously have to connect
to data lines somewhere to do what is claimed.<br>
<br>
<blockquote
cite="mid:CAP-guGUQBM0ZaGOXUtyAgh=mO8Zdo=Jxj9t=pjKMjM0=FfTS3g@mail.gmail.com"
type="cite">
<pre wrap="">They also quoted someone describing such a hack as being "like
witnessing a unicorn jumping over a rainbow." I agree.</pre>
</blockquote>
<br>
It doesn't seem so unreasonable to me. If true, this is not a matter
of fitting the mystery components to random hardware and hoping that
they go somewhere useful. Instead, these were specific models of
hardware being manufactured for specific customers for use in
specific locations/roles. In other words, it was near-guaranteed
that the hardware (or at least some of it) would end up being used
in a location that carried 'interesting' target data. As such, this
would be, if true, an example of very carefully targetted espionage,
not some random lucky miracle.<br>
<br>
<pre class="moz-signature" cols="72">--
Mark Rousell</pre>
</body>
</html>