FBI Director on Whether Apple and Amazon Servers Had Chinese Spy Chips: 'Be Careful What You Read' (cnbc.com) 124
During a hearing in front of the Senate Homeland Security Committee on Wednesday, FBI Director Christopher Wray told senators to "be careful what you read," when asked about a recent story involving spy chips from China being secretly embedded into servers owned by Apple, Amazon and other big companies. From a report: Senator Ron Johnson, R-Wis., chairman of the committee, asked Wray when his agency found out about the chips that server manufacturer Super Micro implanted into server hardware, as reported last week by Bloomberg Businessweek. "I would say to the newspaper article or, I mean, the magazine article, I would say be careful what you read," Wray replied. "Especially in this context." Johnson called on Wray to speak to the accuracy of the story, telling the FBI director that, "We don't want false information out there." Wray said he couldn't offer much detail because the agency has a policy of not confirming or denying that an investigation is underway. "I do want to be careful that my comment not be construed as inferring or implying, I should say, that there is an investigation," Wray said. "We take very seriously our obligation to notify victims when they've been targeted."
Re:Well; thanks for clearing that up!! (Score:4, Informative)
I remember seeing a news article from a sensationalistic source that had a picture of a chip. I immediately though that we had one of those chips, and it was just just an RF filter with only 2 pins. Of course, no one ever had a picture of the actual alleged chip but it was funny enough that they picked some random chip in order to scare their readers while everyone in the know would have known the picture was bogus.
What are they about then? (Score:1)
This is not what "investigative journalism" and "reliable sources" are about.
Pray tell, what are those things about then? Because I certainly see no investigative anything, journalistic anything, reliable anything, or sources anything in this whole rigmarole.
You might as well say "chinese replace russians as big bad boojum, with hardware instead of network messages" and and you would have the gist of the thing nailed.
Which doesn't mean our computers are safe. They're not, and we do know this whether we admit it or not.
Re: (Score:3)
I'm not disclosed to bespeak any such information to you, nor would I, even if I had said information you want, at this juncture be able.
false (Score:2)
Re: (Score:1)
"We don't want false information out there." - he had a mouse in his pocket?
More like, he's in the NSA's pocket. He meant "the NSA is trying to subvert these chips to spy on all Americans. If they fail, we'll be sure to notify everyone affected so they can replace these servers. In the meantime, forget we ever mentioned it."
Re: (Score:2)
Re: (Score:2)
NSA wouldn't want Ron Johnson in NSA's pocket. They know he's as stupid as he says. Once in a committee hearing on stock pricing on Wall Street he explained that he used to pay gobs to trade but can now do so for $19.99 per trade, so what's the problem. The fact that money was being skimmed due to timing issues on trades wasn't something he could understand as a law enforcement issue.
Of course the skimming wasn't tied to Hillary or to those naughty Benghazis so he probably thought it was okay.
Re: (Score:1)
And you will never amount to anything. Losing. :(
Re: (Score:2)
Re: (Score:1)
It would probably be an overall improvement but there would still be problems unless you could somehow find a way to filter 5th columnists from the random selection process ahead of time.
Agreed (Score:2, Interesting)
They were warned of the school shooter in Florida before it happened and did nothing. They were told exactly who it was and what he was planning. A two minute follow up call to the school to ask if this kid was a threat or not was all it would have taken. The running joke at the school was he was going to shoot the place up. One teacher specifically asked that he be notified if the student ever showed up with a backpack.
'Be Careful What You Read' (Score:2, Flamebait)
Re: (Score:2)
Nah, the trick is not read them. They are like the odor of a public restroom that no one cleans. Best to cover your eyes and not let the misinformation in.
Re: (Score:2)
Re: (Score:2)
English must not be your first language if you can't make a joke.
Hint: Jokes are funny. You weren't.
Two other people picked up on the joke. Seriously, I expected more false outrage from Trump supporters. Your butt hurt anal fixation with creimer is pathetic.
Re: (Score:2)
What's the big deal? (Score:1)
This same guy and guys just like him (and worse) have been able to do the same thing with the legal authority of the US federal government behind them for over a decade and a half with legal immunity. Who cares what the Chinese know. The US government knows it too and they've proven they're ready to use it against you.
You're going to get fucked if you don't fall in line with big brother. The two part illusion is only a facade to keep the most dimwitted in line. That would be the Democrat and Republican voti
Just BECAUSE they're already doing it. (Score:4, Insightful)
This same guy and [others in the US "intelligence community"] have been able to do the same thing w... for over a decade and a half
Quite. They can, and do, do everything this alleged hardware hack is alleged to enable, and more. Since Snowden that's solidly on the public record, manuals and all. Since the Shadow Brokers, lots of others have been able to do some of it and/or see how it works.
Seems to me they are trying to tone down the outrage - because if it really gets going, it might (finally) be turned on them.
