The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

1prophet

Diamond Member
Aug 17, 2005
5,313
534
126
Cry me a fucking river while the tiniest of violins plays. Americans are reaping what they sowed thanks to profit only matters, greed is good corporatism and cheaper is better mentality sold to the rest of us as democracy through free markets, now you all are discovering that China had ulterior motives all along and plays by a different rule book,

they rope-a-doped your dumbasses by letting American corporations believe they found a way out of overpriced American labor along with an escape of all those pesky rules, regulations, and taxes domestic manufacturing would require.

Instead they played along as American know how was transferred to their country and its industrial as well as consumer economy was built up thanks to American blind greed believing the Chinese were going to be their perpetual serfs because in their minds they would be too dumb to actually understand the high tech they were putting together.

Too bad we had to wait for Trump to actually start to do something, unfortunately all he is doing is closing the barn door long after the horse ran off, as the old saying goes a day late and a dollar short.



"
One country in particular has an advantage executing this kind of attack: China, which by some estimates makes 75 percent of the world’s mobile phones and 90 percent of its PCs. Still, to actually accomplish a seeding attack would mean developing a deep understanding of a product’s design, manipulating components at the factory, and ensuring that the doctored devices made it through the global logistics chain to the desired location—a feat akin to throwing a stick in the Yangtze River upstream from Shanghai and ensuring that it washes ashore in Seattle. “Having a well-done, nation-state-level hardware implant surface would be like witnessing a unicorn jumping over a rainbow,” says Joe Grand, a hardware hacker and the founder of Grand Idea Studio Inc. “Hardware is just so far off the radar, it’s almost treated like black magic.”

But that’s just what U.S. investigators found: The chips had been inserted during the manufacturing process, two officials say, by operatives from a unit of the People’s Liberation Army. In Supermicro, China’s spies appear to have found a perfect conduit for what U.S. officials now describe as the most significant supply chain attack known to have been carried out against American companies."
 

Paratus

Lifer
Jun 4, 2004
16,614
13,297
146
Not much to comment but I did laugh at this line about the first two customers for Elemetals video compression servers:

Two of Elemental’s biggest early clients were the Mormon church, which used the technology to beam sermons to congregations around the world, and the adult film industry, which did not.
:D
 

Ichinisan

Lifer
Oct 9, 2002
28,298
1,234
136
Literally everybody in that story (even the "victims") denies it happened, it's likely impossible with current technology to do what was described, and there's no evidence that it did happen or anyone one record claiming it did.
Gubbermint intelligence agencies won't let 'em say. Even Supermicro isn't allowed to admit it.

The article subverts the USA intelligence agencies by letting China know that we discovered their chips.
 

SlowSpyder

Lifer
Jan 12, 2005
17,305
1,001
126
One of Trump's sticking points is that China needs to stop stealing our intellectual property. Glad to have a president that has some backbone and is standing up to those that are harming us vs. kicking the can down the road.
 

Rifter

Lifer
Oct 9, 1999
11,522
751
126
Im not surprised. Ive been saying for years we need to stop buying everything from china but there arnt enough people that think this way for it to happen obviously or it would have by now. Basically we are fucked.
 

WelshBloke

Lifer
Jan 12, 2005
30,340
7,988
136
One of Trump's sticking points is that China needs to stop stealing our intellectual property. Glad to have a president that has some backbone and is standing up to those that are harming us vs. kicking the can down the road.
Seriously if they can make a "tiny microchip, not much bigger than a grain of rice" that can do what was described then they really dont need to steal your intellectual property, they are about a decade ahead.
 

BoomerD

No Lifer
Feb 26, 2006
62,681
11,025
136
Im not surprised. Ive been saying for years we need to stop buying everything from china but there arnt enough people that think this way for it to happen obviously or it would have by now. Basically we are fucked.

(from 2001)

ata.jpg
 

hal2kilo

Lifer
Feb 24, 2009
23,331
10,238
136
Im not surprised. Ive been saying for years we need to stop buying everything from china but there arnt enough people that think this way for it to happen obviously or it would have by now. Basically we are fucked.
You should work on military hardware. They decided that instead of having custom made computers that nobody would be able to hack due their proprietary nature, it's too expensive. Well, that started the whole Commercial Off The Shelf (COTS) push, to get all contractors to use as much COTS as possible in their designs. Well, due to things like the above and embedded malware in chips, there's this insane process now to get your equipment IA certified. You send them the hardware they run all kinds of classified testing software on the hardware to see if they find funny things going on. OK now you've got you equipment certified. They are absolutely freaked out about networks, even internal on a vessel (in my experience). Oh and if you find a bug in your firmware/software and need to change it, guess what, you have to go through the whole IA certification process again. This of course causes updates to take forever. Our military would not be in this position if they had not decided to go COTS. I don't think they are saving any money. Oh, guess where most of this is manufactured now.
 
  • Like
Reactions: IJTSSG

UNCjigga

Lifer
Dec 12, 2000
24,802
9,005
136
Seriously if they can make a "tiny microchip, not much bigger than a grain of rice" that can do what was described then they really dont need to steal your intellectual property, they are about a decade ahead.

I'm no hardware guru, but the chip itself doesn't need to have a ton of processing power or anything. It's basically the equivalent of hardwiring a few pins with solder, or a bypass that puts the CPU in Dev mode/engineering mode to allow remote hacks to disable basic protections for code execution.

Still, based on the diagrams, it doesn't seem like the Chinese hid these very well. I thought they'd hide it alongside resistors underneath another chip package, or at least some place it would be obscured by a heatsink or something.
 
Nov 29, 2006
15,601
4,051
136
One of Trump's sticking points is that China needs to stop stealing our intellectual property. Glad to have a president that has some backbone and is standing up to those that are harming us vs. kicking the can down the road.

