back to article Super Micro China super spy chip super scandal: US Homeland Security, UK spies back Amazon, Apple denials

UK spymasters and US Homeland Security officials have supported Western tech companies' denials that Chinese agents were able to smuggle hidden surveillance chips into Super Micro servers. Mainstream media megastructure Bloomberg reported last week that Beijing's military intelligence pressured or bribed a Chinese …

  1. A Non e-mouse Silver badge

    Extra ordinary claims require extra ordinary proof.

    1. Sir Runcible Spoon
      Black Helicopters

      Perhaps TPTB don't want anyone looking too closely at the *actual* chip blueprints?

    2. Anonymous Coward
      Anonymous Coward

      I know. You might want to peruse the links in the discussion herein:

      https://www.electronicsweekly.com/blogs/mannerisms/dilemmas/a-rum-do-2018-10/

      So that is one pretty official statement.

      1. Paul Crawford Silver badge

        When I try that site (www.electronicsweekly.com) I simply get "403 Forbidden"

        So either they are blocking EU addresses or singling out VPN use, shame as I will just ignore them from now on.

        1. nagyeger

          works for me...

          Hmmm.

          Link Works from Romania

  2. Pascal Monett Silver badge

    "It is bonkers to think it would have screwed up a story this huge"

    The facts seem to say otherwise.

    And I'm not talking about what companies say :

    Fact #1 : Bloomberg says an FBI investigation is/was underway

    Fact #2 : the FBI denies any investigation

    This may be the Trump era of politics, but if the FBI unequivocally denies that there is an investigation, I believe the FBI.

    So either Bloomberg reporters decided to try and cook up a story, which does indeed seem out of character to say the least, or somebody conned Bloomberg into publishing this story.

    Conspiracy theorists, start your engines !

    1. big_D Silver badge

      Re: "It is bonkers to think it would have screwed up a story this huge"

      I see two scenarios, either somebody duped the reporters at Bloomberg, although that seems unlikely, given that they should still have a legal department that double checks the stories and facts, being a "real" news organisation.

      Or it was an insider secret that the chips existed, the security services knew about it and were using it to provide misinformation to the Chinese and now it is blown up and their golden goose is about to be served up with stuffing and all the trimmings.

      But even so, the likes of Apple and AWS would still be open to huge fines, if they are found to be lying.

      1. Gordon 10
        WTF?

        Re: "It is bonkers to think it would have screwed up a story this huge"

        Who Shorted SuperMicro recently?

      2. Anonymous Coward
        Anonymous Coward

        Who has something to gain by duping Bloomberg

        Skeptical of the short theory - the SEC can track that too easily since Supermicro is the only target you could reasonably short. Who else could be duping Bloomberg, and why? They said they talked to the FBI, and I'm sure they'd connect to their sources through the FBI main number at least once to verify they really worked for the FBI.

        Given the divide between the Trump administration and the FBI, I suppose its possible if the administration had a few people within the FBI make these claims, supply contacts with "Apple" and "Amazon" that weren't, to fool Bloomberg into posting this story. It is quite timely given Trump's battles with China - maybe the idea was to get the public behind his trade war even things don't turn out as rosy as Trump naively believes.

        For Trump's admin it is no lose - if they get away with it they get the public on their side even if the China trade war gets messy and long lasting, If they get caught they blame the FBI and say see "this is proof they are incompetent and the top people should be fired" so they can sabotage Mueller's investigation.

      3. Mark 85
        Pirate

        Re: "It is bonkers to think it would have screwed up a story this huge"

        There's 3rd scenario: Bloomberg is possibly considered "fake news" and the administration decided to make an example of them. Then again, maybe I just need a tinfoil hat.

        The concept of what is credible and what is not is indeed clouded. In this case, we have a respected news agency, a shifting political landscape that issues contradictory news items, and a spy agency that wouldn't want to be outted. The companies (all of them) involved may be under a "secrets" embargo and dare not speak to this other than deny.

        We're in "what's real and what's not real" land here. All anyone can do is speculate.

        1. Anonymous Coward
          Anonymous Coward

          Re: "It is bonkers to think it would have screwed up a story this huge"

          It has been the NYT and Washington Post that have broken most of the big stories that made Trump look bad (i.e. what he considers "fake news") but if Bloomberg was fooled then I wonder if it'll turn out the story was fished to the Times & Post and they didn't bite. If they were approached with that story and decided against it, I'm sure they are furiously tracking it now to see if they can determine whether its true or false.

    2. bombastic bob Silver badge
      Black Helicopters

      Re: "It is bonkers to think it would have screwed up a story this huge"

      if the bloomberg reporter was passing along unconfirmed information, they should have been a bit more careful about how it was stated. As written, it seems to be an expose of a massive scandalous breech of contract by manufacturers in China, with crimes no doubt committed on both ends of the Pacific.

      However, if it's all FUD and headline trolling, Bloomberg deserves shame and ridicule for it.

      I'd say the same for ANY news source, regardless of their political slant. I've said things like this about [P]MSNBC as well as [F,C]NN and the 3-letter networks in the USA (ABS, CBS, NBS - ok not 'BS' but ABC,NBC - still it's a nicname they deserve].

      So if Bloomberg is now engaging in the SAME kinds of "fake news", they deserve whatever happens to them as a result of it.