What's the big deal if the Chinese came up with the capability, but had to put a chip on the boards to make it happen, rather than get Intel and AMD build it into their own chip sets?
Non-Story (Score:2)
Wray made a non-statement, that he's unable to make a statement. Nothing to see here, move along.
'Be careful what you read' is ambiguous enough it doesn't necessarily imply anything one way or the other; I don't think it's supposed to be a subtle hint that we're supposed to read between the lines of. It's like the phrase "so it has come to this", it can be used in any context without adding anything of value.
Re: Non-Story (Score:1)
Re: (Score:1)
They might as well say, "We can tell you, but we'd have to kill you right after."
Re: (Score:2)
The FBI seems to be part of the problem (Score:5, Funny)
At least this statement may or may not indicate that. Maybe.
Re: (Score:1)
It's clear as daylight to me that they can't clean their own house. It's not clear whether they're aware of that and trying to fix it, or aware of that and trying to cover it up, though. In either case they're failing.
Re: (Score:1)
Peter principle corollary: The older the organization the more of it's staff will be operating at their level of incompetence.
Sometimes the right move is just to let the old one run (in quarantine), while building a new one. Then shut down the old one and set all their employees to 'no rehire'.
The FBI is past saving, only the political operatives/appointees are not at their level of incompetence. Only a few though, thank dog, or we'd be truly screwed.
Re: (Score:2)
That explains Microsoft and Apple.
Re: (Score:3)
Microsoft is by far one of the best tech companies around. WTF you neckbeard 50 yr old junior high student.
Pfft. Microsoft. Best? Totally dysfunctional. No QA. Bug city. Updates to Windows that break shit and delete shit. At random. One machine fine, the next a pile of ashes.
Dream on. The older the company the more cruft sets in. One day you'll find that out too.
Re:The FBI seems to be part of the problem (Score:4, Insightful)
What the fuck are you talking about? There's no credible information the Chinese did squat with those boards the way it's been reported. They may be up to other things but that's not what is being claimed.
Re: The FBI seems to be part of the problem (Score:1)
Re: (Score:2, Flamebait)
>Credible journalist
A what? Never heard of such a thing.
Re: (Score:2)
Credible journalist is enough for now.
You're easily swayed.
Re: (Score:2)
Re: (Score:1)
It may be the first you've heard about it but it is not the first time mistrust about specific ports on SuperMicro server boards has been expressed to me by mutual customers. And, at the time, no mention was made of the Chineese or any specific attacker, but my response was otherwise very similar to yours. Derision, disdain, arrogant contempt. Stupid naivety.
Comment removed (Score:4, Insightful)
Re:Can't confirm or deny an investigation (Score:5, Funny)
The Chinese chips are right next to the NSA chips, which are immediately below the Russian vacuum tubes.
Re: (Score:2)
Oh really? [neoseeker.com]
Pay no attention! (Score:1)
Dolt 45 said it best:
https://www.bbc.com/news/av/wo... [bbc.com]
https://www.newsday.com/long-i... [newsday.com]
"These are not the chips you are looking for!" (Score:4, Insightful)
At least it does sound like that to me. Maybe everything we read is correct, except that the attack actually was done by the NSA?
Re: (Score:2)
I've been thinking the same thing. Maybe Bloomberg has been misdirected about who is doing the spying.
Re: (Score:2)
Would explain some things...
Re: (Score:2)
Maybe everything we read is correct, except that the attack actually was done by the NSA?
Maybe an agreement was made between multiple nations' intelligence agencies to make these systems vulnerable in general, for all their benefit?
In any case, show me the components.
Re: (Score:2)
In any case, show me the components.
Indeed. And with an independent analysis on top, please.
I'll read any gods-be-damned thing I want, asshole (Score:4, Insightful)
Now, that being said, if you want to tell people to think carefully about the validity of what they read, then that's something else entirely.
Re: (Score:1)
Re: (Score:2)
I am pretty sure he meant the former, not the latter.
Re: (Score:2)
A government rep promoting critical thinking and independent thought? He'd be disappeared to a black site faster than a Saudi journalist.
Re: (Score:2)
Our Most Likely Options (Score:5, Insightful)
What could be going on?
1) Everything is exactly as Bloomberg states and the Chinese have performed a supply line hack on American industry. - The strong denials from all public sources that might confirm this, including to the public and stockholders, would seem to indicates that a serious investigation is going on and the government is ordering everybody to deny hard if not out lie to preserve it. However, why keep it secret it the cat's out of the bag? China, and anybody involved, would already know and be taking steps to cover their tracks. Seems the proper response by law enforcement to break the news and step up public investigation ASAP.
2) Bloomberg's editors and writers are just misinterpreting whatever happened to Apple that they say was a compromised driver caught in the lab coming from a variety of sources who don't really have that good of info. - Bad stain on Bloomberg's reputation and failure of their editors to preserve the brand. Will no doubt hurt their operation when things come to light as their business is acting as a reliable source of business news.
