Lee H. Marzke on 4 Oct 2018 11:10:50 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies


The report says the chip talks to the baseband controller, which has privileged to do remote Bios / firmware patching.

Lee



From: "K.S. Bhaskar" <ksbhaskar@gmail.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Sent: Thursday, 4 October, 2018 13:13:25
Subject: Re: [PLUG] The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
Label me sceptical till I understand where such a chip should be incorporated into a circuit to allow OS modifications.

Regards
– Bhaskar

On Thu, Oct 4, 2018 at 12:48 PM Ron Guilmet <ronpguilmet@gmail.com> wrote:
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

The Supermicro attack

The attack by Chinese spies reached almost 30 U.S. companies, including
Amazon and Apple, by compromising America’s technology supply chain,
according to extensive interviews with government and corporate
sources.

Since the implants were small, the amount of code they contained was
small as well. But they were capable of doing two very important
things: telling the device to communicate with one of several anonymous
computers elsewhere on the internet that were loaded with more complex
code; and preparing the device’s operating system to accept this new
code.

1. A Chinese military unit designed and manufactured microchips as
small as a sharpened pencil tip. Some of the chips were built to look
like signal conditioning couplers, and they incorporated memory,
networking capability, and sufficient processing power for an attack.

2. The microchips were inserted at Chinese factories that supplied
Supermicro, one of the world’s biggest sellers of server motherboards.

3. The compromised motherboards were built into servers assembled by
Supermicro.

4. The sabotaged servers made their way inside data centers operated by
dozens of companies.

5. When a server was installed and switched on, the microchip altered
the operating system’s core so it could accept modifications. The chip
could also contact computers controlled by the attackers in search of
further instructions and code.

Link to article

https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


--
Windows does to computers what smoking does to humans

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

--
"Between subtle shading and the absence of light lies the nuance of iqlusion..."  - Kryptos

Lee Marzke,  lee@marzke.net     http://marzke.net/lee/
IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM
+1 800-393-5217  voice/text
+1 484-348-2230  fax
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug