Home
Artists
Search
Recent
Random
Posts
DMs
Tags
Random
Importer
Import
FAQ
Account
Register
Favorites
Login
Weekly Column - China's Tiny Hack Into Big Data (Patreon)
Content
You can get this newsletter by backing DTNS for $5 a month or more at http://patreon.com/dtns
Welcome to the weekly column for DTNS Patrons. Yay! That's you. We love you. This week regular Tom digs in on the China story.
Why the China hack is more significant than others -- if true.
It's rare that a legitimate outfit like Bloomberg BusinessWeek sees such flat denials as they have from the China hardware hack story regarding Supermicro.
To be fair Bloomberg has done it's done its work. The editorial staff of Bloomberg cites six current and former senior national security officials. Two people inside AWS provided info on how the attack played out at Elemental. 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks.
And yet Apple and Amazon are unwavering in their denial. It's possible that they have picked carefully chosen language that if you know all the facts doesn't actually contradict the sources. But Amazon issued a full page denial refuting the Bloomberg piece in detail.
Apple also has now issued a detailed denial.
https://www.apple.com/au/newsroom/2018/10/what-businessweek-got-wrong-about-apple/
This is important because if this hack happened it's one of the most sophisticated attacks ever accomplished.
The attackers had to design a device that wouldn't be easily noticed. It had to work inside the computer without calling attention to itself. It had to work well enough to be useful though. Any developer and hardware designer can tell you these issues alone are very hard to pull off. Heck a lot of it is hard to pull off when it's meant to happen, the difficulty multiplier is huge when it needs to be clandestine.
Then there is the hurdle of getting it on the factory floor without anyone noticing. This apparently meant bribing and/or threatening plant managers. It meant none of them would flip and it meant know floor personnel would notice. A lot of the second depends on the good deign.
Then you have to get it where it's going. That means making sure your motherboards with the special processor are only made for and shipped to your targets. It would be easier to must make all the motherboards with the special processor but that increases the probability of being caught. You know how hard shipping it is despite Amazon sometimes making it look easy. This is a logistical problem that makes detection even more possible.
Finally you have to hope companies employ the hardware without noticing. You have to hope your software and hardware work without fail. And you have to hope your network activity is shrouded enough not to be detected.
And this last is where it fell apart. Apple noticed. And Amazon noticed, according to Bloomberg. And then the FBI was able to pull at the thread and unravel a lot of the rest.
Now. It's going to be tempting to think this shows you can't trust Chinese manufacturing. And a lot of companies will reasonably make moves away from it. And it will be tempting to worry about every device that has chines-made parts in it. And companies should rightly crack down further on safety measures with overseas plants.
But the difficulty of this is also somewhat reassuring. It didn't succeed in the end. It was uncovered. And it will be even harder to pull off again.
Unless of course it didn't happen...
In which case the question is, what would be in it for the 17 people in and out of government to all confirm this story to Bloomberg BusinessWeek?
Answers may or may not come. But the story is fascinating for what it is, without exaggerating it at all.
NEWS
Nintendo’s working on a new Switch console to be released in 2019, sources tell the The Wall Street Journal. The new consolse my have an updated screen but other details are thin at this time. No word on a price for the updated Switch, which reportedly could arrive as early as next summer. https://techcrunch.com/2018/10/04/a-new-nintendo-switch-is-reportedly-arriving-next-year/
Microsoft announced the 28-inch touchscreen Surface Studio 2, an updated version of its all-in-one PC. The foldable desktop is supposed to be 38% brighter with 22% more contrast. You can get it with NVIDIA GeForce GTXl 1060 or 1070 graphics cards. Prices start at $3,499 available November 15. https://www.businessinsider.com/microsoft-surface-studio-2-photos-specs-and-details-2018-10
The Microsoft Surface Pro 6 comes with Intel's 8th gen prcocessors and is available in black. Improved cooling supports quad-core processors and it's supposed to last 13.5 hours on a charge. It also does NOT have USB-C ports yet. The Surface Pro 6 starts at $899 with an Intel Core i5 processor, available on October 16th. https://www.theverge.com/2018/10/2/17927510/microsoft-surface-pro-6-2018-intel-new-features-specs-price-release-date
