• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

New Evidence of Hacked Supermicro Hardware

Joined
Jan 17, 2010
Messages
10,761 (3.34/day)
Likes
7,736
Location
Oregon
System Name Delta // Alpha-HTPC
Processor Intel i7 6700K // Intel i5 4570
Motherboard GIGABYTE Z270X-Gaming K7 // Gigabyte H97M -D3H
Cooling Corsair H80i V2 // Silverstone NT-06 Pro
Memory Corsair DDR4 3000 32gb //G.SKILL Ripjaws X Series 8GB 1600
Video Card(s) EVGA GTX980ti// EVGA GTX 1050ti
Storage Samsung 950 Pro NVMe 512, 2 Tb FireCuda// Samsung 850 Pro,
Display(s) ASUS PB278Q 27" 1440X 2560 // 50" Samsung Plasma 720p
Case Corsair Obsidian Series 550D // Silverstone Granada GD05
Audio Device(s) Focusrite Scarlett // HDMI to Yamaha RX V571
Power Supply Corsair TX850M // SeaSonic G Series 550w
Mouse Logitech G502
Keyboard Cooler Master CK550 RBG
Software Windows 10 Pro 64bit // Windows 10 Pro 64bit with Kodi
#1
The more recent manipulation is different from the one described in the Bloomberg Businessweek report last week, but it shares key characteristics: They’re both designed to give attackers invisible access to data on a computer network in which the server is installed; and the alterations were found to have been made at the factory as the motherboard was being produced by a Supermicro subcontractor in China.

https://www.bloomberg.com/news/arti...ro-hardware-found-in-u-s-telecom?srnd=premium
 
Joined
Apr 8, 2010
Messages
257 (0.08/day)
Likes
51
Processor Intel Core i5 8400
Motherboard Gigabyte Z370N-Wifi
Cooling Silverstone AR05
Memory Micron Crucial 16GB DDR4-2400
Video Card(s) Gigabyte GTX1080 G1 Gaming 8G
Storage Micron Crucial MX300 275GB
Display(s) Dell U2415
Case Silverstone RVZ02B
Power Supply Silverstone SSR-SX550
Keyboard Ducky One Red Switch
Software Windows 10N + Ubuntu Linux 16.04 LTS dual boot
#2
Interested to know which OEM manufactures their boards. The largest electronics OEM in China are not really Chinese companies
 
Joined
Oct 6, 2018
Messages
220 (5.24/day)
Likes
98
System Name SALTY
Processor A10-5800K
Motherboard A75
Cooling Air
Memory 10Gig DDR133
Video Card(s) HD 7660D
Storage HDD
Display(s) 4k HDR TV
Power Supply 320 Watt
#3
The plot thickens …. wonder what will come of this?
 

FreedomEclipse

~Technological Technocrat~
Joined
Apr 20, 2007
Messages
18,204 (4.30/day)
Likes
6,375
Location
London,UK
System Name Codename: Icarus Mk.IV
Processor Intel 8600k@4.8Ghz
Motherboard Asus ROG Strixx Z370-F
Cooling Corsair H105 {2x Corsair ML 120 Pro}
Memory Corsair Vengeance White LED DDR4 3200Mhz
Video Card(s) Gigabyte 1080Ti Gaming OC
Storage WD Black Edition 512GB SSD (Boot)|WD Blue 1TB SSD|2x 3TB Toshiba DT01ACA300
Display(s) Asus PB278Q 27"
Case Corsair 760T (White) {1x Corsair ML120 Pro |3x ML140 Pro}
Audio Device(s) Creative SB Z {Speakers: Logitech Z-5500 }
Power Supply Corsair AX760
Mouse Logitech G900 Chaos Spectrum
Keyboard Duckyshine Dead LED(s) III
Software Windows 10 Pro
Benchmark Scores (ノಠ益ಠ)ノ彡┻━┻
#4
Interested to know which OEM manufactures their boards. The largest electronics OEM in China are not really Chinese companies
Foxconn possibly. But at the same time i dont think it would be them because they are a huge company and they have many many big million dorrah contracts from Apple, Samsung, Sony, Dell... the list goes on.
 