He is all talk. What is he going to personally do about it?
 

Ichinisan

Lifer
Oct 9, 2002
28,298
1,234
136
I just see a page full of Apple products.

[edit]
This link should be better for people outside of Australia:
https://www.apple.com/newsroom/2018/10/what-businessweek-got-wrong-about-apple/
[/edit]

The thing is, Apple is supposedly keeping it extremely secret, even within Apple. It could be 100% true and many high-level folks in various departments within Apple will not know about it. This is probably mandated by the federal government. After businessweek wrote the article, the cat is out of the bag. China knows that we found their chips.
 
Last edited:

senseamp

Lifer
Feb 5, 2006
35,786
6,188
126
Why are there no pictures of this chip on an actual board, only illustrations?
You can make up anything you want in an illustration:
Powell_UN_Iraq_presentation%2C_alleged_Mobile_Production_Facilities.jpg


I get that companies are not excited about disclosing they may have been hacked since 2014, but supposedly there are thousands of servers out there with these chips across 30 companies, but there is no picture of this chip on any of them? I understand the article was just published, but if in the next few weeks, no IT guy finds one and leaks a picture, that would be very suspicious to me.

I want to see photo evidence of a board with this chip on it. Ideally, I would also want to see someone remove that chip, hook up another chip to the same connections and demonstrate that it's possible to do something useful while only having access to the same nets this chip had access to.

The timing is suspicious to me, just as we are in the beginnings of a trade war, we get this leak probably from our intelligence services to a publication alleging that Chinese tech supply chain is untrustworthy. With the same party in charge of government that lied about WMD's before to start a war. I am going to wait for independent confirmation. This is hardware, so it should not be difficult to find evidence if it exists.
 

JSt0rm

Lifer
Sep 5, 2000
27,399
3,947
126
Cry me a fucking river while the tiniest of violins plays. Americans are reaping what they sowed thanks to profit only matters, greed is good corporatism and cheaper is better mentality sold to the rest of us as democracy through free markets, now you all are discovering that China had ulterior motives all along and plays by a different rule book,

they rope-a-doped your dumbasses by letting American corporations believe they found a way out of overpriced American labor along with an escape of all those pesky rules, regulations, and taxes domestic manufacturing would require.

Instead they played along as American know how was transferred to their country and its industrial as well as consumer economy was built up thanks to American blind greed believing the Chinese were going to be their perpetual serfs because in their minds they would be too dumb to actually understand the high tech they were putting together.

Too bad we had to wait for Trump to actually start to do something, unfortunately all he is doing is closing the barn door long after the horse ran off, as the old saying goes a day late and a dollar short.



"
One country in particular has an advantage executing this kind of attack: China, which by some estimates makes 75 percent of the world’s mobile phones and 90 percent of its PCs. Still, to actually accomplish a seeding attack would mean developing a deep understanding of a product’s design, manipulating components at the factory, and ensuring that the doctored devices made it through the global logistics chain to the desired location—a feat akin to throwing a stick in the Yangtze River upstream from Shanghai and ensuring that it washes ashore in Seattle. “Having a well-done, nation-state-level hardware implant surface would be like witnessing a unicorn jumping over a rainbow,” says Joe Grand, a hardware hacker and the founder of Grand Idea Studio Inc. “Hardware is just so far off the radar, it’s almost treated like black magic.”

But that’s just what U.S. investigators found: The chips had been inserted during the manufacturing process, two officials say, by operatives from a unit of the People’s Liberation Army. In Supermicro, China’s spies appear to have found a perfect conduit for what U.S. officials now describe as the most significant supply chain attack known to have been carried out against American companies."


yeah fuck america!
 

WelshBloke

Lifer
Jan 12, 2005
30,340
7,988
136
I'm no hardware guru, but the chip itself doesn't need to have a ton of processing power or anything. It's basically the equivalent of hardwiring a few pins with solder, or a bypass that puts the CPU in Dev mode/engineering mode to allow remote hacks to disable basic protections for code execution.

I'm pretty sure that allowing unrestricted network access that bypasses all software protections plus manages to encrypt and tunnel to a secret server involves more than just hardworking a few pins.


Still, based on the diagrams, it doesn't seem like the Chinese hid these very well. I thought they'd hide it alongside resistors underneath another chip package, or at least some place it would be obscured by a heatsink or something.

Ummm. The diagrams are just illustrations, they don't actually correspond to anything in the real world.
 

dawp

Lifer
Jul 2, 2005
11,345
2,705
136
I'm no hardware guru, but the chip itself doesn't need to have a ton of processing power or anything. It's basically the equivalent of hardwiring a few pins with solder, or a bypass that puts the CPU in Dev mode/engineering mode to allow remote hacks to disable basic protections for code execution.

Still, based on the diagrams, it doesn't seem like the Chinese hid these very well. I thought they'd hide it alongside resistors underneath another chip package, or at least some place it would be obscured by a heatsink or something.
I've read, forgot where, the newer chip are small enough io be embedded between layers of the motherboard
 

WelshBloke

Lifer
Jan 12, 2005
30,340
7,988
136
I've read, forgot where, the newer chip are small enough io be embedded between layers of the motherboard
Apparently the new ones are on the order of dust sized. They just dust them with a crop sprayer and all your PCs are belong to them!
 

PottedMeat

Lifer
Apr 17, 2002
12,365
475
126
i'd really like to see one of these things

there may be tons of unpopulated areas on a board for test or just never removed for production. i could see a custom bga or lcc package size or SO8 ( you could hide a lot on that ) something placed on a common serial bus where it could talk and get power. i wonder why the writer said 'signal conditioning couplers' - a passive rf device