And the The 1.7 pound Surface Laptop 2 also comes with 8th-gen Intel core processors, starting at 128 GB of SSD storage up to 1 TB with 8 or 16 GB of RAM. Microsoft claims it has the thinnest LCD for a touchscreen panel and gets 13.5 hours of battery life. It also does not have a USB-C port but does come in black. The Surface Laptop 2 starts at $999, available for preorder now shipping October 16. https://venturebeat.com/2018/10/02/microsoft-refreshes-surface-laptop-and-surface-pro-with-updated-specs-and-black-variants/
Microsoft also announced its first set of Surface Headphones. The over-the-ear headphones have Cortana built in and 13 levels of noise-canceling you can adjust by rotating a ring on the left ear. Music pauses when you take the headphones off and resumes when you put them back on. A touch area on the earcups also controls playback. It uses Bluetooth 4.2 and charges over USB-C. Battery life is claimed to be 15 hours. Surface Headphones come to the US this autumn for $350. https://www.cnet.com/reviews/microsoft-surface-headphones-preview/
Along with new hardware, Microsoft announced Microsoft Surface All Access. This lets you buy a Surface device for a monthly fee over a two year period which includes access to Office 365 in-store training and top-tier support. The Surface Go costs $25 a month, the Surface Book 2 $55, the Surface Pro $48, the Surface Laptop $47 and the Surface Studio $151. https://www.thurrott.com/mobile/microsoft-surface/183634/microsoft-announces-new-surface-all-access-subscription-service
Finally Microsoft made the Windows 10 October 2018 update available with automatic updates to start next week. https://www.cnbc.com/2018/10/03/how-to-get-windows-10-october-2018-update.html
Amazon announced it’s raising the minimum wage for all U.S. employees - more than 250,000 Amazon employees — including part-time and temporary employees — as well as another 100,000 seasonal employees to $15, effective next month. Amazon said it will also start advocating for an increase to the federal minimum wage. Amazon is also raising wages for British employees to a minimum of £10.50 ($13.61) for workers in London and £9.50 ($12.31) in the rest of the country. Target announced in its holiday hiring release it would raise minimum hourly wage to $15 by 2020. Walmart announced plans in January to raise its minimum wage to $11. https://www.cnbc.com/2018/10/02/amazon-raises-minimum-wage-to-15-for-all-us-employees.html
Some Amazon employees have complained that despite the hourly wages being raised, they are losing stock awards and bonuses. Amazon stock trades at near $2,000 a share and employees got two shares upon being hired and one option a year. In addition to raising its lowest hourly rate to $15 an hour, Amazon is replacing stock awards with a direct stock purchase plan. Amazon is also ending its variable compensation pay program that added monthly bonuses based on performance. Amazon told CNBC, “We can confirm that all hourly Operations and Customer Service employees will see an increase in their total compensation as a result of this announcement. https://www.theverge.com/2018/10/3/17934194/amazon-minimum-wage-raise-stock-options-bonus-warehouse
Sunday, California Governor Jerry Brown signed a net neutrality bill into law that forbids ISPs from speeding up or slowing down certain kinds of content or charging companies to deliver their sites or apps faster. Within hours, the US Department of Justice filed for an injunction against the law on the grounds that the Internet operates across state lines and states cannot regulate interstate commerce. The California law would not go into effect until January 1st. http://fortune.com/2018/10/01/california-net-neutrality-trump-administration/
Saturday, Tesla CEO changed his mind and settled with US SEC over tweets about taking the company private. The SEC had filed a lawsuit claiming the tweets were fraud. Musk and Tesla will pay $20 million each in fines. An independent chairman will replace Musk on the board of directors and two independent directors will be added to the board. Musk will remain CEO and a separate investigation by the Department of Justice continues. http://fortune.com/2018/10/01/tesla-shares-soar-musk-sec-settlement/
Facebook says it discovered an attack that affected up to 50 million users. Attackers were able to exploit the "View as" feature to copy access tokens. Facebook says it has patched the vulnerability and logged out more than 90 million accounts to prevent any tokens from being used. Because only the tokens were accessed, Facebook says users do not need to change passwords. Law enforcement is investigating. https://www.engadget.com/2018/09/28/facebook-hack-exposed-info-on-up-to-50-million-users/
Facebook announced its investigations show that third-party services that use Facebook for login do not appear to be affected by copied tokens. Facebook revealed Friday that attackers were able to access login tokens for up to 50 million Facebook accounts. https://www.bbc.com/news/technology-45732071