Solaris17

Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
19,908 (4.11/day)
Likes
7,024
Location
Florida
System Name Venslar
Processor I9 7980XE
Motherboard MSI x299 Tomahawk Arctic
Cooling EKWB L360 R2.0
Memory 32GB Corsair DDR4 3000mhz
Video Card(s) Gigabyte 1080TI
Storage 2x 2TB Micron SSDs | 1x ADATA 128SSD | 1x Drevo 256SSD | 1x 1TB 850 EVO | 1x 250GB 960 EVO
Display(s) 3x AOC Q2577PWQ (2k IPS)
Case Inwin 303 White (Thermaltake Ring 120mm Purple accent)
Audio Device(s) Realtek ALC 1220 on Audio-Technica ATH-AG1
Power Supply Seasonic 1050W Snow
Mouse Roccat Tyon White
Keyboard Ducky Shine 6 Snow White
Software Windows 10 x64 Pro
#5
This doesn't make alot of sense. Still 0 proof. No white papers or disassembly.

And most of all. You cant NOT see the network traffic.

You are telling me these companies went 3 years with super micro devices connected to business critical infra and did not see a peep in wireshark, monitoring software, edge firewalls, transport logs?

please.

meanwhile all of my supermicro servers are quite as ghosts when put on private lans and analyzed.
 
Joined
Apr 30, 2012
Messages
2,920 (1.22/day)
Likes
1,783
#6
This doesn't make alot of sense. Still 0 proof. No white papers or disassembly.

And most of all. You cant NOT see the network traffic.

You are telling me these companies went 3 years with super micro devices connected to business critical infra and did not see a peep in wireshark, monitoring software, edge firewalls, transport logs?

please.

meanwhile all of my supermicro servers are quite as ghosts when put on private lans and analyzed.
Doubt Sepio Systems would be so public about it if it wasnt the case.

Three security experts who have analyzed foreign hardware implants for the U.S. Department of Defense confirmed that the way Sepio's software detected the implant is sound. One of the few ways to identify suspicious hardware is by looking at the lowest levels of network traffic. Those include not only normal network transmissions, but also analog signals -- such as power consumption -- that can indicate the presence of a covert piece of hardware.
 

Frick

Fishfaced Nincompoop
Joined
Feb 27, 2006
Messages
15,571 (3.35/day)
Likes
6,053
Location
Piteå
System Name A dancer in your disco of fire
Processor i3 4130 3.4Ghz
Motherboard MSI B85M-E45
Cooling Cooler Master Hyper 212 Evo
Memory 4 x 4GB Crucial Ballistix Sport 1400Mhz
Video Card(s) Asus GTX 760 DCU2OC 2GB
Storage Crucial BX100 120GB | WD Blue 1TB x 2
Display(s) BenQ GL2450HT
Case AeroCool DS Cube White
Power Supply Cooler Master G550M
Mouse Intellimouse Explorer 3.0
Keyboard Cherry MX-Board 3.0
Software Windows 10 Pro
Benchmark Scores I once had +100 dorfs in DF, so yeah pretty great
#7
Foxconn possibly. But at the same time i dont think it would be them because they are a huge company and they have many many big million dorrah contracts from Apple, Samsung, Sony, Dell... the list goes on.
I read (can't remember if it was in the original piece or someones opinion about it) that they subcontract to smaller players when they have increased demands and not enough capacity to go around. So not Foxconn.

This doesn't make alot of sense. Still 0 proof. No white papers or disassembly.

And most of all. You cant NOT see the network traffic.

You are telling me these companies went 3 years with super micro devices connected to business critical infra and did not see a peep in wireshark, monitoring software, edge firewalls, transport logs?

please.

meanwhile all of my supermicro servers are quite as ghosts when put on private lans and analyzed.
Honest question: how would they be able to tell? I don't know how enterprise network security works, but given that a lot of them are hacked to begin with, or host stuff, how wold they know? I assume they have automatic systems in place; how do they tell nefarious connections from normal activity?
 