      HOWEVER, if the facts show that Bloomberg is RIGHT, then we have a serious problem here. Not only because of the hardware-based spying [some of the allegations in the Bloomberg article suggest that chips were mounted BETWEEN LAYERS inside the circuit board], but also because of the DENIALS by those parties that were allegedly involved. AWS and Apple should NEVER deny an investigation, assuming that they're interested in customer and corporate security (unless they're under a gag order for national security or something similar).

      In any case, I'm not 100% convinced to NOT purchase anything from SuperMicro, but I am concerned about 'things made in China' a bit more than I was before. China is going to have to come up with some kind of guarantee that the supply chain won't be manipulated like that - EVER. We've been suspecting them for too long, apparently with good reason, and past violations of our IP doesn't make them look like 'good guys', not at all.

      Notwithstanding, some of the descriptions [chip the size of a grain of rice, or a sharpened pencil tip, between board layers even] is a little strange, to me. You'd need some pretty sophisticated stuff to interrupt a multi-Ghz signal and re-arrange the data like that. That kind of tech would be better served making a new CPU architecture or something like that. Rather than stealing tech, they could invent it instead. It's not profitable to them, in other words, to put that kind of tech expertise into spy chips that would THEN randomly target U.S. companies.

      1. Richard 12 Silver badge

        Re: "It is bonkers to think it would have screwed up a story this huge"

        The technology described is perfectly feasible.

        It's SPI flash speeds. Something that an Arduino-scale device can read and write.

        The main stupidity of the story is that it's a ridiculously expensive and totally unnecessary way to do it.

        It's cheaper and easier to fake a chip than a PCB.

        The inserted chip was described as attacking the BCM in some way. So why not simply replace the flash chips for the BCM with one containing the alternative code to do whatever you wanted?

        Either as simple data, or if you're really keen, as a fake chip containing write-once partition for your attack.

        The pointless complexity of the described attack means that the story is almost certainly false.

      2. Anonymous Coward
        Anonymous Coward

        @bombastic bob

        but I am concerned about 'things made in China' a bit more than I was before

        The problem is, you might be more concerned but there's little you can do about it. It is almost impossible to purchase any modern electronics that are 100% free of anything made in China. Off the top of my head the only computer not made in China is the iMac, which is made in a factory in Cork, Ireland - but the motherboard is almost certainly made in China, and many of the chips on it would come from mainland China or Taiwan. Pretty much impossible to buy a wifi router that wasn't made in China, you might find some phones and TVs made in South Korea instead but almost certainly some components in them come from China...

        Of course like I always say, given a choice between being spied on by the US government or by the Chinese government, as an individual I choose the latter (obviously I'd choose differently if I'm talking about systems the DoD is using) The way I figure it, if the US government doesn't like what I say or do they can make my life a lot more miserable than China's can if they don't like what I say or do. And since I live in the US, and not China, the US government is a lot more likely to want to spy on me than China.

        1. bombastic bob Silver badge
          Devil

          Re: @bombastic bob

          Re: manufacturing in China "there's little you can do about it"

          well, I've had at least SOME influence on manufacturing choices (for customers) in the past. I assume the future isn't going to be much different [my line of work being related to that]. So if a customer says "make in China" I have one specific alternative U.S. based pic-n-place board builder to suggest instead, and possibly one in Mexico as well, and I might even reference the Bloomberg article when it comes to determining manufacturing 'outsource' choices.

          I'm sure others might do this as well, too, and that's the point. Outsourcing your manufacturing to China is less attractive, now, for many reasons. And Mexico is looking a lot better.

          /me sometimes gets bare boards done by a Canadian company. Fast turnaround, good quality, ok pricing for small quantities. More expensive but I want my Monday AM design back by Friday, and usually that happens.

    3. IceC0ld

      Conspiracy theorists, start your engines !

      and now under the cover of all the huffing and puffing from the various 3 letter agencies, and the ongoing he said to me, that she said to him, that you said to me ............................... shenaninigans from all the other 'interested' parties

      Beijing will now most likely start THEIR engines and switch those little beasties ON :oP

  3. Martin 47

    Frankly I'm surprised that anyone is surprised that a Chinese owned or controlled company would do this.

    Just the same as I would be surprised if anyone would be surprised if an USA owned or controlled company was doing the same.

    1. EricM

      Re: I'm surprised that anyone is surprised that a Chinese owned or controlled company would do this.

      I'm not so much surprised they _would_ do this, but if they really _could_ do this.

      You cannot just solder a chip on a board to have it spy for you.

      You cannot just "alter" data on an SPI bus by just being connected to it.

      In short : Putting something unexpected on a server board is very likely to mess things totally up, if not at once, then when the first firmware update arrives...

      1. jay_bea

        Re: I'm surprised that anyone is surprised that a Chinese owned or controlled company would do this.

        I wondered about this too. I assume that the Chinese factories just assemble to the designed provided by Super Micro in the US. If this is the case, then surely adding components would require a detailed knowledge of these plans, the ability to change them and modification of the assembly process, and would need to be originated with the designers in the US? How much control to the factories in China have over design?

      2. Anonymous Coward
        Anonymous Coward

        Re: I'm surprised that anyone is surprised that a Chinese owned or controlled company would do this.

        >You cannot just solder a chip on a board to have it spy for you.

        Look at PCBs: in many cases you will find many free pads. Some are used for future expansion, for added chips for the model one step up and, mostly, or for test points. Bloomberg makes an issue of Supermicro having Chinese language engineers who held many of the more productive (in their words) telephone conferences in Mandarin Chinese. The hint is that a Supermicro engineer made room for a chip not part of the design, possibly disguised as test points for use in manufacturing, that later was used by Chinese government to fit a chip on.

