{"id":2296,"date":"2018-10-08T13:43:54","date_gmt":"2018-10-08T11:43:54","guid":{"rendered":"https:\/\/www.ofcourseimright.com\/?p=2296"},"modified":"2018-10-09T11:33:00","modified_gmt":"2018-10-09T09:33:00","slug":"are-the-chinese-infecting-hardware-someone-is-lying","status":"publish","type":"post","link":"https:\/\/ofcourseimright.com\/?p=2296","title":{"rendered":"Are the Chinese infecting hardware?  Someone is lying"},"content":{"rendered":"\n<div class=\"wp-block-image\"><figure class=\"alignleft\"><img loading=\"lazy\" decoding=\"async\" width=\"96\" height=\"132\" src=\"https:\/\/www.ofcourseimright.com\/blog\/wp-content\/uploads\/2008\/06\/cybercrime.jpg\" alt=\"\" class=\"wp-image-26\"\/><\/figure><\/div>\n\n\n\n<p><a href=\"https:\/\/www.bloomberg.com\/news\/features\/2018-10-04\/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies\">Bloomberg has reported<\/a> that a company, Supre Micro, Inc., has had their hardware hacked, maybe with the knowledge or encouragement of the Chinese government. Impacted customers reportedly include  Apple Computer and Amazon, who may have had their data centers compromised.\u00a0 Apple, Amazon, and Super Micro Inc have all issued strong denials.<\/p>\n\n\n\n<p>The attack as described involves a tiny chip being surreptitiously inserted on the board of one of Super Micro Inc&#8217;s suppliers.\u00a0 According to the report, the chip could insert code that would allow for malware to be installed.\u00a0 We&#8217;ll come back to how to address that attack at a later date.<\/p>\n\n\n\n<p>While this attack is at least feasible in theory, and while it is possible for vendors to keep a secret, and indeed it has enraged many people in the past that a bunch of vendors have kept secrets for quite a while, here we have a report where we have denials all around, and yet we have a somewhat detailed description of the attack.\u00a0 There are only three possibilities:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>The reporters and their sources are accurate; in which case there is a MASSIVE conspiracy that includes Apple and Amazon, not to mention government officials.<\/li><li>The reporters are wrong, and have been fed corroborated yet false information by government sources.<br\/><\/li><li>The reporters are fabricating a story.<\/li><\/ol>\n\n\n\n<p>An existence proof \u2013 one board \u2013 would suffice to show that (1) is true.\u00a0 Proving (2) would be quite difficult without recorded conversations of confidential sources.\u00a0 (3) is also difficult to prove.<br\/><\/p>\n\n\n\n<p>Let&#8217;s hope the reporters are fabricating the story, because the alternatives are far worse.\u00a0 If the reporters are accurate, we either have vendors standing on their heads or government sources\u00a0 feeding media a pack of lies.\u00a0 Furthermore, although China has broken into the computers of adversaries in the past, it would be particularly bad for false accusations to circulate that could later be used to discredit or tarnish those that are true.<\/p>\n\n\n\n<p>More to come.<br\/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Bloomberg has reported that a company, Supre Micro, Inc., has had their hardware hacked, maybe with the knowledge or encouragement of the Chinese government. Impacted customers reportedly include Apple Computer and Amazon, who may have had their data centers compromised.\u00a0 Apple, Amazon, and Super Micro Inc have all issued strong denials. The attack as described &hellip; <a href=\"https:\/\/ofcourseimright.com\/?p=2296\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Are the Chinese infecting hardware?  Someone is lying&#8221;<\/span><\/a><\/p>\n","protected":false},"author":172,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[87,9],"tags":[141,576],"class_list":["post-2296","post","type-post","status-publish","format-standard","hentry","category-internet","category-security","tag-china","tag-hacks"],"_links":{"self":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2296","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/users\/172"}],"replies":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2296"}],"version-history":[{"count":4,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2296\/revisions"}],"predecessor-version":[{"id":2306,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2296\/revisions\/2306"}],"wp:attachment":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2296"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2296"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2296"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}