Joined
Apr 30, 2012
Messages
2,920 (1.22/day)
Likes
1,783
#8
Honest question: how would they be able to tell? I don't know how enterprise network security works, but given that a lot of them are hacked to begin with, or host stuff, how wold they know? I assume they have automatic systems in place; how do they tell nefarious connections from normal activity?
From the article

In the case of the telecommunications company, Sepio's technology detected that the tampered Supermicro server actually appeared on the network as two devices in one. The legitimate server was communicating one way, and the implant another, but all the traffic appeared to be coming from the same trusted server, which allowed it to pass through security filters.
 

Solaris17

Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
19,908 (4.11/day)
Likes
7,024
Location
Florida
System Name Venslar
Processor I9 7980XE
Motherboard MSI x299 Tomahawk Arctic
Cooling EKWB L360 R2.0
Memory 32GB Corsair DDR4 3000mhz
Video Card(s) Gigabyte 1080TI
Storage 2x 2TB Micron SSDs | 1x ADATA 128SSD | 1x Drevo 256SSD | 1x 1TB 850 EVO | 1x 250GB 960 EVO
Display(s) 3x AOC Q2577PWQ (2k IPS)
Case Inwin 303 White (Thermaltake Ring 120mm Purple accent)
Audio Device(s) Realtek ALC 1220 on Audio-Technica ATH-AG1
Power Supply Seasonic 1050W Snow
Mouse Roccat Tyon White
Keyboard Ducky Shine 6 Snow White
Software Windows 10 x64 Pro
#9
I read (can't remember if it was in the original piece or someones opinion about it) that they subcontract to smaller players when they have increased demands and not enough capacity to go around. So not Foxconn.



Honest question: how would they be able to tell? I don't know how enterprise network security works, but given that a lot of them are hacked to begin with, or host stuff, how wold they know? I assume they have automatic systems in place; how do they tell nefarious connections from normal activity?
It really depends. and for that I will water it down not because I dont think anyone will get it but because its easier for me to do with all the thoughts swimming in my head.

The traffic is probably encrypted.

This is fair and means that your right they wouldnt be able to "see" that it went to www.china.com

However.

Its the practice that makes me so sceptical and there are many sides and moving parts to that.

1: These are high profile companies (makes sense for a supply chain attack right?) like google alot of carrier grade companies customize the BIOS of these servers.

2: These companies arent just "ISPs" they are TRANSPORT providers they peer (move) traffic between sub sea cables and route between carrier (ISP) networks.

3: Systems that get dropped into this type of environment are stringently tested they do not just buy servers and switches and throw up a new data center equipment buildouts just to handle a small area in say your city cost millions in planning and architecting.

4: Suppose even if it were true and even if the data were encrypted, the server itself does not do routing. supermicro does not make Cisco 9508 core network racks. These servers probably cover a multitude of pourposes and might even be just a small server part of a much larger node or cluster that actually holds data. This is important because security is on everyones mind in the network/admin field right now. These servers are behind managmeent VLANs and are only permitted access to specific things.

With that said. The job of any carrier is to transport packets. It is a common misconception that a "good ISP" will protect me from bad guys are bad things. (maybe not at TPU but you would be surprised) that is not the case. A carrier network moves traffic lots of it. Whats important about this though is that rightly so, they would not "block" this traffic from going to any country its that if it originates on the "servers" it probably wont get to see the light of day.

Like I said while carriers do not generally employ any kind of blocking on the carrier level these servers are protected assets. They are only allowed to communicate with this or that network, they are also only accessible via specified VLANs and OOB (out of band) management systems.

The calls home would never connect. They wouldnt be allowed to get a public route.