        Back in the day when I was an electronic designer we made sure we had a lot of test points and I have not seen this has changed.

      3. bombastic bob Silver badge
        Meh

        Re: I'm surprised that anyone is surprised that a Chinese owned or controlled company would do this.

        "You cannot just solder a chip on a board to have it spy for you."

        well the allegation is that they had modified the board's design. The manufacturer has the gerber files [or whatever has the design on it], and it wouldn't take a lot to edit those to include a "something" to which a new chip would be soldered [or embedded within the layers even].

        I understand the tech to embed devices between layers has already been used by Apple, or so I've read. In some cases it might be highly useful to do that [example, power supply bypass capacitors or a resistor array]. Series resistors are often used to abate 'unintentional radiator' signal noise, and so a resistor array conveniently placed between IO pins and their destination INSIDE of the board would be convenient (assuming it could be done).

        In any case the tech apparently DOES exist to insert components. So the allegation is PLAUSIBLE and that's fear-inducing enough. Whether or not a manufacturer can be bribed/strong-armed into actually DOING that is another story.

        And if it's on an SPI bus between a BIOS ROM and an SoC, such that it could re-program the BIOS slightly during a flash update, or read 'special instructions' in place of the ACTUAL flash, it could be pretty bad.

        /me considers Intel's ME being invoked, for example. It might not take a lot of 'extra instructions' to make that happen, nor to cover its own tracks afterwards, and to invoke the on-chip LAN to "phone home"... and listen for commands while running.

        which means that a call for a hardware mod to SHUT OFF Intel's Management Engine [with a jumper, let's say] now makes even MORE sense.

    2. usbac Silver badge

      I don't think it's that difficult to do something like what is mentioned in the original article. Everyone needs to understand that the "chips" we see on circuit boards aren't the real chip. The actual die inside the package is much smaller than what we see on a board. The die can be as small as .1mm square. The dies are placed into much larger packages so that they can be soldered to a circuit board.

      If properly done, a die could be placed between layers like an embedded via. It would take a great deal of knowledge and skill to do it, but it could be done. With some of the innovative assembly techniques being developed by companies like Apple (as much as I dislike Apple), the Chinese contract manufacturers have been taught how to do some crazy things.

      Tapping something like an SPI bus isn't that hard. It's only 4 signals. One could create a chip that would normally be a pass-through, but would change commands when it needed to. I have done quite a bit of SPI software and hardware, and I can see how this could be done. It would be rally hard, but when state sponsored, it's possible.

      Our government would not even blink at spending $100 million on something like this. With that kind of money, it would be easy to find a few very talented engineers that could pull this off.

      I remember back in the 90's people were opening up ICs and probing them under a microscope in live running circuits to break the encryption on satellite TV receivers. If people will do this to get free TV channels, what do you think a government with nearly unlimited funds can do?

    3. bombastic bob Silver badge
      Meh

      "if an USA owned or controlled company was doing the same."

      I would be _extremely_ surprised if a USA company did something like this. After the lawsuits shut down their company and drove it into bankruptcy, the principal board members might actually face criminal charges. The legal bills would be enormous (breech of contract being #1 on that list).

      We don't have a supply bottleneck here that involves the government (aka government 'owned' companies), nor a somewhat oppressive communist government that has the will [and ability] to demand/coerce that kind of cooperation from its citizens. The mistrust of government in THIS country is pretty overwhelming. Finding someone who'd put up with that would be difficult. People would quit their jobs first, before cooperating (not THAT hard to find another one, ya know?). And, some people live to be "whistleblowers" for things like that, with its instant fame, TV interviews, and book deals.

      I doubt that anyone in the UK would try to get away with something like this either, for similar reasons. Nor the EU in general. Russia, on the other hand, might try something like that. But we don't buy "Made in Russia" stuff all that much, do we?

      1. Malcolm Weir Silver badge

        Super Micro Computer Ltd *is* a US owned and controlled company.

        Yes, Mr & Mrs Charles Liang are ethnically Taiwanese (and therefore predisposed to not trust mainland China), but the company is a classic Silicon Valley startup made good.

        I'm reminded of an acquaintance who asserted that Google was peddling Russian influence based on Mr. Brin's ethnicity... not entirely sure how that squared with Mr Page's lack of Russian connections, but then my tinfoil hat never quite fitted me!

      2. Michael Wojcik Silver badge

        After the lawsuits shut down their company and drove it into bankruptcy,

        Yeah, just like Equifax! Oh, wait.

        the principal board members might actually face criminal charges

        Considering the vast difficulty of proving any of them knew anything about it, I doubt any AG would even try to take it to trial. If I were on the board of a company, and decided to engage in shady dealings, you can damn well bet that my lawyer would be copied on any communications, to attach privilege.

        breech of contract being #1 on that list

        OK, I admit that if your breeches contract, you may have something to worry about. But let's not get our knickers in a twist over it.

    4. streaky
      Black Helicopters

      The story sounds a bit bull because of the compute power and the ways you'd have to screw with data lines at memory speeds and not introduce noise and not make the system massively unstable to make it a thing - it'd be easier just to screw with firmware like the NSA did with Cisco gear. If this is real then China is way way ahead of the west in both subversive technologies and technology in general and I have a hard time believing it. It's not that it's not a thing so much as how large the chip would have to be to do what's claimed, look at something like a PHY for display port and consider the chip would have to be more complex than that. Exactly. People would notice.

