Bloomberg disproves Chinese chip report as not making sense

[TaiShang]

Bloomberg disproves Chinese chip report as not making sense

Xinhua Published: 2018-10-20


One of the named sources in Bloomberg Businessweek report on the so-called Chinese spying chip said that his comment was taken "out of context" and the story "did not make sense."

Joe Fitzpatrick, an instructor and researcher at Hardware Security Resources, LLC, has spent over a decade working on low-level silicon debug, security validation and microcontrollers.

Fitzpatrick was one of the named sources in the report of Bloomberg Businessweek, which accused China of using a tiny chip to infiltrate U.S. companies, including Amazon and Apple.

Both companies have released strongly worded denials, with Apple characterizing the report as "wrong and misinformed."

In Bloomberg's story, Fitzpatrick was quoted as saying "the hardware opens whatever door it wants." But the researcher painted a very different picture.

Fitzpatrick, speaking on the podcast Risky Business earlier this month, said that he spent a lot of time explaining to Bloomberg how such attacks could, in principle, be carried out. But he was shocked to find out that those theories he described had been used "out of context" to justify the Bloomberg report.

"What really struck me is that like all the details that were even remotely technical, (it) seemed like they had been lifted from the conversations I had about theoretically how hardware implants work ...," Fitzpatrick said.

Furthermore, the story as told "doesn't really make sense." As Fitzpatrick notes, there are easier, more cost-effective methods of attaining backdoor access into a target computer network.

What has also been taken "out of the context" was the image Bloomberg provided of the supposed spy chip.

Fitzpatrick said the image Bloomberg Businessweek provided of the supposed spy chip was the exact coupler he found on internet and sent to the reporter.

"I have tons of better pics I need to submit to Getty tagged 'hardware' implant," Fitzpatrick tweeted.

"I'm pretty sure the implant was not inside that tiny coupler. There's no doubt that the image are mock-ups for the article," he tweeted.

http://chinaplus.cri.cn/news/china/9/20181020/198479.html

***

Neofascism leads to bad and under-cooked propaganda that often backfires.

US regime-friendly FAKE NEWS media needs a complete overhaul.

 

[Beast]

US is king of fake lies and crooked words. Never trust an America media statement. They are like double headed serpent. Spit venom and has a heart of evil.

 

[TaiShang]

Apple CEO urges Bloomberg to retract its story of alleged China spying chips

(Xinhua) 13:53, October 20, 2018

Apple CEO Tim Cook is urging Bloomberg to retract its story about an alleged embedded Chinese spying chips that compromised about 30 companies including the servers of Apple.

BuzzFeed News said Friday that the Apple CEO, who received an interview with the news outlet Thursday, went on the record for the first time to deny allegations that his company was the victim of a hardware-based attack from a Chinese supplier and demanded Bloomberg retract the unfounded story.

"There is no truth in their story about Apple," Cook told BuzzFeed News. "They need to do that right thing and retract it."

Bloomberg Businessweek issued a story earlier this month alleging about 30 U.S. companies were compromised after their servers were implanted malicious chips during their manufacture in China, which created "a stealth backdoor" into their network running on the servers.

Apple denied in an Oct. 4 statement that it had found the "malicious chips" in servers on its network, saying it refuted "virtually every aspect of Bloomberg' s story relating to Apple."

"Apple has never found malicious chips, hardware manipulations or vulnerabilities purposely planted in any server," it said.

In the latest response to the Bloomberg claims, Cook said he "was involved in our response to this story from the beginning."

"I personally talked to the Bloomberg reporters along with Bruce Sewell, who was then our general counsel. We were very clear with them that this did not happen, and answered all their questions," said Cook.

"Each time they brought this up to us, the story changed, and each time we investigated we found nothing," he added.

"We turned the company upside down ... We really forensically whipped through the company to dig very deep and each time we came back to the same conclusion: This did not happen. There's no truth to this," Cook said.

The Bloomberg's report has been extensively questioned even by representatives of the companies it claimed to fall victim to the "backdoor" attack.

Earlier this month, FBI Director Christopher Wray warned a hearing of the Senate Homeland Security Committee to "be careful what you read" in reference to the report, BuzzFeed News said.

