Strong hints of nationalistic bias running through this story. That PAX is a Chinese company is incidental to the story, so why does it make the headline? Have the Chinese become the modern day Jews to be blamed for every ill?
Warehouse belonging to Chinese payment terminal manufacturer raided by FBI
US feds were spotted raiding a warehouse belonging to Chinese payment terminal manufacturer PAX Technology in Jacksonville, Florida, on Tuesday, with speculation abounding that the machines contained preinstalled malware. PAX Technology is headquartered in Shenzhen, China, and is one of the largest electronic payment providers …
COMMENTS
-
-
Wednesday 27th October 2021 10:55 GMT Anonymous Coward
“The Chinese” are fine. Covers a broad linguistic and ethnic group spread across all major centres of human civilisation. Nothing wrong with Chinese people as a rule.
Companies headquartered in the People’s Republic of China are a different story. Not to be trusted, due to influence and absolute power of the dictators of the “People’s” Republic of China over these companies.
Nice move with the Jewish comparison though. Probably more apt to compare PRC treatment of Uyghurs with Nazi treatment of the Jews though, isn’t it?
-
Wednesday 27th October 2021 19:48 GMT martinusher
Its often said here that "no matter who you vote for the government always gets in". That's because whatever political philosophy you might vote for the overriding political and economic philosophy we call capitalism (which, strictly speaking, it isn't) rules the roost. We get changes in leadership but every candidate is ultimately tested before being viable as 'sound'; those deemed not so, even if they're a trivial threat to the status quo, are dealt with. (For example, look what happened to Corbyn in the UK.)
The Chinese have a system based on communism that suits their needs. We've tried to import our political ethos into their country but it resulted in what they call the Century of Humiliation. They seem happy with what they've got on the whole. They have become a formidable economic competitor, though, so we've been increasingly running a sort of Cold War against them. Since we've rather improvidently let much of our global supply chain run through them we can't undertake the regular tactic of economic warfare against them (not for a lack of trying but it often ends up with us shooting ourselves in the foot) but there are plenty of other tools we use, among them encouraging separatism.
All this is well documented. Even the UK government, continually strapped for funds to invest on domestic projects as it is, has ample funding for these sorts of projects.
-
Thursday 28th October 2021 02:22 GMT llaryllama
The PRC system is far removed from communism. "Communism with Chinese characteristics" is nothing more than a fiercely protected autocracy based on the worst tenets of capitalism.
It's really none of my business how China wants to run their country. Problem is they want to annex mine (Taiwan) and promote greater autocracy around the world - with China pulling the strings, of course. The PRC is slowly expanding their regional claims and I would not be surprised to see parts of India or Korea taken through gray zone warfare in my lifetime.
For anybody about to do the predictable smug comparison between modern day PRC and America or the UK <our government is just as bad, blah blah> have a good hard think before you type that reply. This message board with its open discussion simply wouldn't exist in the PRC. Neither would any of the many freedoms you take for granted. Imagine if Boris was not just an elected official who could eventually be kicked out but Dictator for Life.
-
-
-
Wednesday 27th October 2021 14:28 GMT Electronics'R'Us
I see no...
particular bias against the company or its origins.
Given that both US agencies and MI5 are looking at the issue it seems that the problem is real.
Now, that said, the CCP has a law in place that all companies in China are required to 'assist' state agencies when
told to do sorequested so there is going to be a reasonable suspicion around that.Whether it is that or not we will (hopefully) find out in due course.
-
Thursday 28th October 2021 10:48 GMT steviebuk
The Chinese people are fine, its the CCP that aren't. They have gotten worse over the past year. They're own anti-foreigner campaigns you appear to have ignored. Attempt to stay in a lot of hotels in certain parts of China and you'll be denied as they don't allow "Foreigners", nothing against the Chinese people, most of them are nice, its the CCP that are doing it and the populous have to tow the bullshit line.
The CCP come up with stupid rules like tea pot petrol fills for motorbikes. At some point there must of been a story of a bike catching fire at petrol station. So the CCP in its stupid "wisdom" (Its members have probably never had to fill their own petrol) decided to make a spot a few yards away for bikes to fill up. However, you have to take, what is essentially a metal OPEN watering can and fill it with petrol, then carry that open can to your bike and fill it up. Do the CCP not understand how petrol works.
-
-
-
Wednesday 27th October 2021 11:44 GMT Mike 137
Re: "... easy to overlook..."
