From: Virus Guy
person who saw digital photos and X-ray images of the chips incorporated
into a later report prepared by Amazon's security team. Gray or
off-white in color, they looked more like signal conditioning couplers,
another common motherboard component, than microchips, and so they were
unlikely to be detectable without specialized equipment. Depending on
the board model, the chips varied slightly in size, suggesting that the
attackers had supplied different factories with different batches.
* Officials familiar with the investigation say the primary role of
implants such as these is to open doors that other attackers can go
through. “Hardware attacks are about access,” as one former senior
official puts it. In simplified terms, the implants on Supermicro
hardware manipulated the core operating instructions that tell the
server what to do as data move across a motherboard, two people familiar
with the chips' operation say. This happened at a crucial moment, as
small bits of the operating system were being stored in the board's
temporary memory en route to the server's central processor, the CPU.
The implant was placed on the board in a way that allowed it to
effectively edit this information queue, injecting its own code or
altering the order of the instructions the CPU was meant to follow.
Deviously small changes could create disastrous effects.
* Since the implants were small, the amount of code they contained was
small as well. But they were capable of doing two very important things:
telling the device to communicate with one of several anonymous
computers elsewhere on the internet that were loaded with more complex
code; and preparing the device's operating system to accept this new
code. The illicit chips could do all this because they were
connected to the baseboard management controller, a kind of superchip
that administrators use to remotely log in to problematic servers,
giving them access to the most sensitive code even on machines that have
crashed or are turned off.
* This system could let the attackers alter how the device functioned,
line by line, however they wanted, leaving no one the wiser. To
understand the power that would give them, take this hypothetical
example: Somewhere in the Linux operating system, which runs in many
servers, is code that authorizes a user by verifying a typed password
against a stored encrypted one. An implanted chip can alter part of that
code so the server won't check for a password—and presto! A secure
machine is open to any and all users.
Shortly after the report was published, the US Department of Defense has
scheduled a national-security related press conference for 9:30 am ET on
Thursday. It didn't reveal the subject of the briefing, but the timing
is certainly suspicious...
Something's popping tomorrow pic.twitter.com/z66dNh6Px6
— Chuck Ross (@ChuckRossDC) October 4, 2018
But regardless of what is said on Thursday, one thing probably won't
change: Expect to hear a lot less about Russia, and a lot more about
China as the deep state's interference myopic focus on the former shifts
to the latter. As Kevin Warsh framed the question during a Thursday
interview with CNBC where he asked "are we at the beginning of a 20-year
Cold War?" in response to a question about curbing China's influence -
both economically and defensively. We imagine we'll be hearing a lot
more about the breach from senior US officials, including both the vice
president and the president himself, in the very near future.
https://www.zerohedge.com/news/2018-10-04/explosive-report-details-chinese-infiltration-apple-amazon-and-cia
--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
|