DiscoWeb Message Boards
 

Go Back   DiscoWeb Message Boards > DiscoWeb Non-Technical Boards > General

General General BS

Reply
 
Thread Tools Display Modes
  #1  
Old 10-04-2018, 01:01 PM
SGaynor's Avatar
SGaynor SGaynor is online now
KN4KFS
Member
 
Join Date: Dec 2006
Location: Bristol, TN
Posts: 5,436
This is some scary shit:

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

Nested on the servers? motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn?t part of the boards? original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental?s servers could be found in Department of Defense data centers, the CIA?s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.

During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.

This attack was something graver than the software-based incidents the world has grown accustomed to seeing. Hardware hacks are more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get.
__________________
Scott

'03 HSE
Go Hokies! - Ut Prosim


Dangerous time when our country is led by those who will lie about anything, backed by those who will believe anything, based on information from media sources that will say anything. Americans must break out of that bubble and seek truth.
Reply With Quote
  #2  
Old 10-04-2018, 01:10 PM
SGaynor's Avatar
SGaynor SGaynor is online now
KN4KFS
Member
 
Join Date: Dec 2006
Location: Bristol, TN
Posts: 5,436
"Amazon’s security team conducted its own investigation into AWS’s Beijing facilities and found altered motherboards there as well, including more sophisticated designs than they’d previously encountered. In one case, the malicious chips were thin enough that they’d been embedded between the layers of fiberglass onto which the other components were attached, according to one person who saw pictures of the chips."

Damn. Damn, damn!

That's some impressive engineering - building them into the fiberglass circuit boards.
__________________
Scott

'03 HSE
Go Hokies! - Ut Prosim


Dangerous time when our country is led by those who will lie about anything, backed by those who will believe anything, based on information from media sources that will say anything. Americans must break out of that bubble and seek truth.
Reply With Quote
  #3  
Old 10-04-2018, 04:43 PM
Tugela's Avatar
Tugela Tugela is online now
Member
 
Join Date: May 2007
Location: Seattle
Posts: 3,897
I wish Land Rover had been that sophisticated in engineering the circuit boards in my Disco. My rear windows would work forever.
__________________
"Americans can always be counted on to do the right thing,
once they have exhausted the alternatives." Winston Churchill


1998 Discovery LSE
1993 Range Rover County Sport
Global Exploration and Recovery, LLC
Reply With Quote
  #4  
Old 10-04-2018, 04:56 PM
jim-00-4.6's Avatar
jim-00-4.6 jim-00-4.6 is offline
Keyboard Pounder II
 
Join Date: Sep 2005
Location: Genesee, CO USA
Posts: 2,009
Quote:
Originally Posted by Tugela View Post
I wish Land Rover had been that sophisticated in engineering the circuit boards in my Disco. My rear windows would work forever.
My P38 had an abacus.
Well, several of them.
As long as the beads didn't slide around too much, even the air suspension worked correctly.
__________________
Jim

Do sharks complain about Monday? No.
They're up early, biting shit, chasing stuff, being scary,
reminding everyone that they are a fucking shark.
Reply With Quote
  #5  
Old 10-08-2018, 08:19 PM
salvvia's Avatar
salvvia salvvia is offline
Member
 
Join Date: May 2005
Location: BIG WHEEL ROVN IN KNOXVEGAS TN.
Posts: 726
Member Trucks
Does any one else have any more info on this keep it on the table
__________________
don't stop talking its your only way OUT!©
IF YOU FEAR DYING THEN YOU ARE ALREADY DEAD
[I]96 se7 up on 255 70s bashin a rvrtym
90 RRC/gone
Reply With Quote
  #6  
Old 10-08-2018, 09:07 PM
kennith kennith is online now
Member
 
Join Date: Apr 2004
Location: North Carolina
Posts: 9,416
Quote:
Originally Posted by salvvia View Post
Does any one else have any more info on this keep it on the table
Sure...

1: That person.

2: Someone who was there.

3: An official.

4: Top representatives.

5: People.

Didn't you read the article?

Regardless, it's not something that's unprecedented. Billed as the "cutting edge of the cutting edge" in the article, it's nowhere near as clever as that, nor as modern. This has been around for a very, very long time.

Hardware-level tampering is the pinnacle of proper hacking; in that it's still possible today. It is possible, however, because it is not actually overly complicated once you're in charge of the fucking factory making the parts.

At that point, it's pretty much idiot-proof. With all the parts going in and out of server farms, one cannot check everything. They can check most things, but not everything. That's why the practice has never died out.

Just a few weeks ago I was asked how I'd accomplish a similar level of access, and my response was the same damned thing: Force a manufacturer to inject compromised technology into their supply line, and cause it to be physically activated on-site.

How? Use a largely standardized part with many iterations and constant development sample alterations. This will buffer the time required to deploy and employ the breach.

Hardware access is about the lowest of lowest level computer trickery (that means deeper and more hardware-specific; not less complicated), but it's only going to work so long before software updates expecting certain behaviors begin to experience errors out of the realm of general possibility.