In my experience (particularly in local government) individual services may buy a POS terminal and install independently. Often the first that IT hears of it is when a firewall rule request is submitted to change control, and in some cases I've encountered, the request didn't even mention that it was for a POS terminal (despite of course modifying the PCI DSS CDE scope).
But this is not unique to POS terminals or local government - it probably goes on in any large and evolving organisation. Indeed I've encountered physical servers that IT knew nothing about until they were asked for emergency support.
-
Wednesday 27th October 2021 11:52 GMT Giles C
Re: "... easy to overlook..."
I spent a long time working for an insurance broker and dealing with pci controls on the network.
At another company a year ago someone came up with a pos terminal that they wanted on the network. ( the company was a food manufacturer so no pci controls needed as everything was b2b).
When I told them how much work it was goi;g to be to put the payment terminal on the network they promptly banned it and told them to connect via 4G instead to avoid the problems.
This did remove the network from being in scope so they probably should have been ok (I no longer work there)
Mike’s comment reminds me of the BOFH a couple of weeks ago. All too common a situation in companies
-
Friday 29th October 2021 09:43 GMT steviebuk
Re: "... easy to overlook..."
And if its the NHS with large big roll outs they either employee underpaid beginner engineers who don't care as they aren't being paid enough too, or they'll under pay a good engineer (who is desperate for a job) to install along side the ones that don't care. But despite the good engineer being very knowledgeable, limit his/her access on what they can do. Wasting everyone's time because the perm engineers have god complexes. This then makes the good engineer decide to not give a fuck after a while.
May or may not be speaking from experience.
-
-
This post has been deleted by its author
-
-
Wednesday 27th October 2021 15:46 GMT Mike 137
"audit the source code in the open and to verify that shipped binaries match that source"
Unless I've missed something, that's the key despite Thompson_1984. He's talking about a compromised compiler, the source of which will not show up the compromise but which will cause the executable of a program compiled on it to differ functionally from its source.
Comparison of the source and executable of the compiled program should show up any differences (Trojan code) as (at least in C) the compiler doesn't modify the source of the application being compiled.
-
Wednesday 27th October 2021 16:24 GMT Anonymous Coward
Re: "audit the source code in the open and to verify that shipped binaries match that source"
It is and does happen in the industry, just not in public or released to the public (im still under NDA's i signed nearly decade ago relating to payment devices), much like access to the window source code.
Wouldnt be surprised for it to be supply chain related, the fact its a chinese company means nothing try and find a POS manufacturer that is 100% chinese component free, i bet you cant...
The fact its pos based makes me think its likely to be a skimmer of somesorts which would probably point to organised crime, or a cash strapped hermit nation.
If it is actually a bit more sophisticated then its an APT and probably related to solarwinds, but why oh why would they be sloppy enough to get caught with obvious unusual traffic??. Just think of the disruption that would be caused if say a hostile nation could disrupt payments nationally trivial things like denying someone morning coffee to worse things like stopping payment for medical procedures and drugs or causing mass defaults of mortgages and triggering a financial crash, while also being able to syphon funds from accounts, that could be pretty devastating at both personal and state level.
-
Wednesday 27th October 2021 17:34 GMT The Basis of everything is...
Re: "audit the source code in the open and to verify that shipped binaries match that source"
If ever I get the urge for overpriced shop coffee I can always use these handy little metal tokens, or even scrumpled bits of plasticy fake-paper.
It's going to be a very long time before my mortgage payments drop to the level that a PoS terminal can handle though.
-
-
Thursday 28th October 2021 16:36 GMT SImon Hobson
Re: "audit the source code in the open and to verify that shipped binaries match that source"
Comparison of the source and executable of the compiled program should ...
Except that it doesn't. The days of a "dumb" compiler that would produce predictable code from a piece of source are long gone. These days, the code is heavily optimised to match the target processor - so even very minor changes to compile conditions can produce significantly different code.
AIUI it's one of those areas that's had a lot of attention over the years.
-
-
Friday 29th October 2021 08:59 GMT Peter D
The sneaky pre-justification
The CCP mouthpiece/Corporate shill built in the company's future defence into the response to El Reg "As always we monitor...". In other words, there's nothing to see here. We were keeping you safe and any suggestion we've been keeping track of who buys what is a vile, nay defamatory, slur of ...