      That said it's not really the company so much as the Chinese government infiltrating the company that is the risk. No reason SMC would ever have to know any more that Gemalto or Cisco or anybody else would. That being said you'd also have to mess with various design and QA processes - basically SMC would have to never inspect any boards going out the factory and coming back under RMA etc or do any continuous improvement to not be complicit if it's actually a thing..

      It all sounds a bit miniformationy to me and I'm definitely *not* a tinfoil hatter.

      1. Anonymous Coward
        Anonymous Coward

        >data lines at memory speeds

        You are thinking of attacking the memory bus. That is hard. Easier then to attack the SPI bus - it is slow and a serial bus that requires only a few wires.

        >it'd be easier just to screw with firmware like the NSA did with Cisco gear

        That assumes the firmware is installed in China and not in the US: Chinese contract manufacturers assemble the electronics but does not necessarily upload software. It is safer to do that back home to avoid more secrets leaking (probably blown anyway but people do hope) and you can claim some work on production is done in the US. So china might not have that possibility.

  4. Anonymous Coward
    Anonymous Coward

    "if found to be lies would fall foul of securities fraud laws"

    But if a court is told that was a matter of "national security"? Companies would think they would be quite safe. Remember "national security" has been used against Canada to justify tariffs...

    1. MiguelC Silver badge

      Re: "if found to be lies would fall foul of securities fraud laws"

      My thoughts exactly, they could argue to have been instructed by the TLAs to deny it on those grounds. And the TLAs ould have a backroom talk with the courts. Not that they'd ever admit to it, but TLAs.

    2. Rol

      Re: "if found to be lies would fall foul of securities fraud laws"

      My thoughts exactly.

      Out of all the institutions mentioned in the article, only one has come through the last decade with its reputation intact. Bloomberg. The rest have all been caught out for a multitude of shenanigans.

  5. alain williams Silver badge

    Who gains by this ?

    If we assume that Bloomberg has got it wrong and also assume that Bloomberg would not want to dent its reputation by asserting bollocks then a lot of effort must have gone into pulling the wool over Bloomberg's eyes. Knitting that wool is probably beyond the abilities of pranksters and would need to be state actors.

    What would a country gain by hurting Bloomberg ? Maybe one that wants to make it harder for us to distinguish between fact and fiction, one that generates fake news that it does not like reputable journalism from showing that the news is fake. If we do not know what is true or false then we become confused and less able to make good decisions.

    Another possibility is that the five eyes were in on this and do not want it exposed. This I doubt.

    1. Ben Tasker

      Re: Who gains by this ?

      > What would a country gain by hurting Bloomberg ?

      I'm not saying it definitely is this, but if a country were already engaging in a trade war with China in an attempt to bring manufacturing home, then using a credible(ish) story like this to undermine confidence in the Chinese end of the supply chain could prove rather beneficial.

      There's a rather large country in that position, who's administrations over time have been known to be less than bothered about generating misinformation to achieve perceived gains. Such an immoral administration would probably have no issues in conjuring up some credible 'sources' too - particularly when those sources are simply talking about having seen reports, pics etc rather than providing them to the targeted news organisation.

      By all accounts, it would not be the first time Bloomberg has been played by Govt leaks.

    2. amanfromMars 1 Silver badge

      Re: Who gains by this ?

      Another possibility is that the five eyes were in on this and do not want it exposed. This I doubt. ...... alain williams

      You might like to doubt that, alain, if you want to believe they have any effective intelligence to share with each other. And if you can't, is it very reasonable to conclude that they don't ‽ .

      1. onefang

        Re: Who gains by this ?

        To sum up - Show me the money! Or - Show me the motherboard!

    3. Doctor Syntax Silver badge

      Re: Who gains by this ?

      "What would a country gain by hurting Bloomberg ? Maybe one that wants to make it harder for us to distinguish between fact and fiction, one that generates fake news that it does not like reputable journalism from showing that the news is fake. "

      The usual suspects.

      It'd take a lot of work to narrow down that list.

    4. MudFever

      Re: Who gains by this ?

      Russia!

      Making trouble for the US is a national past-time, and what could be more fun than fanning the flames of a trade war ...

    5. Version 1.0 Silver badge

      Re: Who gains by this ?

      Possible the company that supplies the NSA with computers?

    6. JeevesMkII

      Re: Who gains by this ?

      Why assume it was malicious?

      I can see a scenario where the FBI issued a notice to big tech firms to watch their supply chains carefully for threats introduced by state actors. That notice gets distilled in to a memo for people in to the company who need to worry about that kind of thing. The memo gets discussed by people who receive it and by some kind of (ahem) Chinese whispers process some confused underlings get the impression that it isn't just a warning but an actual active threat that the company is dealing with.

      The leakers could have honestly believed what they were telling the reporters without it necessarily being true.

  6. amanfromMars 1 Silver badge

    Just A.N.Other Mad 0Day at the Office.

    Seems to me just like the System That Is As Is is trying out how much crazier it can be with anonymous tales without IT crashing its flash cash markets with other better beta trails to follow and invest in.

  7. Anonymous Coward
    Anonymous Coward

    They also denied holding internal investigations with the FBI

    I think I have heard that before... lemme think, that "TRAITOR OF AMERICAN PEOPLE!" hiding in Moscow, didn't MS strongly reject suggestions they'd ever, EVER let their hardware be accessed by the you-know-whom for the you-know-what-purposes?

  8. Aladdin Sane

    Curiouser and curiouser.

