Anonymous ID: 4009bd Dec. 8, 2018, 11:51 a.m. No.4216054   🗄️.is 🔗kun   >>6132

>>4215309 (LB)

>>4215687 (LB)

From Oct 9 2018

https://www.bloomberg.com/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecom

A major U.S. telecommunications company discovered manipulated hardware from Super Micro Computer Inc. in its network and removed it in August, fresh evidence of tampering in China of critical technology components bound for the U.S., according to a security expert working for the telecom company.

 

Based on his inspection of the device, Appleboum determined that the telecom company's server was modified at the factory where it was manufactured. He said that he was told by Western intelligence contacts that the device was made at a Supermicro subcontractor factory in Guangzhou, a port city in southeastern China. Guangzhou is 90 miles upstream from Shenzhen, dubbed the `Silicon Valley of Hardware,’ and home to giants such as Tencent Holdings Ltd. and Huawei Technologies Co. Ltd.

>Not AT&T, Verizon or Sprint according to spokespeople

The manipulation of the Ethernet connector appeared to be similar to a method also used by the U.S. National Security Agency, details of which were leaked in 2013. In e-mails, Appleboum and his team refer to the implant as their “old friend,” because he said they had previously seen several variations in investigations of hardware made by other companies manufacturing in China.

Appleboum said one key sign of the implant is that the manipulated Ethernet connector has metal sides instead of the usual plastic ones. The metal is necessary to diffuse heat from the chip hidden inside, which acts like a mini computer. "The module looks really innocent, high quality and 'original' but it was added as part of a supply chain attack," he said.

Anonymous ID: 4009bd Dec. 8, 2018, 11:56 a.m. No.4216132   🗄️.is 🔗kun

>>4216054

>Oct 04, 2018

https://www.datacenterknowledge.com/security/aws-apple-supermicro-attack-bloomberg-s-spy-chip-report

Amazon, Apple, and Supermicro went on the offensive Thursday. All three issued statements saying the report’s central claims were false. Statements by Amazon and Apple each pointed out multiple alleged inaccuracies in the report to make their case.

 

Amazon discovered the malicious chips in 2015 during due diligence in connection with its acquisition of the video streaming software company Elemental, according to the report. A security contractor working for Amazon made the discovery as its engineers were testing Elemental’s hardware, which was based on Supermicro motherboards.

 

Amazon reported the discovery to US authorities then, spurring an investigation by US intelligence agencies that is still open today, the report said.

 

Apple, which had already been a major Supermicro customer, was planning to buy another 30,000 servers from the vendor in 2015, when it also discovered the chip, “three senior insiders at Apple” told BusinessWeek.

 

If true, the report’s consequences are sure to ripple well beyond the three companies or the other two dozen or so companies said to have been affected.

 

IBM has been known as a big customer of Supermicro, which supplied servers for its cloud business, formerly known as SoftLayer. Last year, Intel was reported to have placed a massive Supermicro server order for one of its data centers.