This is where it starts to tie together. You see wireshark network monitoring edge firewalls and controlled routes deal with too much traffic to see this kind of thing. The operators are human. Thats exactly why I dont trust it though. Because its the SERVERs that are "compromised" and its the SERVERs that WOULD get caught. The internal core servers will trigger alerts and logs before any core router tells the night, switch operator that you are going to a porn site.


I am not saying I am smarter then these people. I am just saying the way this story sounds does not add up to best practice. My concentration is in security and thats not how this works. The amended article mentions people that worked for the CIA checked it and stated the way they discovered the bug is sound.

Ok but who was it?

Why isn't Sepio releasing the documents?

Why was supermicro only given 24 hours to respond when the industry (security and bug) generally mandated 90 days before public release?

How come the most guarded global network carriers did not see illegitimate traffic trying to transverse there network?

In situations like this you have to be on guard. There is no story to be had in the security industry, only facts. Without a picture and documentation it is NOT real.

From the article
That still makes no sense. That data has to want to GO somewhere. even encrypted it is attempting to transport to some IP address or polling DNS for a domain that isnt supermicro. There is an infinitesimally small chance this wouldnt be seen. Show me the logs.

Anyway thanks for asking. It's always good to want to know a bit more. Would love to see how it pans out. If true the tech behind it is amazing, or gross negligence of some of the biggest tech companies on the planet. Should be a hell of a ride or lastly its all BS. Should be a fun ride.
 
Joined
Mar 18, 2008
Messages
3,673 (0.94/day)
Likes
2,724
System Name Virtual Reality / Bioinformatics
Processor Undead CPU
Motherboard Undead TUF X99
Cooling Noctua NH-D15
Memory GSkill 128GB DDR4-3000
Video Card(s) EVGA 2080Ti
Storage Samsung 960 Pro 1TB
Display(s) Acer K272HUL, HTC Vive
Case Fractal Design R5
Power Supply Seasonic 850watt
Mouse Logitech Master MX
Keyboard Corsair K70 Cherry MX Blue
Software Windows 10 Professional/Linux Mint
#10
I will just quote from HardOCP comments:

I have a theory -



National security experts say a key problem is that, in a cybersecurity industry approaching $100 billion in revenue annually, very little of that has been spent on inspecting hardware for tampering. That's allowed intelligence agencies around the world to work relatively unimpeded, with China holding a key advantage.​

And the guy 'blowing the whistle' is the Co-CEO of a firm that does security analysis on hardware.........and had no evidence to back up his claim that he found stuff.....

And now -



In the wake of Bloomberg's reporting on the attack against Supermicro products, security experts say that teams around the world, from large banks and cloud computing providers to small research labs and startups, are analyzing their servers and other hardware for modifications, a stark change from normal practices. Their findings won't necessarily be made public, since hardware manipulation is typically designed to access government and corporate secrets, rather than consumer data.​

I wonder if his business has increased 100 fold in the last week?

Discovered by another Israeli security company... Just like CTS Labs and the AMD CPU "vulnerability"... Strikes me as just a little bit odd.

Something about this whole thing stinks.


Not the first time someone behind is trying to stir the water a bit. I am not buying this shit.
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
19,859 (4.54/day)
Likes
4,031
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k :: Athlon II x4 630
Motherboard ASUS P8P67 Pro :: GIgabyte GA-770T-USB3
Cooling Corsair H70 :: Thermaltake Big Typhoon
Memory 2x4GB DDR3 1866 :: 2x1GB DDR3 1333
Video Card(s) 2x PNY GTX1070 :: none
Storage Plextor M5s 128GB, WDC Black 500GB :: Mushkin Enhanced 60GB SSD, WD RE3 1TB
Display(s) Acer P216HL HDMI :: None
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Onboard - iLive IT153B Soundbar (optical) :: None
Power Supply EVGA 500w 80 Plus :: Wounded Corsair CX600
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
#11
We could be reading this story for a lot of reasons. Maybe it's true, or maybe it's a smear campaign targeted at Supermicro, or maybe China. Who knows?
 