  9. Bronek Kozicki
    Megaphone

    I wonder

    .... if we are ever going to see the internal programming of the "bug chip". It must have been reverse-engineered already, right? Seeing what that thing was actually programmed to do would remove much (although not all) doubt from this case.

  10. pɹɐʍoɔ snoɯʎuouɐ

    Occam's razor

    apply Occam's razor to this, then the most likely thing is that Bloomberg has been duped.

    how hard would it actually be for some organisation to come up with the number of informants that Bloomberg got its reports from, putting into place enough paper trails to make the sources look real.

    then look who suffered and who gained.

  11. Andy The Hat Silver badge

    Just curious as to why the NCSC in the UK spoke up so rapidly in support of US corporates rather than simply denying knowledge about what had, until that point, been a Chinese/US issue?

    Either there is something to this story or Bloomberg have had an incredibly complicated scam played against them with the aim of discrediting Chinese manufacturing ... If the first, there's a massive and organised closing of corporate and governmental ranks, if the latter it smells of very high level organisation. Either way I have a bad feeling that there are Governmental organisations with more fingers in this than they should have ...

    Of course the absolute conspiracy theory would say the Chinese did it, the US discovered it very early and turned the system to deliver false information to its masters ( making it a double agent ). That way the US have to deny any earlier knowledge and will be wanting to kick Bloomberg for cutting off a known spy link ...

    1. iron Silver badge

      It's an important news story that affects British business (because AWS). NCSC are simply carrying out their mandate.

    2. Doctor Syntax Silver badge

      "Just curious as to why the NCSC in the UK spoke up so rapidly in support of US corporates rather than simply denying knowledge about what had, until that point, been a Chinese/US issue?"

      Splitting that into two -

      Why they spoke up so rapidly? Maybe someone in the media asked them for a response.

      Why they gave the answer whey did? Because it smelled as wrong to them as it seems to have done to most others with a clue.

    3. HmmmYes

      Discrediting Chinese manufeaturing is easy.

      Just place an order for '1000 of' <something> and if your name is not Apple or another very large company then you'll get a cotnainer full of hitnmis shit some 12-24 months after the due date.

    4. Rol

      I'm with Andy The Hat on this

      Let's take this a little further.

      The rice grain sized chip purportedly created by Chinese engineers, could, like so many high tech gizmos have been designed in the West and then reverse engineered.

      We know only too well to what ends our own agencies will go to, to gather every minute detail they can, without any regard for legality or morality.

      Now if our own agencies had been Borging motherboards into the collective, wouldn't they be denying any and all stories, regardless of who the finger is pointing at?

      And wouldn't their instructions to those companies who are complicit in this be to vehemently deny everything and not just trot out the usual lame disclaimers.

      It's not unreasonable to think that Chinese agencies would take the West's tech and use it in the motherboards the NSA specifically don't want Borging.

  12. Cuddles

    Poor journalism

    "One particularly annoying thing is that the graphics used in the blockbuster article – depicting the spy chip and its placement on the board – look to be purely illustrative"

    The whole thing seems pretty weird. There are good reasons for keeping sources anonymous and not just dumping all the information and data handed to journalists into the public view, but usually it's made clear that said journalists have been shown stuff to make them believe something really is going on. Even if they don't publish it all, there are always comments along the lines of "We have been shown internal documents that appear to confirm...".

    Except in this case, any hint of evidence seems to be missing entirely. One source claims to have heard something at a meeting, a second source claims to have seen a confidential report, and a third source claims to have seen some photos. At no point is it ever suggested that any of these reports or photos have actually seen by anyone at Bloomberg. Or anyone else for that matter. The graphics are purely illustrative because even the journalists at the heart of the claims literally don't have anything real to show us. At this point we should be debating exactly what parts of the internal report really mean, why bits have had to be redacted, whether maybe the whole thing is a fake, and so on. Instead all we can do is question whether a report even exists for us to debate.

    The whole point of journalism is to say that something happened. We might not have all the facts and there might be plenty of arguments about exactly what happened, why, and what it all really means, but something definitely happened. In this case, all we have is that something might have happened but no-one has any evidence to say it actually did. When the entire claim is based on "someone said they saw a picture once", Bloomberg may as well be announcing that Chinese chips have been seen in a double-decker bus on the Moon.

  13. Doctor Syntax Silver badge

    And right now someone is probably saying "You remember the stuff we concocted the other April when we were waiting for the server to be fixed? Guess what."

  14. Paul Smith

    obvious alternative

    If you change one detail in the Bloomburg storey, then most of the contradictions and denials go away. Think what would happen if Bloomburg were to come out with a correction along the lines of... "So sorry, did we give the say the spying chip was Chinese? No, they just made it for us."

  15. HmmmYes

    Hmm.

    Sounds like a case for .... Interpol.

    Oh.

    1. Anonymous Coward
      Anonymous Coward

      'Sounds like a case for .... Interpol'

      Er-

      https://www.bbc.co.uk/news/world-asia-china-45777681

  16. Tony W

    Strong denials

    The standard for adequate denials has been raised. If future denials are in less strong terms conclusions will be drawn.

    Which is not to say that even the strongest denials should necessarily be believed. History is full of strong denials that were complete lies so I am very cynical about all organisations, public and prvate. Any organisation will lie through its collective teeth for its own advantage if they believe that they won't be found out.

    But if several apparently independent organisations tell the same story, it seems more likely to be true. So in this case I would bet on Bloomburg's story being wrong, but not a lot of money.

    The pressure is on Bloomburg, as their reputation will have a long shadow cast on it unless they can show that they behaved reasonably. If that Bloomburg story is in doubt, why not all their others?