It quoted a high-ranking executive of a tech giant in Silicon Valley as saying that his company has conducted investigations, which didn' t turn up any evidence of tampering.

"We couldn't find anything," he said. "Our assessment is that it didn't happen."

http://en.people.cn/n3/2018/1020/c90000-9510243.html

***

US regime is becoming clumsy in propaganda.

 

[Hamartia Antidote]

https://amp.theguardian.com/comment...e-spy-chips-bloomberg-supermicro-amazon-apple

The tech giants, the US and the Chinese spy chips that never were… or were they?


October, Bloomberg Businessweek published a major story under the headline “The Big Hack: How China Used a Tiny Chip to Infiltrate US Companies”. It claimed that Chinese spies had inserted a covert electronic backdoor into the hardware of computer servers used by 30 US companies, including Amazon and Apple (and possibly also servers used by national security agencies), by compromising America’s technology supply chain.

According to the Bloomberg story, the technology had been compromised during the manufacturing process in China. Undercover operatives from a unit of the People’s Liberation Army had inserted tiny chips – about the size of a grain of rice – into motherboards during the manufacturing process.

The affected hardware then made its way into high-end video-compression servers assembled by a San Jose company called Supermicro and deployed by major US companies and government agencies. According to the report, investigators found that the hack eventually affected almost 30 companies, including a major bank, government contractors and Apple, which had originally ordered 30,000 Supermicro servers in 2015 but had cancelled the order after its own investigators had found malicious chips on the company’s motherboards.

Intelligence agencies might be reluctant to draw public attention to supply-chain interference given that they all do it

On the face of it, this was sensational stuff. Software hacks are routine nowadays, but hardware hacks are not (though we know from Edward Snowden’s revelations that western intelligence agencies are partial to them). And they are much harder to detect. China has long had a semi-state operation to hack into US tech companies and steal their intellectual property. The idea that it might have gained an unsuspected backdoor into some of the most sensitive and informative servers in the US must have sent shivers down many a corporate and government spine.

And although most computer hardware is designed in the west, the vast bulk of the stuff (75% of mobile phones and 90% of PCs) is manufactured in China. So if there was going to be a supply-chain attack, that’s where it had to be done.

On the face of it, therefore, the Bloomberg report seemed plausible even if all its sources were anonymous; it is, after all, a reputable journalistic outfit. But then angry rebuttals began to flood in. First, Apple, Amazon and Supermicro issued denials. Apple’s top security officer told Congress that the company had found no evidence to support the claims made in the report.

And an anonymous company informant told Motherboard that “none of the most consequential portions” of the original Bloomberg story as they relate to Apple was true. The company did not find malicious chips in its servers, it did not remove or dispose of those servers and Apple did not inform the FBI or frustrate an investigation into this incident.

Amazon, for its part, was equally unambiguous: “At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in Supermicro motherboards in any Elemental or Amazon systems. Nor have we engaged in an investigation with the government.”

Then the UK National Cyber Security Centre weighed in, saying that it had “no reason to doubt the detailed assessments made by AWS (Amazon Web Services) and Apple”.

The US Department of Homeland Security said much the same. And Supermicro (whose market value had been halved by the Bloomberg story) stated that it had “never been contacted by any government agencies either domestic or foreign regarding the alleged claims”.

In response, Bloomberg reporters stood by their story and even extended it, claiming that a “major US telecommunications company” had discovered manipulated Supermicro hardware in its network and removed it in August.

So what’s going on? Clearly, someone’s being economical with the actualité. Seeing what happened to Supermicro’s share price, you can see why the companies might be er, defensive. (And of course, the thought that security might oblige them to relocate manufacturing to the US would blow their minds, never mind their bottom lines.) Likewise, the intelligence agencies might be reluctant to draw too much public attention to supply-chain interference, given that they all do it.

Maybe things will become clearer in the next few weeks. In the meantime, the most illuminating contribution to the debate so far came from a Cambridge University researcher, Dr A Theodore Markettos, who conducted a fascinating investigation of a key bit of the Supermicro hardware to see if the Bloomberg claim passed what he called “the sniff test” of initial plausibility. His conclusion: it does. Stay tuned.

