
The tech giants, the US and the Chinese spy chips that never were; or were they? - charlysl
https://www.theguardian.com/commentisfree/2018/oct/13/tech-giants-us-chinese-spy-chips-bloomberg-supermicro-amazon-apple
======
majia
Given the scarce technical details provided by Bloomberg and demonstrated
Bloomberg reporter’s lack of understanding on how hardware works, it’s
entirely possible someone fooled Bloomberg. Bloomberg said it has 17 sources,
but perhaps one source intentionally gave a false story, another described an
unrelated attack, and the third merely commented on the technical possibility
of a chip hack instead of its existence. Without much technical expertise, the
Bloomberg reporter could not determine which of the sources are credible and
relevant, but he surely knew which buzzwords are good for a story. So he
created a sensational narrative that could attract as much attention as
possible, based on selected information that helps the narrative.

~~~
jaclaz
>...one source intentionally gave a false story, another described an
unrelated attack, and the third merely commented on the technical possibility
...

Yep, that is very likely for 3 sources, but they (assertedly) had 17.

It is really hard to believe to the story, still, besides the
journalists/authors there are editors and I cannot believe that - given the
relevance of this story - it was not double/triple checked and approved for
publishing only after a throroughful review.

------
archgoon
This article is a summary of the current state of affairs; There is no new
information, and does not answer the question in the headline.

Bloomberg says a spy chip was discovered and Apple and Amazon worked with the
government to investigate. Apple and Amazon both deny the story is correct.

~~~
sumedh
> There is no new information,

It links to the Cambridge university security team blog and they say
Bloomberg's claim passes the sniff test.

[https://www.lightbluetouchpaper.org/2018/10/05/making-
sense-...](https://www.lightbluetouchpaper.org/2018/10/05/making-sense-of-the-
supermicro-motherboard-attack/)

~~~
yorwba
Which has been discussed before
[https://news.ycombinator.com/item?id=18148749](https://news.ycombinator.com/item?id=18148749)

So whether that's new information or not depends on how much time you waste on
HN ;)

------
Waterluvian
Is there a problem with how much power some journalists have to move markets?

If this story turns out to be wrong, and it also wasn't fraud, it feels wildly
unfair for a company to have half evaporated overnight.

Dangerous topic so I'll say that I'm not suggesting limits on journalism or
freedom of speech.

------
rossdavidh
1) No doubt, the Bloomberg reporter was not technical enough to vet what he
was being told 2) No doubt, newsmedia get lots of stuff wrong, and the more
you know about the topic of the article, the more wrong you see, typically 3)
But also no doubt, China has the means, motive, and opportunity to use their
position in hardware the same way the U.S. uses its position in software, to
enhance intelligence gathering. I have heard no credible reason why China
wouldn't have, in one way or another, used that position to gather
intelligence. 4) The longer that goes by without somebody finding a
compromised board to show, the less I believe this particular avenue was used.

~~~
majia
3)I doubt China would hack its hardware for intel purpose in the way bloomberg
described, not because it doesn’t want to, but because it’s very cost
inefficient. China needs to perform the hack on a massive scale to hack a
target because it cannot reliably know which server is going to which company
down the supply chain. Such a massive hack will almost certainly be caught and
the economic consequece is huge. In addition, unlike software hack, its easy
to trace the origin of a hardware attack back to china.

~~~
stevehawk
There's a large misconception in a lot of the conjecture I see publicly, and
it's the idea that China would care if it could be traced back to them. A lot
of governments commit a large number of intel actions knowing they'll be
traced back to them but it's still worth it. If they got caught they'd just
say "Oh it's a rogue factory" and go one with life. Maybe we would throw some
bullshit sanctions their way.

A historic example of this is the recording devices we used for Operation Ivy
Bells. There was no hiding who the recording devices belonged to because we
spray painted "Property of the US Government" on them. Or the Iran nuclear
manufacturing tampering that was pulled off for years. Everyone knows who did
it because who else could have done it?

Regarding 'scale' \- that's not all that important either. If you have someone
at SMCI that can get shipping orders then you can easily figure out roughly
what batches you need to tamper with in order to make sure your parts end up
where they need to go. And it's worth it, even in a small scale, on the hopes
of not getting found. No one comes up with one idea of compromising a target
and then never waivers from it. You try them all until one works.