    1. Sixtysix
      Alert

      Re: Strong denials

      Your comment on Strong Denial Standard is interesting as "They" ALL did deny strongly very fast. No waiting, no "we'll get back to you", absolutely not "no comment".

      Unequivocal, immediate, clear, unprecedented denials.... and therefore rarer than rocking horse shit.

      Colour me worried / intrigued by turn about...

      1. Steve Cooper

        Re: Strong denials

        "Unequivocal, immediate, clear, unprecedented denials.... and therefore rarer than rocking horse shit."

        Almost like they had them all pre-prepared in case this story ever got out?

      2. HmmmYes

        Re: Strong denials

        No.

        Bloomberg would have approached all parties or a comment.

        The copnaies were aware of the story, it was not out of the blue.

        1. Richard 12 Silver badge

          Re: Strong denials

          Bloomberg have been in the journalism game for a long time.

          They will have approached all the companies for official or unofficial comment a long time before publishing.

          Chances are that Apple et al told them "This is tosh, don't publish" - but of course, they would, so Bloomberg won't have believed that.

          The real question is why Bloomberg thought they had enough evidence to publish the story. They only seem to have 3rd-hand accounts of something weird, which means they should know that the details are almost certainly very wrong.

  17. Potemkine! Silver badge

    Spook, spooky and spookier

    Allegations of all actors are meaningless car could be all part of a manipulation operation, coming from different origins.

    For the moment, the winners of this story is clearly the US: Chinese firms are covered with shit, something that fits Trump's agenda.

    Wait and prepare not to see anything valuable.

  18. Anonymous Coward
    Paris Hilton

    > On the one hand, you have Bloomberg, which has rigorous and extremely high editorial standards: article errors requiring corrections can be career-ending.

    https://old.reddit.com/r/hardware/comments/9lsru3/decoding_the_chinese_super_micro_super_spychip/e79cfbo/

  19. DropBear

    While it certainly might be the case that Bloomberg was simply duped, please consider that strong, unequivocal denials by no means mean those issuing them tell the truth - rather merely that they are VERY sure Bloomberg will never be able to prove they're lying. Or, alternatively, that they have an iron-clad excuse for lying if they ever get caught.

    One is reminded of the old joke about an engineer, a theoretical physicist and a mathematician travelling together and seeing a black sheep. "Look, proof that black sheep do exist!" says the engineer. "No, it's only proof that at least one black sheep exists", counters the physicist. At which point the mathematician mutters "actually, this only proves that at least one sheep that is at least half black exists..."

  20. Anonymous Coward
    Anonymous Coward

    A chip in a convenient standard interface might be the sort of place to locate something like this. The spy element would need to remain completely dormant until triggered by some sequence of data. Without ripping open all the chips and physically inspecting them, I don't see how anyone could know that such a device was not present.

  21. Russell Chapman Esq.

    Bloomberg is a rigerous news organization

    Which leads to the conclusion the story is true, or they were duped, and if duped, by whom.

  22. David Pearce

    If it is true, Bloomberg would be trying very hard to produce real evidence.

    Modern motherboards are not covered in chips these days and they are inspected by QA using Xray, so covert chips hidden in connectors, inside the PCB stack or under another chip will show.

    1. Anonymous Coward
      Anonymous Coward

      >Modern motherboards are not covered in chips these days and they are inspected by QA using Xray, so covert chips hidden in connectors, inside the PCB stack or under another chip will show.

      True. However the X-ray tests are performed by PCB manufacturers and those populating the PCB with the electronics, and at least the latter was Chinese supposedly under Chinese government control. The end users typically use functional testing like BITE (Built In test Equipment) and simply turning on the machine and seeing it ran, including burn in tests.

  23. normal1

    hmmm

    So, what happens when China "leaks" the proof Trumpski is a traitor?

  24. Anonymous Coward
    Anonymous Coward

    Is it time to wonder if this is a "Deep State" ploy yet?

  25. Claptrap314 Silver badge

    Size matters

    I spent a decade doing microprocessor validation at AMD & IBM a little more than a decade ago. Part of that work involved being around a lot of motherboards, many of them custom-built for testing of the cpu.

    The size of this chip just does not ring true. A "chip" the "size of a grain of rice" would be VERY hard-pressed to have five wires attached. Even three would be tough. There is simply no way for such a device to sit across a standard data bus.

    Moreover, the evolution of buses was definitely in the direction of point-to-point. Adding anything to a bus is going to blow it's specifications. Therefore, the addition of ANY snoop-chip to a motherboard is going to require significant changes to the design. And motherboards do NOT have room to just go adding buses.

    So yeah, this story does not make sense, at a physical level, to any of the tens of thousands of us who have worked in this area if we address the matter skeptically. Moreover, there are probably hundreds of thousands of techs who, when they see the above paragraph, are going to agree. Finally, anyone planting such a story knows this.

    So what are the options for the truth?

    As mentioned, a larger chip does NOT make this story more credible.

    Some earnest low-level type overheard something, freaked out, and reached out to Reuters. The more senior people that Reuters contacted, some of whom likely already had some sort of relationship with them, were so amused that they went along with it. I'm going to rule this out because, as other commentards have mentioned, Reuters is too valuable of an institution for that many people to toy with it.

    Some reporter & editor at Reuters went on a bender. Again, this seems very, very unlikely. In fact, given the nature of the story, one would expect that a senior editor would have been brought in as well.