Joined
Apr 8, 2010
Messages
257 (0.08/day)
Likes
51
Processor Intel Core i5 8400
Motherboard Gigabyte Z370N-Wifi
Cooling Silverstone AR05
Memory Micron Crucial 16GB DDR4-2400
Video Card(s) Gigabyte GTX1080 G1 Gaming 8G
Storage Micron Crucial MX300 275GB
Display(s) Dell U2415
Case Silverstone RVZ02B
Power Supply Silverstone SSR-SX550
Keyboard Ducky One Red Switch
Software Windows 10N + Ubuntu Linux 16.04 LTS dual boot
#12
Foxconn possibly. But at the same time i dont think it would be them because they are a huge company and they have many many big million dorrah contracts from Apple, Samsung, Sony, Dell... the list goes on.
I guessed foxconn as well, but like you said, it has way too many ties with US businesses. It would also make people think twice about using Taiwanese OEM's.
 
Joined
Sep 7, 2017
Messages
2,859 (6.56/day)
Likes
1,354
System Name Blackbox
Processor Intel i7-7820x
Motherboard SM C9X299-PG300
Cooling H100i
Memory 16GB 2666..tentatively
Video Card(s) Powercolor Vega 64
Storage 900p 280GB/Barracuda 10TB
Display(s) Viewsonic VX2457 + Samsung 4KTV/Freesync
Case Corsair C70
Power Supply AX860i
Software Win 10 Pro
#13
We could be reading this story for a lot of reasons. Maybe it's true, or maybe it's a smear campaign targeted at Supermicro, or maybe China. Who knows?
I'm almost inclined to believe it. I don't want to however.. since I'm a fan of SM.

edit: I should point out that California has too many ties to China in general. So it wouldn't surprise me. Google and Apple are already kowtowing to them as it is (newly leaked Google docs show just how much - link). Even a Senator - Dianne Feinstein - had a chauffer for 20 years who turned out to be a spy for China. And somehow she didn't know. Nor is our government investigating it, as of yet. And somehow even our media doesn't want to talk about it enough (.. although there's the occassional editorial - link). I find this is even more bizarre than the Super Micro business. And it's much bigger than Super Micro too.
 
Last edited:

dorsetknob

"YOUR RMA REQUEST IS CON-REFUSED"
Joined
Mar 17, 2005
Messages
7,637 (1.53/day)
Likes
9,649
Location
Dorset where else eh? >>> Thats ENGLAND<<<
#14
SuperMicro Should Reverse engineer several of their own boards ( random sampling) after all they own the blueprints/specs and know exactly what Semiconductor components should be installed.
They can then confirm that the Boards are made as they Designed and spec'ed them with the Correct components as per those original Blueprints.
 
Joined
Jul 16, 2014
Messages
2,600 (1.64/day)
Likes
1,319
Location
SE Michigan
System Name Dumbass
Processor AMD-9370BE @4.6
Motherboard ASUS SABERTOOTH 990FX R2.0 +SB950
Cooling CM Nepton 280L
Memory G.Skill Sniper 16gb DDR3 2400
Video Card(s) GreenTeam 1080 Gaming X 8GB
Storage C:\SSD (240GB), D:\Seagate (2TB), E:\Western Digital (1TB)
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Logitech G700s
Keyboard Logitech G910 Orion Spark
Software windows 10
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
#15
I would assume that large orders of products would be negotiated to follow certain specifications and price. So it wouldnt surprise me that custom orders deem it necessary to make new motherboards from scratch, at which time they can be modified without customer knowledge.

tinhat wearers agree. :kookoo:
 
Joined
Sep 7, 2017
Messages
2,859 (6.56/day)
Likes
1,354
System Name Blackbox
Processor Intel i7-7820x
Motherboard SM C9X299-PG300
Cooling H100i
Memory 16GB 2666..tentatively
Video Card(s) Powercolor Vega 64
Storage 900p 280GB/Barracuda 10TB
Display(s) Viewsonic VX2457 + Samsung 4KTV/Freesync
Case Corsair C70
Power Supply AX860i
Software Win 10 Pro
#16
I would assume that large orders of products would be negotiated to follow certain specifications and price. So it wouldnt surprise me that custom orders deem it necessary to make new motherboards from scratch, at which time they can be modified without customer knowledge.

tinhat wearers agree. :kookoo:
It's tinfoil hats. I don't think regular tin hats have the correct magical calibration. :p

I imagine the custom orders follow a standard template.. but yeah, it's more open to abuse.
 
