Are the Chinese infecting hardware? Someone is lying

Bloomberg has reported that a company, Supre Micro, Inc., has had their hardware hacked, maybe with the knowledge or encouragement of the Chinese government. Impacted customers reportedly include Apple Computer and Amazon, who may have had their data centers compromised.  Apple, Amazon, and Super Micro Inc have all issued strong denials.

The attack as described involves a tiny chip being surreptitiously inserted on the board of one of Super Micro Inc’s suppliers.  According to the report, the chip could insert code that would allow for malware to be installed.  We’ll come back to how to address that attack at a later date.

While this attack is at least feasible in theory, and while it is possible for vendors to keep a secret, and indeed it has enraged many people in the past that a bunch of vendors have kept secrets for quite a while, here we have a report where we have denials all around, and yet we have a somewhat detailed description of the attack.  There are only three possibilities:

  1. The reporters and their sources are accurate; in which case there is a MASSIVE conspiracy that includes Apple and Amazon, not to mention government officials.
  2. The reporters are wrong, and have been fed corroborated yet false information by government sources.
  3. The reporters are fabricating a story.

An existence proof – one board – would suffice to show that (1) is true.  Proving (2) would be quite difficult without recorded conversations of confidential sources.  (3) is also difficult to prove.

Let’s hope the reporters are fabricating the story, because the alternatives are far worse.  If the reporters are accurate, we either have vendors standing on their heads or government sources  feeding media a pack of lies.  Furthermore, although China has broken into the computers of adversaries in the past, it would be particularly bad for false accusations to circulate that could later be used to discredit or tarnish those that are true.

More to come.

North Korean Nonsense:

In the last two weeks we’ve heard about how the North Koreans have, well, let’s see…

All of this stemmed from further sanctions the U.N. imposed after these nutcases conducted a nuclear test.

These people are, quite simply put, wackos with nuclear weapons, each dictator worse than the last.  The people they least endanger is America, and the people they most endanger are themselves, and their brothers, sisters, and cousins to the south.  Not far behind them are the Chinese to the north.  Clearly basketball diplomacy hasn’t helped at all.

The United States has a tendency to clean up messes all around the world.  We get yelled at for doing so, and then people privately thank their lucky stars we do.  Wouldn’t it be nice if someone else did the dirty work for once?  As it happens the Chinese have been flexing their muscles all over the region, from Japan to Malaysia.  They’ve even breached South Korean waters.  But the North they leave alone.

With lots to lose and the fact that the Chinese have been propping up this government for six decades, the Chinese will have to deal with the consequences far more so than we will.  It is a problem that the United States cannot solve.  Our having sent B-2s was a nice show, but if we end up in an armed conflict with North Korea, mostly South Koreans, Chinese, and maybe Japanese get hurt.  That region must resolve the matter.  B-2s shouldn’t do it.

You don’t get to be a leader by simply showing military might.  You have to use that might to address real problems.  The Chinese have feared above all that if they intervene in the affairs of others, some day it will be their turn to be on the receiving end of such interference.  Their turn may come, but not because they’ve done the right thing with North Korea.

U.S. Currency War with China?

This short piece is on News Hour introduces us to the politics of currency manipulation. A government who keeps its currency artificially low is in essence dumping their goods and services on every other country, thereby taking jobs from those countries.   The hard part is determining when prices are really artificially low.  While it is in the end a political opinion, we have some hints as to when the price of a currency is really lower than it should be.  One of those is when per-capita income is higher than another country’s and yet there is still a net export of goods and services.  According to the International Monetary Fund, for 2010, the U.S. had the 7th highest per capita income of $46,860, while China came in a distant 94th with $7,544 per person.  China’s trade surplus for that same year was $190 billion.  Were we to attribute all of that to the United States, that would add about $680 to the U.S. per capita income.

On the other hand, Perhaps, on the other hand, the U.S. currency is too high. After all, the U.S. trade deficit for 2010 was $498 billion.  But then what do we do about it? To lower the value of the dollar you simply print more. Of course that risks inflation. And if you do print more, why shouldn’t another country respond by printing more of its own currency?

It’s a messy business, and given the amount of money to be made or lost in speculating on currency, the U.S. Senate should be very careful about the sort of laws they pass, particularly ones that in some way ties the Treasury Department’s arms in dealing with currency crises.  Thar be dragons here.


As if On Queue: Google accounts attacked from China

The BBC reports today how China is rejecting Google’s statement that attacks on its users originated from China.  It’s very fair for China to call into question from whence attacks originate.  The best Google can really authoritatively say is that they saw attacks coming from a particular set of IP addresses that happen to be registered to a network that resides in a particular location, in this case Jinan.

However, the attacks targeted individuals said to be Chinese dissidents or adversaries.  In this case, as the BBC writes, while it is very difficult to state with assurance that the attacks were made by the Chinese government, the technique used, spear phishing, leads one to believe that this attack was in fact paid for, in some way, by a government.  Spear phishing involves learning about a particular individual, and then crafting a message that that person would think came from someone they knew, and convincing that person to view an attachment that itself contains a virus.  That virus must be relatively unknown, or virus checkers will pick it up.  The cost of spear phishing is high, and the monetary pay-off tends to be low.  Therefore, it is a good fit for an intelligence organization.

In addition, as I wrote not long ago, Cambridge University investigated a break-in of the Office of His Holiness, The Dalai Lama.  Those attacks also seemed to originate from China, they were also targeted against an adversary, and worst of all, China apparently acted upon the information stolen by applying diplomatic pressure against those countries who invited the Dalai Lama.

At the very least, China bears some culpability for allowing the attack.  Here we have a government that does not believe in the free flow of information, and so they are known for monitoring everything.  How, then, did this attack escape their notice?

Oh Say Can You STEAL?

America’s National Anthem is, well, a symbol of America.  And so it is no small matter when someone steals it.  According to NPR’s Morning Edition the Chinese have done just that, and they did so by playing a version that was arranged by a private individual named Peter Breiner.  He found out about it from friends who heard them play it in that tiny itty bitty venue – an Olympics medal presentation.

File this one under the department of “You Can’t Make This Stuff Up”.