    The "natural" explanations fail, and pretty badly. So let's talk about nation-state actors / TLAs. The size of the operation pretty well rules out amateur or small-time operations. Who is hurt by the operation? To the first order, Reuters and a major Chinese manufacturer. Second order, this stokes the brewing trade war with China & the US. It also generally strikes against international trade.

    I would argue that these last two points point AWAY from the five eyes. Institutionally, they are heavily vested in globalism. The recent change in the US administration has not had time to penetrate the agencies to the depth needed to justify, let alone initiate and complete, an operation of this sort. While it is true the the US President can fire all of the US district attorneys at will (as was demonstrated by President Clinton when he assumed office), the intelligence agencies are simply more independent than people here seem to want to believe.

    1. Anonymous Coward
      Anonymous Coward

      Re: Size matters

      > A "chip" the "size of a grain of rice" would be VERY hard-pressed to have five wires attached.

      The easiest solution is not to use wires. Use flip-chip. And you can get pitches below 50 um, even back in 2006. So for a 1 mm rice grain you can get 20 vias attached along the edge.

      1. bombastic bob Silver badge
        Meh

        Re: Size matters

        20 vias along the edge - yeah, depending on bus width, that'd do it. But to have something operating at Ghz frequencies to be able to filter AND re-order information, it would take a very sophisticated device, sophisticated enough that the tech is being wasted on something devious instead of making new types of CPUs or GPUs [for example].

        1. Anonymous Coward
          Anonymous Coward

          Re: Size matters

          >But to have something operating at Ghz frequencies to be able to filter AND re-order information

          You could attack the SPI bus. A modern computer has a lot of slow serial buses. Also flash is relatively slower than RAM buses. Also for some buses you can control the speed using handshake protocols.

          1. bombastic bob Silver badge
            Black Helicopters

            Re: Size matters

            Hmm... SPI bus, given that it might be used to either program OR read the BIOS. makes sense.

            So let's say the SOC uses SPI to read the flash [this makes some sense from the architectures I'm familiar with]. Then the "in between" chip, running at SPI bus speeds (Mhz not Ghz) could [in theory] return a flash image that's 'one of its own', which does some mysterious 'thing', followed by reading of the REAL flash image (by 'the thing'), once the appropriate modifications or hidden spyware or whatever already installed. This could be anything from microcode mods to a hypervisor. [whether this is practical to actually DO or not is completely different]

            Knowing what CPU gets loaded onto the board COULD make this 'plausible'. Not necessarily practical.

            At this point the Intel 'Management Engine' could be employed to do the dirty work. Communicate via ethernet to 'wherever' on bootup [or periodically]. Monitor traffic for an incoming command/control signals. And so forth. It's everything we fear that's associated with compromised ME usage, basically.

            OK - so we have at least one plausible attack vector now. This should add some credibility to the claim.

            Still, just because it COULD does not mean it DID, so I'll still be waiting for some hard evidence to refute or support the 'Made in China' 'chip gate' claims.

            /me still rooting for Bloomberg being right, although the implications are FAR worse than if they're actualy wrong... [I just don't want them to have generated 'fake news' via sloppy reporting]

    2. Version 1.0 Silver badge

      Re: Size matters

      "intelligence agencies are simply more independent than people here seem to want to believe"

      Which means that whatever you think, or read, about this story is irrelevant. The agencies will say whatever works for them and you have the choice of either believing it or not - the fact that you now have a choice means that you actually know nothing.

  26. wownwow

    Is SEC still hibernating?

    It caused the SMCI stock to drop ~40% in one day! Is SEC still hibernating?

    Why don't people report that as of today Intel processor chips still have the security risk of "Foreshadow" caused AGAIN by the spec violation?

  27. Anonymous Coward
    Anonymous Coward

    Conspiracy

    Could this all be some sort of plot to "root out" the real culprit(s) >?

    The tiny device mentioned is not even plausible with 7nm technology and as for bond wires and even surviving simple reflow would be a challenge even if it had lots of chips in parallel.

    I have had problems with even an LED before and these are comparatively huge.

    If you wanted to hide a tiny computer the best place to put it is in the BIOS/uEFI chip. Making one with sneaky extra memory (tm) or even replacing the memory in a RAM SPD chip is feasible but it would be exposed as soon as someone tried to read it back with Linux etc.

    Changing markings on say a 25Q128 to turn it into a 25Q32 is doable but this would also break existing flash tools and result in a lot of bricked systems.

    The idea of layering a genuine chip on a high capacity eg 64MB chip might also work with some sort of trigger via the SPI bus such as low battery to dump "interesting" data onto the extra chip only under specific conditions such as an OS suspend so that the failsafe BIOS never gets corrupted.

  28. mhkool

    who was hurt ?

    Supermicro was the big loser in this event. Not only stock went down but there is a lot of reputation damage, enough to sue Bloomberg?

    Since the US government is aggressive anti-China I will not be surprised if it was their goal to frustrate sales of Supermicro.

  29. Anonymous Coward
    Anonymous Coward

    Little annoying when I see it

    It's been in all the articles that I have read on here, it's not Super Micro it's Supermicro, or Super Micro Computer, Inc.

  30. nlight

    Two known quotes, answers to everything.

    The truth is out there. Government denies all knowledge.

  31. wownwow

    Is SEC still hibernating?

    It caused the SMCI stock to drop more than 40%! Is SEC still hibernating?

    1. EveryTime

      Re: Is SEC still hibernating?

      > "It caused the SMCI stock to drop more than 40%! Is SEC still hibernating?"