Joined
Mar 2, 2011
Messages
916 (0.33/day)
Likes
1,057
Location
Omaha, NE
#17
I buy my straw hats in January. So, please shoot me a message if the price of SM motherboards crash. I had one a few years ago and I'd like another.

It was an extremely solid board once I got past my own ignorance....:).

Best,

Liquid Cool
 
Joined
Oct 6, 2018
Messages
220 (5.24/day)
Likes
98
System Name SALTY
Processor A10-5800K
Motherboard A75
Cooling Air
Memory 10Gig DDR133
Video Card(s) HD 7660D
Storage HDD
Display(s) 4k HDR TV
Power Supply 320 Watt
#18
It was a few years back now so I can't remember if it was on the news or I read it or both, but anyway it was about those credit card reader they have in petrol stations, they found out that they where stealing credit card info and sending info to some server (something along those lines) then they found that these where being installed at the factory where they where made, it turned out someone or group had infiltrated the work force and where installing these devices at the factory, the company was not aware this was going on until it was reported.

so I guess its always poss that rouge people/organisation could of infiltrated the factory and the owners probs would never know, not saying that's what happened but that stuff can and does happen.
 
Joined
Nov 20, 2013
Messages
3,069 (1.68/day)
Likes
3,075
Location
Kiev, Ukraine
System Name Evil Midget
Processor i3-6100
Motherboard MSI B150I PRO AC
Cooling Noctua NH-L9i
Memory 2x8GB Kinkston HyperX DDR4-2133 CL14
Video Card(s) ASUS GTX950 MINI
Storage Samsung XP941, Sandisk X400 512GB
Display(s) Samsung U24E590D (4K/UHD)
Case LianLi Q11B
Audio Device(s) Int.
Power Supply SeaSonic 450W 80+ GOLD
Mouse Logitech G5
Keyboard Zalman K500 modded
Software Windows 10
Benchmark Scores Can fit into a backpack =)
#19
The story is kind of shady at best.

First, it was a chip embedded into motherboard, then it was a software hack, then it was both of the above, only now embedded into Ethernet port...
In all instances it started w/ Bloomberg publishing this stuff on behalf of Sepio, and in all instances there is nothing to go by except "an anonymous source from a high-profile tech company" and "[insert your super-serious agency here] has confirmed". Even went as far as making these scary infographics with components being stripped away off the motherboard to reveal a tiny spec, or making photos of some random UDFN-6 component near the pencil tip to make it look even scarier...
 
Joined
Dec 10, 2017
Messages
149 (0.44/day)
Likes
63
Processor Intel core i5 4590s
Motherboard Asus Z97 Pro Gamer
Cooling Evercool EC115A 915SP Cpu cooler,Coolermaster [200mm (front and top)+140mm rear]
Memory Corsair 16GB(4x4) ddr3 CMZ16GX3M4X1600C9(Ver8.16)(XMP)
Video Card(s) MSI GTX 970 GAMING 4G
Storage Western Digital WDC WD2001FAS 2TB Black, Toshiba DT01ACA100 1TB
Display(s) LG Flatron L177WSB
Case Coolermaster CM Storm Enforcer
Audio Device(s) Creative A550 Speakers 5.1 channel
Power Supply SuperFlower Leadex 2 Gold 650W SF-650F14EG
Mouse PLNK M-740 Optical Mouse
Keyboard ibuypower GKB100 Gaming Keyboard
Software Windows 7 Sp1 64 bit
#20
focus has shifted from methodology and implications of hack to verification of validity of claims...I have lost interest
 

