Friday, October 5, 2018

Amazon and Apple almost certainly did NOT get hacked servers

There is a sensational Bloomberg article claiming that Chinese intelligence agents added chips to motherboards in servers used by Amazon and Apple.  I won't link to it because this smelled to me like bogus security PR stories that are unfortunately a plague in the industry.  Basically, a showboating security company gets a PR agency to hype a story beyond all recognition, and whatever kernel of truth was there gets drowned in a tidal wave of ZOMG!!!!!eleventy!!

Yawn.

But there's a very interesting writeup at Errata Security about what the real scoop likely is (spoiler alert: fraud in the manufacturing process replacing quality chips with less expensive knock-offs to skim some profits).  Basically, it's why you ask your mechanic for the used parts he changed in your car (and look at the ones he replaced them with) if you aren't sure about his reputation.

But this is the key part, to me at least:
The story is based on anonymous sources, and not even good anonymous sources. An example is this attribution:
a person briefed on evidence gathered during the probe says
That means somebody not even involved, but somebody who heard a rumor. It also doesn't the person even had sufficient expertise to understand what they were being briefed about.
The whole article is interesting, but is important for how it demolishes the breathless ZOMG!!!!!eleventy!! in the Bloomberg article.  Quite frankly, that's why I'm not linking to Bloomberg, because it's security clickbait.

The problem on someone getting to the hardware and doing dirty deeds dirt cheap is a real one - I've personally heard DoD folks discussing this for 15 years or more.  But this sure doesn't seem like that's what's happening.  Rather, it's just some big mouth media whores helping "journalists" pimp some clickbait.

UPDATE 8 October 2018 09:42: The Department of Homeland Security backs the denials from Apple and Amazon.

4 comments:

Ed Bonderenka said...

OR IT COULD ACTUALLY BE CYBER ESPIONAGE SO THAT THE CHINESE CAN TRACK ALL THE CRAP WE BUY THROUGH AMAZON AND APPLE THAT COMES FROM CHINA!!!!!!!

ZOMG! ELEVENTY!!!

Eagle said...

OMG! Chips smaller than a grain of rice!!

I wonder if any of these bozo reporters have ever even looked at a motherboard and asked "what are all those tiny black thingies with the silver thingies hanging off them?"

BTW: except for milspec "designed and manufactured in the US" components, I'd love to know the name of the high-tech mass-manufacturer who is building and populating their motherboards here in the US...

ザイツェヴ said...

You're going to eat your words, bro.

Will said...

I think the "Great Glut of 1985" is what drove the chip makers out of the US. I worked at UltraTech Stepper, and it was quite a sight to walk into an Intel Fab and see perhaps 50 of our Steppers on a single floor*. I think we were building ~25-30/month, and they went out the door as fast as possible. And then, one month it just stopped. Intel threw bags over their machines and locked the doors.
When business eventually picked back up, a lot of the fabs were being set up outside the US, mostly in Asia, IIRC.
I moved over to lasers, and ignored job listings for the chip industry, as it seemed to be very cyclical after that.

*For some unremembered reason, most of the women working in the fabs wore Bikinis under their bunny suits. A bit distracting!