3) The authors of the article are fabricating the article either from a collection of unrelated sources, or whole of cloth and selling it to Bloomberg, perhaps not expecting the attention it's getting. - A worse stain on Bloomberg as their editors still fell for it, but pretty much ruin for the author's careers as journalists in the future.
4) Bloomberg and the authors are in cahoots to create a fictitious story that can't be confirmed or denied in order to manipulate the markets, push international policy, and/or create fear of China. - This might actually spell doom for Bloomberg, or might not. There are plenty of "news sources" that could get away with such things and nobody would even blink if it was proved to be true. Perhaps Bloomberg thinks they can get sales and get away with it at the same time. I'm sure some people have played harder and faster with more on the line and the end result would depend on how trustworthy the public actually takes Bloomberg to be to begin with. It would also probably be straying into legal territory it it turned out toe be manufactured, cause the people involved to lose their jobs, and maybe do jail time.
4)Somebody has manufactured the story and fed it to Bloomberg's authors in order to manipulate the markets, push international policy, create fear of China, hurt Bloomberg's reputation, or any combination of these. - Now we're practically back into spook territory. There are certainly people who would like to do any number of things, but to have the scale to do beyond simply option #2 would take resources and also probably venture into legal territory for acting against Bloomberg, the companies involved, China, etc.
Re: (Score:1)
How about option 1.1 (quite similar to your #1): The Chinese have done what Bloomberg claims they have done. But the FBI's (or some other 3-let federal agency) done the same, so exposing the China hack could mean exposing the hacks the US have already done or are continuing to do against China or other other countries, including presumably US allies.
Re: (Score:2)
I think it's some weird blend of 2 and 3. Note:
https://9to5mac.com/2018/10/09... [9to5mac.com]
One of the sources gave a view of what it was like to be a source for the story. The writers came with some vague 'maybes' that probably had accumulated over several previous hypotheticals and then published as absolute fact, rather than 'this is how this could go down', then doubling down on the story when it's controversial.
I don't know if they had any maliciousness or were just caught up in thinking they were unwinding peop
Re: (Score:2)
You suggest many possible factors at many tiers. A nice visual aid, that the Real Truth is not likely to be "It's exactly as they said" / "Every word is a total fabrication"
Even though simple minds only want to think binary. Good. Bad. Us. Them. True. False.
Re: (Score:2)
2) Bloomberg's editors and writers are just misinterpreting whatever happened to Apple that they say was a compromised driver caught in the lab coming from a variety of sources who don't really have that good of info
Why did Apple drop them as a supplier in that case? Did Apple go directly to the ODM and use open compute designs? I am not sure. But I don't think that it is normal to drop a supplier for a reason like an infected driver.
No secrets among the community (Score:2)
We can be sure that Chinese, if they did indeed sponsor implanting chips as described, already know if we know.
And we can be certain that the truth of this has been known for a while, by the agencies interested, globally. And for a while, possibly months. Keeping the knowledge quiet is important to fully understanding the problem, since the target servers would likely be reconfigured to obscure their true purposes, then quietly killed. And the data being sent would need to be evaluated with live examples to
I'm not saying he's wrong (Score:2)
Re: (Score:2)
I think he meant exactly "be careful what you read" with an implied "we may come after you if you read heretical texts". It is how a totalitarian state works, after all.
Re: (Score:2)
Comment removed (Score:5, Insightful)
Re: (Score:2, Informative)
If they were, you'd think that someone would have noticed the extra traffic on their network going through, or trying to get through, their firewalls.
Having attended the DEFCON and Blackhat conferences, I'm not so sure I agree with you. The level of publicly known ways to disguise malicious traffic to look like innocent traffic is quite scary.
Re:Breadcrumbs (Score:4, Insightful)
Re: (Score:2)
IIRC, that is exactly how they were discovered; through anomalous traffic.
This whole thing screams that there is a Top Secret investigation going on and that someone who knew about the compromise but not about the investigation revealed to Bloomberg.
I kind of don't care about any of this. I assume all hardware is compromised, it is merely a question of who compromised it this time. Nobody respects the rights of the average person.
PRISM talk? (Score:3)
Did the intelligence community find a way back to China?
Sending back altered data?
Did the USA have spies in China that warned the USA and the US just watched on to protect its spies?
Did one part of the US gov use methods for decryption and does not want methods talked about?
If compromised motherboards exist, so should pics (Score:4, Insightful)
The part that got me about the article was that there were no pictures of actual compromised motherboards.
Supposedly they were sold by the thousand, and the IT crews pulled them all out and replaced them. No one thought to keep one?
Or there isn't one still lying on some shelf somewhere?
Re: (Score:2)
Probably this: (Score:2)
Re: (Score:1)
Using the term "brain faggots" doesn't really help your argument any.