Frick

Fishfaced Nincompoop
Joined
Feb 27, 2006
Messages
15,571 (3.35/day)
Likes
6,053
Location
Piteå
System Name A dancer in your disco of fire
Processor i3 4130 3.4Ghz
Motherboard MSI B85M-E45
Cooling Cooler Master Hyper 212 Evo
Memory 4 x 4GB Crucial Ballistix Sport 1400Mhz
Video Card(s) Asus GTX 760 DCU2OC 2GB
Storage Crucial BX100 120GB | WD Blue 1TB x 2
Display(s) BenQ GL2450HT
Case AeroCool DS Cube White
Power Supply Cooler Master G550M
Mouse Intellimouse Explorer 3.0
Keyboard Cherry MX-Board 3.0
Software Windows 10 Pro
Benchmark Scores I once had +100 dorfs in DF, so yeah pretty great
#21
I will just quote from HardOCP comments:







Not the first time someone behind is trying to stir the water a bit. I am not buying this shit.
The story is kind of shady at best.

First, it was a chip embedded into motherboard, then it was a software hack, then it was both of the above, only now embedded into Ethernet port...
In all instances it started w/ Bloomberg publishing this stuff on behalf of Sepio, and in all instances there is nothing to go by except "an anonymous source from a high-profile tech company" and "[insert your super-serious agency here] has confirmed". Even went as far as making these scary infographics with components being stripped away off the motherboard to reveal a tiny spec, or making photos of some random UDFN-6 component near the pencil tip to make it look even scarier...
But Sepio wasn't involved in the first article afaik, the Ethernet thing was much later.

This is important because security is on everyones mind in the network/admin field right now.
Thanks for the answer! I highlighted this bit as the attacks were supposedly done some years ago, and I know (or at least assume, from randomly following Krebs and various tech sites articles :p) the security field evolves pretty fast... Is it possible it was easier to do this in 2014/15 than today?
 

newtekie1

Semi-Retired Folder
Joined
Nov 22, 2005
Messages
25,560 (5.39/day)
Likes
11,870
Location
Indiana, USA
Processor Intel Core i7 8700K@4.8GHz(Quick and dirty)
Motherboard AsRock Z370 Taichi
Cooling Corsair H110i GTX w/ Noctua NF-A14 Fans
Memory 32GB Corsair DDR4-3000
Video Card(s) ASUS Strix GTX 1080Ti
Storage 500GB Crucial MX500 + 2TB Seagate Solid State Hybrid Drive with 480GB MX200 SSD Cache
Display(s) QNIX QX2710 1440p@120Hz
Case Fractal Design Define S
Audio Device(s) Onboard is good enough for me
Power Supply Corsair HX850
Software Windows 10 Pro x64
#22
https://www.servethehome.com/yossi-...-positioning-his-research-against-supermicro/

IMO, this is a better article on the issue. The security firm that allegedly found the issues didn't just find them in Supermicro products, and they can't be sure it was put there during manufacturing in China.

The thing that I find interesting is we have yet even see this supposed hardware that they found. It hasn't been analyzed by any other source to figure out exactly what it is and what it does.
 
Joined
Sep 15, 2011
Messages
5,011 (1.91/day)
Likes
1,387
Processor Intel Core i7 3770k @ 4.3GHz
Motherboard Asus P8Z77-V LK
Memory 16GB(2x8) DDR3@2133MHz 1.5v Patriot
Video Card(s) MSI GeForce GTX 1080 GAMING X 8G
Storage 59.63GB Samsung SSD 830 + 465.76 GB Samsung SSD 840 EVO + 2TB Hitachi + 300GB Velociraptor HDD
Display(s) Acer Predator X34 3440x1440@100Hz G-Sync
Case NZXT PHANTOM410-BK
Audio Device(s) Creative X-Fi Titanium PCIe
Power Supply Corsair 850W
Mouse Anker
Software Win 10 Pro - 64bit
Benchmark Scores 30FPS in NFS:Rivals
#23
I think everybody should relax for a bit and chill the hypocrisy.
You are all acting like China spying on US it's the worst thing happened since the invention of Politics or Java. :laugh::laugh:
The US had and has the most advances spying System in the world with the tentacles spread all over the world. Heck, the Internet itself it's the biggest and most complex tool ever developed by Humanity, with all it's 7 Layers possible to hacking, spying, etc, etc.
This news it's just a grain in the sand, more bashing on China, just because...
 