~~~
charlysl
I still believe though that China (and, in fact, the US itself) would have
much more at stake if the US discovers that the supply chain has been
compromised, given its enormous manufacturing interests and how this might be
used to justify certain trading policies, whereas the US (and Israel) had, in
comparison, almost nothing to worry about Stuxnet being traced back to them.
This is the main reason I believe that if this was real it would have been
incredibly rash from the Chinese, unbelievably so. Then again, it would also
be extremely damaging to Bloomberg's reputation if it wasn't.

------
Nasrudith
Personally I wouldn't be surprised if there was a backdoor of some sort in the
firmware or deniable known vulnerabilities to exploit but just a spy chip
seems too Hollywood and symbolic given other approaches - adding a 'parasite'
to corrupt it when they can just integrate it such that a very expensive and
detailed analysis would be needed to find it.

~~~
zby
Yeah - it does not look impressive when we have read about the possible
backdoors inside processors: [https://www.wired.com/2016/06/demonically-
clever-backdoor-hi...](https://www.wired.com/2016/06/demonically-clever-
backdoor-hides-inside-computer-chip/) But on the other hand maybe they were
just testing the waters - it was in 2015 after all.

------
mtw
I wouldn't be surprised if this was some sort of PR campaign similar to Iraq's
WMDs. It does make sense that Iraq still has weapons of mass destruction and
could use them against civil populations; likewise, it does make sense that
China could access the supply chain, and could use it to access government and
corporate networks. The end goal is to change public perception and get
support on the idea that the US should focus its efforts on that country
(instead of the Mueller investigation or Russia for example). In Iraq's WMDs,
the symbol was Colin Powell's vial of Anthrax, here it's a tiny chip that
promises to unlock all servers. It's a symbol strong enough that goes well on
TV or media.

True or not, what matters is that the seeds of distrust has been sowed. It's
billions of $ lost for Supermicro shareholders, and potentially distrust of
China.

~~~
DenisM
One important difference is that in the run-up to the Iraq war every major
newspaper was beating the drums of war, whereas here only one major newspaper
is involved.

------
adammunich
Who knows? Bloomberg might have just ripped the image of thier chip from the
mouser catalog and called it a day..

[https://www.mouser.com/new/tdk/tdk-rf-
components/](https://www.mouser.com/new/tdk/tdk-rf-components/)

~~~
mellow-lake-day
AFAIK the images used in the Bloomberg article were illustrations / stock
images

~~~
TeMPOraL
I wish there was a ban on using stock imagery in news reporting. They should
either put a real photo, or no photo at all. Putting stock photos almost
always creates confusion.

~~~
booleandilemma
What about a stock photo that is clearly labeled as a stock photo?

~~~
TeMPOraL
If "clearly" in the UX meaning of the word (e.g. same size or greater than
that of surrounding text, but visibly emphasized) - sure. If "clearly" in the
legal sense, let's be honest - who's going to notice that?

And ultimately, why risk confusing people just to make the article prettier?
That media outlets do this is one of the many reasons proving that they don't
really care about informing their audience.

------
snarfy
Where is the hardware? I call bullshit until someone produces compromised
hardware.

------
huffmsa
The article is a pretty weak summary of events.

However, the across-the-board blanket denials seem suspect. Of course you'd
deny that you gave a 3 letter agency access to your hardware.

Someone needs to procure one of these tainted boards soon though.

~~~
mulmen
What would it take for you to believe the denials?

~~~
huffmsa
The burden of evidence is on the accuser. If no tainted motherboards are
produced, I believe the denials.

------
liftbigweights
This isn't news. It's gossip and clickbait masquerading as news.

I wish there was a way to filter any headline with a "?".

"The pyramids were built by aliens... or were they?"

~~~
charlysl
I agree with you about both the title and the content, it is a disappointing
article. However, I decided to submit it anyway given that it's a sample of
how this is being reported in the mainstream media, and that it has many
comments, a few of which are quite interesting.

