[ad_1]
Five days after Bloomberg surprised the world with unconfirmed claims that Chinese spies were incorporating data-detection chips into hardware used by Apple, Amazon and dozens of other companies, the organization of the press is doubling. Bloomberg now reports that a different manipulation than previously described was discovered in August in the network of a major US telecommunications company.
Bloomberg has not named the company, citing a non-disclosure agreement entered into between the anonymous telecom group and the hired security firm to analyze its data centers. AT & T, Verizon, Sprint, T-Mobile and CenturyLink all denied having discovered the presence of backdoor Supermicro hardware in their data centers, Motherboard reported.
Tuesday's report quotes documents, analysis and other evidence provided by Yossi Appleboum, Co-Chief Executive Officer of computer security company Sepio Systems. Bloomberg said that while Sepio was analyzing the servers belonging to the unnamed telecommunications group, the company detected unusual communications from a server designed by Supermicro. According to last week's Bloomberg report, Supermicro is the hardware manufacturer whose motherboards were modified in the factory to include a tiny chip that allowed connected servers to be placed under the control of a division. People's Liberation Army of China. Supermicro told Bloomberg that he had no knowledge of the implant, which represents a second time that the hardware manufacturer has denied being aware of the reported manipulations.
Supermicro's backdoor reported on Tuesday was also the result of malicious material implanted secretly during its manufacture. But this time, the addition was made to the Ethernet connector of the server used by the telecommunications company.
Although the material handling reported on Tuesday is different from that described last week, Bloomberg said they shared the same characteristics, namely that they were both designed to "give attackers unseen access to data. of a computer network on which the server is installed ". , "The changes were noticed at the factory, the motherboard being produced by a subcontractor of Supermicro in China".
Tuesday's report continued:
Based on his inspection of the device, Appleboum determined that the server of the telecommunications company had been modified at the factory where it had been manufactured. He added that, according to Western intelligence contacts, the device was manufactured at a Supermicro subcontractor factory in Guangzhou, a port city in southeastern China. Guangzhou is 90 miles upstream of Shenzhen, nicknamed the "Silicon Valley Hardware", and is home to giants such as Tencent Holdings Ltd. and Huawei Technologies Co. Ltd.
The altered hardware was found in a facility with a large number of Supermicro servers, and the telecommunication company's technicians could not determine the type of data transmitted to the infected, said Appleboum, who accompanied them for a visual inspection of the machine. It is not clear whether the telecommunications company contacted the FBI about this discovery. An FBI spokeswoman declined to say whether she was aware of the discovery.
Extraordinary repression
The reaction against Bloomberg's reports was truly extraordinary. Apple and Amazon, who generally provide short and vague statements to journalists, have presented extremely detailed and vehement denials. On Monday, Apple sent a letter to Congress again claiming that, in unambiguous language, no company official was aware of the malicious material used in its networks. The US Department of Homeland Security and the UK National Cyber Security Center have stated that they have no reason to doubt the denials of Apple and Amazon.
In addition to denials, critics have also complained that last week's article was based solely on anonymous sources that could not be adequately examined. Critics also claimed that the article lacked technical details and that it did not explain why Chinese spies would undertake the considerable work of introducing material manipulations into the supply chain while firmware attacks and other types of simple exploits would have achieved the same capabilities.
Criticism was still at its height on Tuesday morning when Bloomberg published its follow-up article. While appointing a single source, some security experts quickly challenged the credibility of the report.
"Certainly, this story has a named source, but technically it makes even less sense than the first," Cris Thomas, a security expert who tweets under the pseudonym SpaceRogue, wrote. "Go @Bloomberg, ask someone who knows what he is talking about to write these stories. Call BS on this one too. "
Certainly, this story has a named source, but technically, it has even less meaning than the first. Come @ Bloomberg ask someone who knows what he is talking about writing these stories. Call BS on this one too. https://t.co/aldbcQsgdR
– Space Rogue (@spacerog) October 9, 2018
Appleboum has not responded to requests for comments for this post.
Other experts were much more circumspect.
"There are technical issues with both stories, but I think both are plausible," said Jake Williams, a former NSA hacker who is now the founder of Rendition Security. tweeted. "In fact, a survey on Twitter suggests that most infosec professionals think the original story is plausible. If you monitor on the network, you have a chance to see that, otherwise nothing. "
Both stories pose technical problems, but I think both are plausible. In fact, a survey on Twitter suggests that most infosec professionals think the original story is plausible. If you monitor on the network, you have a chance to see that, otherwise nothing.
– Jake Williams (@MalwareJake) October 9, 2018
If the Bloomberg report is accurate, it has undoubtedly discovered the biggest hacking of all time. Otherwise, he sent the world into a dangerous and resource-hungry rabbit hole. Extraordinary claims require extraordinary evidence. The difficulty of critics is that there is no logical way to prove a negative. No adage proves or contradicts claims that a very sophisticated supply chain attack would infiltrate the world's most powerful organizations. But they remind us that we still have a long way to go before these disturbing reports become a fact.
[ad_2]
Source link