Bloomberg Reports China Infiltrated the Supermicro Supply Chain We Investigate

[Patrick Kennedy]

We look at some of the technical and somewhat strange aspects to the Bloomberg report on Chinese insertion of hacking chips on some Supermicro motherboards.

The post Bloomberg Reports China Infiltrated the Supermicro Supply Chain We Investigate appeared first on ServeTheHome.

Continue reading...

 

[gigatexal]

If I didn't know any better I'd say Patrick moonlights as an industry analyst for a big investment firm. That was a very good writeup.

 

[markpower28]

Well done @Patrick !

 

[Rand__]

Re BMC or not its stated in the Bloomberg article that that was the vector?

"The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off."

 

[wildpig1234]

i only just recent got two x9sra boards... should i get rid of them and go back to the chinese Runing X79Z ?

 

[Robert Fontaine]

This does not bode well for Supermicro

 

[kapone]

This does not bode well for Supermicro

It's not just Supermicro. Where do you think other ODMs for e.g. Quanta, Inventec etc manufacture their stuff?? And somebody like Quanta is in almost every data center, classified or not.

If Supermicro was in fact compromised, as far as their supply chain goes, it is almost a certainty that there are others.

 

[Robert Fontaine]

From my perspective it means that there could be a lot of cheap Supermicro motherboards coming onto fleabay. But I would be sad to lose Supermicro they make some of my favourite unobtanium.

It is an odd leak. Hopefully we can get some technical details if actually true. What no one mentions is that the US is the leader in these kind of games and has been stopping hardware in transit and bugging it for many years. It would not be a shock for the US to have compromised hardware boards either. All the countries seem to be bugging the international signals and most seem to be bugging their citizens ( oh we don't really look at it so it's ok except when we do ). The whole darn thing is Orwellian. With everyone rushing to put their data on (OPS) Other Peoples Servers / The cloud, being able to bug the data centres is kind of a last mile operation. If I was a employee of the anti-christ I would definitely be doing this kind of thing too. </rant>

 

[wildpig1234]

well, i can't imagine only the chinese are doing it. i am sure the U.S and Russia are also doing some hacking of their own..... the obvious difference though is that china supplies most of the worlds MB so that's a perfect way for them to do that .... it's not as easy for US and Russia to do this.....

This only makes the news because china got caught red handed and blomsberg got a hold of story source.... i guess the US hasn't been caught red handed yet.. or maybe they just good at keeping stories of being caught from leaking ....lol...

I am not too impressed so far with my supermicro experience. the things i look for like S3 sleep and stability in win10 1803 is lacking in many of their x9 products..... I don't plan to experiment with their X10 or X11 since i don't have much money for latest stuffs and ddr4 right now anyway...

 

[Robert Fontaine]

Stock dropped another 41% today... I wonder if I should try catching a knife.

Shares of the small server company at the center of a China tech spying scandal shed 41%

 

[BLinux]

Stock dropped another 41% today... I wonder if I should try catching a knife.

Shares of the small server company at the center of a China tech spying scandal shed 41%

maybe an opportunity for Chinese investor to buy up Supermicro and re-integrate the Taiwanese company back to China?

 

[Evan]

Savage effect on stocks but for sure regardless of it it happened like that the idea has been around a long while. In the industry I am sure everybody has heard about those IBM servers heading out from USA that we’re tampered with, that was a while back and less sophisticated.

I am sure Dell and HPE didn’t start doing their silicon root of trust just by chance , the had to have seen the potential if not even experienced it happening to them also.

 

[iGene]

Supermicro refutes the claim in its website.

Supermicro | News | Supermicro Refutes Claims in Bloomberg Article

 

[gigatexal]

Stock dropped another 41% today... I wonder if I should try catching a knife.

Shares of the small server company at the center of a China tech spying scandal shed 41%

who is buying at these prices? I would be.

 

[wildpig1234]

its traded over the counter...

 

[Rain]

Clearly this is bad if it can be proven, but what pisses me off is not only did Bloomberg go public with the story, later they also published articles about how Supermicro's stock tanked throughout the day as well. No shit, Bloomberg! It's because you published this story!

Swinging more than once is distasteful in my opinion. Bloomberg had the market headline, they should have let the other (equally greedy...) news outlets do the Supermicro market analysis yesterday.

Edit: That, and they have been sitting on this information for months and only release it right after Supermicro celebrates its 25th Anniversary?

 

[mmo]

Facebook, Apple confirm they were targets of Supermicro malware attack

Facebook, Apple confirm they were targets of Supermicro malware attack

 

[mmo]

We might find out more during the investigation. Will keep my eyes on this.

Super Micro (SMCI) Investigated by Block & Leviton LLP For Violations of Federal Securities Laws

 

[cesmith9999]

Malware <> hardware infiltration

I can get rid of malware without a forklift.

Chris

 

[Aluminum]

Sometimes its a blend, malware could potentially become a hardware problem in practice especially with embedded firmware things like BMCs, some designs can have their normal update mechanism disabled. Then you can end up with a case of sometime its cheaper (man hours, downtime, experts etc) to forklift them out and put in replacements than get the rack lift, pop the tops and custom flash production gear one-by-one.

Regardless what we REALLY need are the real technical meat & details behind this allegation, so far its just a bunch of "journalism" crap no one can put to any use.