Thursday, October 04, 2018

Big Brother is hacked!

It is bad enough when Big Brother is your own country's government, watching you all the time and reading your email. But how about when Big Brother's servers get hacked, and somebody else's government is looking over their shoulder?

Welcome to America 2018, my friends.

Today, Supermicro sells more server motherboards than almost anyone else. It also dominates the $1 billion market for boards used in special-purpose computers, from MRI machines to weapons systems. Its motherboards can be found in made-to-order server setups at banks, hedge funds, cloud computing providers, and web-hosting services, among other places. Supermicro has assembly facilities in California, the Netherlands, and Taiwan, but its motherboards—its core product—are nearly all manufactured by contractors in China.

For a very long time I've been saying that having your hardware built in a foreign country, by slaves, is a very, very bad idea. Somebody might get a bright idea and do something to it, right?

Well, guess what. They finally did.

Nested on the servers' motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn't part of the boards' original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental's servers could be found in Department of Defense data centers, the CIA's drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.
During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.
This attack was something graver than the software-based incidents the world has grown accustomed to seeing. Hardware hacks are more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get.

The best part? This hack was NOT found by the super US Secret Squirrel gang. It was found by some un-named company in Ontario, Canada, because Amazon Web Services hired them to vet the servers. The CIA/FBI/ArmyNavyAirforceMarines/and every other alphabet-soup spook outfit was clueless. None of them checked the shit their networks ran on.

Ladies and gentlemen, every fucking thing in your life runs on hardware made in China. Your phone, your fridge, your toaster, your car. This hack was done by a chip the size of a kosher salt flake, disguised as a resistor. It had enough ROM and processing power to subvert any operating system and install its own kernel-level back door.

How easy would it be to put something like that is a car radio? If I were a Chinese Communist mastermind, I'd put something like that in car radios, and also specialized emergency services radios. I'd keep doing it for ten years, and never, ever use it. Then one day, I'd be able to shut off every car, police cruiser, fire truck and ambulance in the whole USA, and Canada, and Europe. One at a time, or all at once.

Too much? Okay, how about if I only put it in Apple iPhones? Then I could DDoS the entire telephone network.

Still too much? Okay, how about if I only subverted all those credit card swipe machines, and they all crash the same day. You can feel that one, right? Nobody carries cash, that's a problem that's right in your face.

Letting all your computer hardware be built in a foreign nation is like nailing a $100 bill to a telephone pole. Even in the most law abiding town in the world, somebody is going to take that money. Chicom apparatchiks are not the most honest people in the world.

The Phantom

Update! Welcome Instapundit! Thank you to Sarah Hoyt for the linkage!

Upperdate: Apple comes out swinging! "Its all lies, I tell you! Lies!"
 .

7 comments:

Jonathan H said...

Not surprising - people have been warning of the possibility for years!
This is part of the reason that the US military runs its own chip fab for especially sensitive stuff, like crypto chips.

However, the problem isn't as bad as it is often portrayed since US government classified networks are not only heavily encrypted, they are "air-gapped" from unclassified networks; SIPRNet and other similar systems have completely separate global networks - in other words, you can't get there from here. You have to have physical access to a portion of that network inside of special encryption hardware, which makes it much, much, much harder to cause trouble in those networks.

I've heard rumors, just rumors, that some especially sensitive projects use dedicated internal networks or even isolated, shielded, computers such as TEMPEST qualified systems. And then of course when you really need to keep things secure, there are special procedures like in Tom Clancy's Cardinal in the Kremlin where data is never transmitted or stored electronically...

I think this is a bigger issue for commercial activity than for the military.

The Phantom said...

I recall a news story ages ago that the Kremlin had brought out and dusted off all their old typewriters.

There's mention in the story that some of these back-door chips are sandwiched in the multi-layer circuit boards. I would not be shocked to discover similar hardware written into all manner of silicon manufactured in China. Like the Atmel chips that run smart lightbulbs, just ferinstance. I have no knowledge of such a thing, but if I were a Chinese spy I'd be all over the Internet of Things supply chain from processors to resistors to circuit boards. Imagine what you could do with 100,000 smart light bulbs in Ottawa.

Jonathan H said...

Yes - a very good point; this doesn't apply to just chips on circuit boards but also to chips inside chips - and those would be much harder to detect!

The Phantom said...

Yeah. If your foundry is in some other country, you don't really have assurance that the thing you want on silicon is the thing you're getting.

All of which neatly ignores what American companies might be putting in their own products. And I'm using the word "might" as a euphemism. There has been ample indirect evidence of hardware back doors in American products.

GWB said...

Jonathan H said...

Some corrections:
Classified networks are not generally run over their own private, physical internet. Yes, they are run on encrypted 'private' networks, but they still run (ultimately) over the same infrastructure once they get past a certain physical point.

Also, TEMPEST is a standard for all classified equipment, not just stand-alones. It involves separation distances from other equipment and possibly Faraday cages in certain circumstances.

But, yes, you generally have to "airgap" data to get it onto an unclassified network/machine. (And, vice versa, getting unclassified data onto a classified network. Which is a PITA.)

greyniffler said...

More likely a capacitor (filter on a power rail) than a resistor.

The Phantom said...

The Bloomberg story says "signal conditioning couplers" specifically, so you're probably right. I said resistor, because I know those things are the size of salt grains.