Joined
Aug 20, 2007
Messages
10,141 (2.47/day)
Likes
9,102
System Name Pioneer
Processor Intel i7 8700k @ 5.0 GHz All-Core + Uncore & AVX Offset @ 0
Motherboard ASRock Z370 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 14-14-14-34-2T
Video Card(s) EVGA GTX 1080 FTW2
Storage HGST UltraStar 7K6000 3.5" HDD 2TB 7200 RPM (w/128MBs of Cache)
Display(s) BenQ BL3200PT (a 1440p VA Panel with decent latency)
Case Thermaltake Core X31
Audio Device(s) Onboard Toslink to Schiit Modi Multibit to Asgard 2 Amp to AKG K7XX Ruby Red Massdrop Headphones
Power Supply Seasonic PRIME 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Keycaps, Blue legends
Software Windows 10 Enterprise (From former workplace, yay no telemetry)
Benchmark Scores FSExt/TS: FSExt 10734:https://www.3dmark.com/fs/16266163 TS 8154:https://www.3dmark.com/spy/4331316
#24
Doubt Sepio Systems would be so public about it if it wasnt the case.
So it either is a recent occurance, or this stinks to high heavens precisely because it's not real. I'm not sure which one is more plausible honestly... But there is no way this has been going on long term and no one noticed the net traffic.

Either way, I remain a skeptic without documentation (which if this is real, should benefit everyone). The fact that none has been provided stinks to high heavens and has me in @Solaris17's camp

The thing that I find interesting is we have yet even see this supposed hardware that they found. It hasn't been analyzed by any other source to figure out exactly what it is and what it does.
This. So much this.
 

Solaris17

Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
19,908 (4.11/day)
Likes
7,024
Location
Florida
System Name Venslar
Processor I9 7980XE
Motherboard MSI x299 Tomahawk Arctic
Cooling EKWB L360 R2.0
Memory 32GB Corsair DDR4 3000mhz
Video Card(s) Gigabyte 1080TI
Storage 2x 2TB Micron SSDs | 1x ADATA 128SSD | 1x Drevo 256SSD | 1x 1TB 850 EVO | 1x 250GB 960 EVO
Display(s) 3x AOC Q2577PWQ (2k IPS)
Case Inwin 303 White (Thermaltake Ring 120mm Purple accent)
Audio Device(s) Realtek ALC 1220 on Audio-Technica ATH-AG1
Power Supply Seasonic 1050W Snow
Mouse Roccat Tyon White
Keyboard Ducky Shine 6 Snow White
Software Windows 10 x64 Pro
#25
But Sepio wasn't involved in the first article afaik, the Ethernet thing was much later.



Thanks for the answer! I highlighted this bit as the attacks were supposedly done some years ago, and I know (or at least assume, from randomly following Krebs and various tech sites articles :p) the security field evolves pretty fast... Is it possible it was easier to do this in 2014/15 than today?
hm, I'm not sure, I cant imagine it would be though. remember these servers are only in production for 3-5 years before they are swapped out if the company makes enough (which these companies do) so that would only raise my doubt higher. As for actual detection, I dont think the capacity would have changed that much. The protocols monitored came out in the 80s. The evolution of the modern data center has certainly changed alot and the security of such is certainly more complex. At the end of the day though traffic cant go from X to X remains the same. We just have fancy graphs and more VMs now.
 
Top