 

[Nan Yang]

https://amp.theguardian.com/comment...e-spy-chips-bloomberg-supermicro-amazon-apple

The tech giants, the US and the Chinese spy chips that never were… or were they?


October, Bloomberg Businessweek published a major story under the headline “The Big Hack: How China Used a Tiny Chip to Infiltrate US Companies”. It claimed that Chinese spies had inserted a covert electronic backdoor into the hardware of computer servers used by 30 US companies, including Amazon and Apple (and possibly also servers used by national security agencies), by compromising America’s technology supply chain.

According to the Bloomberg story, the technology had been compromised during the manufacturing process in China. Undercover operatives from a unit of the People’s Liberation Army had inserted tiny chips – about the size of a grain of rice – into motherboards during the manufacturing process.

The affected hardware then made its way into high-end video-compression servers assembled by a San Jose company called Supermicro and deployed by major US companies and government agencies. According to the report, investigators found that the hack eventually affected almost 30 companies, including a major bank, government contractors and Apple, which had originally ordered 30,000 Supermicro servers in 2015 but had cancelled the order after its own investigators had found malicious chips on the company’s motherboards.

Intelligence agencies might be reluctant to draw public attention to supply-chain interference given that they all do it

On the face of it, this was sensational stuff. Software hacks are routine nowadays, but hardware hacks are not (though we know from Edward Snowden’s revelations that western intelligence agencies are partial to them). And they are much harder to detect. China has long had a semi-state operation to hack into US tech companies and steal their intellectual property. The idea that it might have gained an unsuspected backdoor into some of the most sensitive and informative servers in the US must have sent shivers down many a corporate and government spine.

And although most computer hardware is designed in the west, the vast bulk of the stuff (75% of mobile phones and 90% of PCs) is manufactured in China. So if there was going to be a supply-chain attack, that’s where it had to be done.

On the face of it, therefore, the Bloomberg report seemed plausible even if all its sources were anonymous; it is, after all, a reputable journalistic outfit. But then angry rebuttals began to flood in. First, Apple, Amazon and Supermicro issued denials. Apple’s top security officer told Congress that the company had found no evidence to support the claims made in the report.

And an anonymous company informant told Motherboard that “none of the most consequential portions” of the original Bloomberg story as they relate to Apple was true. The company did not find malicious chips in its servers, it did not remove or dispose of those servers and Apple did not inform the FBI or frustrate an investigation into this incident.

Amazon, for its part, was equally unambiguous: “At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in Supermicro motherboards in any Elemental or Amazon systems. Nor have we engaged in an investigation with the government.”

Then the UK National Cyber Security Centre weighed in, saying that it had “no reason to doubt the detailed assessments made by AWS (Amazon Web Services) and Apple”.

The US Department of Homeland Security said much the same. And Supermicro (whose market value had been halved by the Bloomberg story) stated that it had “never been contacted by any government agencies either domestic or foreign regarding the alleged claims”.

In response, Bloomberg reporters stood by their story and even extended it, claiming that a “major US telecommunications company” had discovered manipulated Supermicro hardware in its network and removed it in August.

So what’s going on? Clearly, someone’s being economical with the actualité. Seeing what happened to Supermicro’s share price, you can see why the companies might be er, defensive. (And of course, the thought that security might oblige them to relocate manufacturing to the US would blow their minds, never mind their bottom lines.) Likewise, the intelligence agencies might be reluctant to draw too much public attention to supply-chain interference, given that they all do it.

Maybe things will become clearer in the next few weeks. In the meantime, the most illuminating contribution to the debate so far came from a Cambridge University researcher, Dr A Theodore Markettos, who conducted a fascinating investigation of a key bit of the Supermicro hardware to see if the Bloomberg claim passed what he called “the sniff test” of initial plausibility. His conclusion: it does. Stay tuned.

You are Chinese, right. Then you should remember the COX report release about 20 years ago. How did that turned out.
Remember Wen Ho Lee? He spend 11month in solidarity confinement. How did it end?

Just continue to spread these fear mongering on behalf of the white administration.... and it will come back and bite you. Just like Wen Ho Lee.

 

[Tauren Paladin]

US propaganda