Bloomberg Reports China Infiltrated the Supermicro Supply Chain We Investigate

Discussion in 'STH Main Site Posts' started by Patrick Kennedy, Oct 4, 2018.

  1. #1
    WeatherDave, nthu9280, Dawg10 and 2 others like this.
  2. gigatexal

    gigatexal I'm here to learn

    Joined:
    Nov 25, 2012
    Messages:
    2,501
    Likes Received:
    441
    If I didn't know any better I'd say Patrick moonlights as an industry analyst for a big investment firm. That was a very good writeup.
     
    #2
  3. markpower28

    markpower28 Active Member

    Joined:
    Apr 9, 2013
    Messages:
    384
    Likes Received:
    96
    #3
    WeatherDave and gigatexal like this.
  4. Rand__

    Rand__ Well-Known Member

    Joined:
    Mar 6, 2014
    Messages:
    2,641
    Likes Received:
    357
    Re BMC or not its stated in the Bloomberg article that that was the vector?

    "The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off."
     
    #4
  5. wildpig1234

    wildpig1234 Well-Known Member

    Joined:
    Aug 22, 2016
    Messages:
    1,476
    Likes Received:
    166
    i only just recent got two x9sra boards... should i get rid of them and go back to the chinese Runing X79Z ? :)
     
    #5
  6. Robert Fontaine

    Robert Fontaine Active Member

    Joined:
    Jan 9, 2018
    Messages:
    112
    Likes Received:
    26
    This does not bode well for Supermicro :(
     
    #6
  7. kapone

    kapone Active Member

    Joined:
    May 23, 2015
    Messages:
    457
    Likes Received:
    159
    It's not just Supermicro. Where do you think other ODMs for e.g. Quanta, Inventec etc manufacture their stuff?? And somebody like Quanta is in almost every data center, classified or not.

    If Supermicro was in fact compromised, as far as their supply chain goes, it is almost a certainty that there are others.
     
    #7
    WeatherDave likes this.
  8. Robert Fontaine

    Robert Fontaine Active Member

    Joined:
    Jan 9, 2018
    Messages:
    112
    Likes Received:
    26
    From my perspective it means that there could be a lot of cheap Supermicro motherboards coming onto fleabay. But I would be sad to lose Supermicro they make some of my favourite unobtanium.

    It is an odd leak. Hopefully we can get some technical details if actually true. What no one mentions is that the US is the leader in these kind of games and has been stopping hardware in transit and bugging it for many years. It would not be a shock for the US to have compromised hardware boards either. All the countries seem to be bugging the international signals and most seem to be bugging their citizens ( oh we don't really look at it so it's ok except when we do ). The whole darn thing is Orwellian. With everyone rushing to put their data on (OPS) Other Peoples Servers / The cloud, being able to bug the data centres is kind of a last mile operation. If I was a employee of the anti-christ I would definitely be doing this kind of thing too. :) </rant>
     
    #8
  9. wildpig1234

    wildpig1234 Well-Known Member

    Joined:
    Aug 22, 2016
    Messages:
    1,476
    Likes Received:
    166
    well, i can't imagine only the chinese are doing it. i am sure the U.S and Russia are also doing some hacking of their own..... the obvious difference though is that china supplies most of the worlds MB so that's a perfect way for them to do that .... it's not as easy for US and Russia to do this.....

    This only makes the news because china got caught red handed and blomsberg got a hold of story source.... i guess the US hasn't been caught red handed yet.. or maybe they just good at keeping stories of being caught from leaking ....lol...

    I am not too impressed so far with my supermicro experience. the things i look for like S3 sleep and stability in win10 1803 is lacking in many of their x9 products..... I don't plan to experiment with their X10 or X11 since i don't have much money for latest stuffs and ddr4 right now anyway...
     
    #9
    WeatherDave likes this.
  10. Robert Fontaine

    Robert Fontaine Active Member

    Joined:
    Jan 9, 2018
    Messages:
    112
    Likes Received:
    26
    #10
    Joel likes this.
  11. BLinux

    BLinux Well-Known Member

    Joined:
    Jul 7, 2016
    Messages:
    1,949
    Likes Received:
    555
    #11
  12. Evan

    Evan Well-Known Member

    Joined:
    Jan 6, 2016
    Messages:
    2,344
    Likes Received:
    328
    Savage effect on stocks but for sure regardless of it it happened like that the idea has been around a long while. In the industry I am sure everybody has heard about those IBM servers heading out from USA that we’re tampered with, that was a while back and less sophisticated.

    I am sure Dell and HPE didn’t start doing their silicon root of trust just by chance , the had to have seen the potential if not even experienced it happening to them also.
     
    #12
  13. iGene

    iGene New Member

    Joined:
    Jun 15, 2014
    Messages:
    23
    Likes Received:
    6
  14. gigatexal

    gigatexal I'm here to learn

    Joined:
    Nov 25, 2012
    Messages:
    2,501
    Likes Received:
    441
    #14
  15. wildpig1234

    wildpig1234 Well-Known Member

    Joined:
    Aug 22, 2016
    Messages:
    1,476
    Likes Received:
    166
    its traded over the counter...
     
    #15
  16. Rain

    Rain Active Member

    Joined:
    May 13, 2013
    Messages:
    211
    Likes Received:
    67
    Clearly this is bad if it can be proven, but what pisses me off is not only did Bloomberg go public with the story, later they also published articles about how Supermicro's stock tanked throughout the day as well. No shit, Bloomberg! It's because you published this story!

    Swinging more than once is distasteful in my opinion. Bloomberg had the market headline, they should have let the other (equally greedy...) news outlets do the Supermicro market analysis yesterday.

    Edit: That, and they have been sitting on this information for months and only release it right after Supermicro celebrates its 25th Anniversary?
     
    #16
    Last edited: Oct 5, 2018
  17. mmo

    mmo Active Member

    Joined:
    Sep 17, 2016
    Messages:
    255
    Likes Received:
    116
    #17
  18. mmo

    mmo Active Member

    Joined:
    Sep 17, 2016
    Messages:
    255
    Likes Received:
    116
    #18
    eva2000 likes this.
  19. cesmith9999

    cesmith9999 Well-Known Member

    Joined:
    Mar 26, 2013
    Messages:
    1,040
    Likes Received:
    318
    Malware <> hardware infiltration

    I can get rid of malware without a forklift.

    Chris
     
    #19
  20. Aluminum

    Aluminum Active Member

    Joined:
    Sep 7, 2012
    Messages:
    418
    Likes Received:
    42
    Sometimes its a blend, malware could potentially become a hardware problem in practice especially with embedded firmware things like BMCs, some designs can have their normal update mechanism disabled. Then you can end up with a case of sometime its cheaper (man hours, downtime, experts etc) to forklift them out and put in replacements than get the rack lift, pop the tops and custom flash production gear one-by-one.

    Regardless what we REALLY need are the real technical meat & details behind this allegation, so far its just a bunch of "journalism" crap no one can put to any use.
     
    #20
Similar Threads: Bloomberg Reports
Forum Title Date
STH Main Site Posts Investigating Implausible Bloomberg Supermicro Stories Oct 22, 2018
STH Main Site Posts Yossi Appleboum Disagrees with How Bloomberg is Positioning His Research Against Supermicro Oct 9, 2018

Share This Page