      SMCI was recently (August 2018) de-listed by the SEC because they cheated on revenue recognition, and couldn't sort out the accounting for re-stated revenue figures before the SEC deadline.

      That makes SMCI stock price hit less actionable. If the story is wrong, they have a case, but it's an uphill battle.

  32. JeffyPoooh
    Pint

    Has anyone considered...?

    Maybe, just maybe, there are two versions of the board in question.

    I know it's difficult to imagine, but it might just be within the reach of human technology that the spies would have spun off a Rev NC_Spy version.

    The Rev NC_Non_Spy version might be more common. Thus explaining the many null results.

  33. Anonymous Coward
    Black Helicopters

    The only problem is the national security angle

    Yes, if these companies were lying about not having found or been impacted by the alledged backdoored hardware, then you could expect an investor lawsuit.

    However, you could also see the Feds moving in during such a suit and filing motions to suppress the relevant evidence on national security grounds. I've never heard of this being done during an investor class action, but it certainly is done during other civil actions (Recent suits to gain access to FISA court rulings and to divulge national security letters being served to various parties, for example), and in those cases these motions are most often accepted.

    Its sad that in this day and age we have o worry so much about who is lying to us. However, these major tech companies created these problems for themselves, when they failed to stand up to federal orders in the past.

  34. Anonymous Coward
    Anonymous Coward

    https://www.vg.no/nyheter/innenriks/i/1k9EQK/forsvarsdepartementet-kjoepte-utstyr-for-533-000-droppes-etter-kina-avsloering

    "Norske Nasjonal sikkerhetsmyndighet har imidlertid bekreftet overfor VG at de har vært kjent med «problemstillingen» knyttet til produsenten siden juni i år. "

    "However, the Norwegian National Security Authority has confirmed to VG that they have been familiar with the "problem" associated with the manufacturer since June this year."

    Oh really?

    1. Anonymous Coward
      Anonymous Coward

      >Oh really?

      Well, what is the question?

  35. naive

    The denials of Apple and Amazon-AWS are implausible

    Amazon, and maybe Apple too, own tens of thousands of computers. What is missing in the denials of both companies are reassuring signals these are not just canned and unverifiable statements:

    1. How many computers of the type in question do they do they own

    2. How did they test and verify their machines were not infected with these stowaway chips

    3. If any, how large were the samples they took to check for unspecified modifications

    4. Which measures do they have in place to prevent such things from happening

    5. Which checks and quality control procedures are in place for selecting suppliers and their products

    Non of the above issues were addressed in any serious manner by those companies.

    Given the time frame, to me it seems improbable any serious checking was performed at all, and they could not wait to release their "Don't worry, be happy" statements. But well, that seems the norm nowadays, everybody is worried about something, and companies who are involved just show their middle finger to the public instead of giving serious information and being helpful to society, and as long companies like Apple and Amazon are allowed to behave like bullies, they will continue doing it.

  36. JLV
    Black Helicopters

    This is an interesting story for sure. The same way the Ken Thompson compiler hack pointed the way. Who looks at their compiler or it source? Seriously? At some level you have to trust, until you've learned not to trust anymore.

    Did anyone get hacked? The way Bloomberg described it? Quite possibly not. Howeve, not that much of the denial is theoretical in nature - as in, it couldn't possibly be done. Instead we are told that the particular claims are weakened by directly affected parties stating it did not happen. Vigorously. Certainly, the various military industrial complexes have little to gain by worries about their supply chain - there's enough budget overshoot on certain projects that going back to square one on your chips may finally get the frogs to jump out of the water.

    I fear that it will take a while before the dust settles down and we are less in the dark. From 100000' up it looks no less credible than the idea that chip branching optimizations would open up a large, and theoretically hard to plug, hole in silicon-level security. At some gut level, it makes an evil kind of sense, that million-transistor chips and motherboards might spare a few to do sneaky things.

    None of this means that I have the least inkling of a clue. Unlike the Bloomberg scribes or whomever fed them a massive line of BS.

    We are indeed living in interesting times.

  37. EveryTime

    Update: The Bloomberg story is changing

    Bloomberg now has a fresh story where apparently the mod is in the Ethernet jack itself.

    The story was supposedly researched for over a year, but the key details are radically shifting just days after publication... I'm beginning to suspect that the reporters were pitched a story by a "security researcher" raising his company's profile.

    1. Dan 55 Silver badge
      Black Helicopters

      Re: Update: The Bloomberg story is changing

      Super special Ethernet spy jack which can receive stuff over WiFi or whatever + Intel ME = ...?

    2. JeffyPoooh
      Pint

      Re: Update: The Bloomberg story is changing

      "...the mod is in the Ethernet jack itself."

      8P8C (a.k.a. "RJ45") have 8 pins. All are signal, none are power or ground.

      If the "mod" could be built into an Ethernet socket, then it could be built into an Ethernet plug almost as easily.

      Or an Ethernet cable.

  38. Conundrum1885

    Unexplained

    Maybe relevant but it looks like a lot of "old" laptops might have had evil BIOS chips.

    The specific affected part numbers are 25L16 and 25L08 and symptoms include sudden failure to boot and other strange behavior but it can include clock shifting and corruption of hard drive/SSD.

    One thing which is very strange seems to be that the laptop responds to certain inputs despite displaying all the symptoms of BIOS corruption. How hard would it be to "imitate" this failure for information gathering purposes then mysteriously fix itself when the right key combination is entered by a technician?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like