China busted for supply chain hacks, or rather, per Schneier, it's been ongoing for a decade-plus and we're getting new reporting about it. Schneier's lead is this new piece by Bloomberg.
And, it's pretty serious. Per him, read the whole thing if you have time. Part of it is about cat-and-mouse by US intelligence in whom I have less than full confidence. Part of it is lies by "deep state" career bureaucrats in association with computer manufacturers.
THIS part is interesting:
Bloomberg Businessweek first reported on China’s meddling with Supermicro products in October 2018, in an article that focused on accounts of added malicious chips found on server motherboards in 2015. That story said Apple Inc. and Amazon.com Inc. had discovered the chips on equipment they’d purchased. Supermicro, Apple and Amazon publicly called for a retraction. U.S. government officials also disputed the article.
So ... deep state denialism, and arguably, in this case, sad to agree with Trump, but it was that. Permanent bureaucrats, surely.
Supermicro goes on to say that its own computer networks have been breached. Talk about hypocrisy and chutzpah on calling on Bloomberg to retract its old story!
Then there's this on Lenovo:
Another Pentagon supplier that received attention was China’s Lenovo Group Ltd. In 2008, U.S. investigators found that military units in Iraq were using Lenovo laptops in which the hardware had been altered. The discovery surfaced later in little-noticed testimony during a U.S. criminal case—a rare public description of a Chinese hardware hack. …Lenovo was unaware of the testimony and the U.S. military hasn’t told the company of any security concerns about its products, spokeswoman Charlotte West said in an email. U.S. officials conducted “an extensive probe into Lenovo's background and trustworthiness” while reviewing its 2014 acquisitions of businesses from IBM and Google, West said. Both purchases were approved. …After the discovery in 2008, the Defense Department quietly blocked Lenovo hardware from some sensitive projects, the three U.S. officials said, but the company was not removed from a list of approved vendors to the Pentagon.
Geez o fucking Pete!
The Pentagon claimed to have quarantined the found Supermicro attacks so it could let them run and find out more about the Chinese reach. It claims this quarantine was undetectable. How do we know that?
As Bruce said, read the whole thing. WITH an open mind.
Whether leftist anti-imperialists or something else, I found it interesting that half or more of comments on his post as of late Saturday afternoon were engaged in at least partial denialism.
No comments:
Post a Comment