Time's up once you run out of codes, and people start x-raying every other "failed" board.

We expect microcode to simply "work". If problems are encountered, every other level is going to be examined first.

It's simple, it's brilliant (in that the people who would have done such a thing knew damned well nobody would be looking that close), but it's traceable, as noted in the article. You already know that when going in. The operation is finite. You have "X" amount of time to infiltrate and activate the code, or cause it to be activated by expected operating environment behavior; which in my estimation would be the preferred method of activation.

Use that time wisely.

Cheers,

Kennith
__________________
Life is too serious to be taken seriously.

I own a magical island.
Reply With Quote
  #7  
Old 10-09-2018, 07:07 AM
ezzzzzzz ezzzzzzz is offline
Member
 
Join Date: Apr 2010
Location: SE Va
Posts: 568
Proper firewalls and administration of same are used to stop this type of infiltration. Records would show a particular PC or server sending out packets to a given address. Algorithms would alert the admin. A good admin would see the traffic pattern anyhow. The firewall would not allow the specific IP to be seen in the outside world and any hacking attempts would be found, again by algorithms or a good admin, and blocked. I gave 22 years in IT and cybersecurity for the DoD. This nothing new and hardly a threat unless there is no boundary. The biggest threat is and always has been the insider walking out with data.
Reply With Quote
  #8  
Old 10-09-2018, 11:26 AM
kennith kennith is online now
Member
 
Join Date: Apr 2004
Location: North Carolina
Posts: 9,416
Quote:
Originally Posted by ezzzzzzz View Post
Proper firewalls and administration of same are used to stop this type of infiltration. Records would show a particular PC or server sending out packets to a given address. Algorithms would alert the admin. A good admin would see the traffic pattern anyhow. The firewall would not allow the specific IP to be seen in the outside world and any hacking attempts would be found, again by algorithms or a good admin, and blocked. I gave 22 years in IT and cybersecurity for the DoD. This nothing new and hardly a threat unless there is no boundary. The biggest threat is and always has been the insider walking out with data.
That's mostly accurate.

I was specifically asked how I'd go about remotely damaging a server in the thought experiment presented. Nothing else needed to happen, so it was a pretty simple affair to invent a scenario.

In the examples they're giving, it depends on what boards were affected and how they were used, in regard to whether or not any information would be retrievable remotely. There are about a million and one ways to do it without ever interacting with a firewall or causing any notifications to be sent; but you're going in different directions with each.

The weak link is always the human, though; and in that industry, it's easy to score as many as you need.

I'd wager that, if this did happen, these were installed for future physical access. That makes the most sense. Pepper server farms with them, and then go after whatever it is you want. You don't have to do it that way, but less information about the site is required to get the job done.

It could just be a drag net situation, but that's not an entertaining discussion for the same reason nobody carries a .22 in a zombie film.

Cheers,

Kennith
__________________
Life is too serious to be taken seriously.

I own a magical island.
Reply With Quote
  #9  
Old 10-09-2018, 12:05 PM
ERover82's Avatar
ERover82 ERover82 is offline
Member
 
Join Date: Nov 2011
Location: Darien Gap
Posts: 2,871
Quote:
Originally Posted by kennith View Post
In the examples they're giving, it depends on what boards were affected and how they were used, in regard to whether or not any information would be retrievable remotely. There are about a million and one ways to do it without ever interacting with a firewall or causing any notifications to be sent; but you're going in different directions with each.
How is information going to be transferred without using the network? Wireless isn't an option. USB sticks wouldn't need a hidden chip, and would be obvious. There's only a couple pathways for data to enter or exit a computer, or a network. Even a disguised gateway would be subject to network snooping/security tools.
Reply With Quote
  #10  
Old 10-09-2018, 12:18 PM
p m p m is offline
AK6PM
Administrator
 
Join Date: Apr 2004
Location: La Jolla, CA
Posts: 14,039
Quote:
Originally Posted by ezzzzzzz View Post
Proper firewalls and administration of same are used to stop this type of infiltration. Records would show a particular PC or server sending out packets to a given address. Algorithms would alert the admin. A good admin would see the traffic pattern anyhow. The firewall would not allow the specific IP to be seen in the outside world and any hacking attempts would be found, again by algorithms or a good admin, and blocked. I gave 22 years in IT and cybersecurity for the DoD. This nothing new and hardly a threat unless there is no boundary. The biggest threat is and always has been the insider walking out with data.
And this is exactly how it was discovered, by Apple and by Amazon. They do have good IT people, and a lot of it.
However...
The chip may lay dormant for a long time, and become active for a few millisecond to reset, say, admin credentials. The attack (or data grab) can then happen from a benign, non-blocked, non-monitored IP address/port combination. It does not take a long time to inflict considerable damage.

To have an idea of IP traffic to/from a regular home computer, get yourself a copy of Wireshark and enjoy the show.
__________________
There is a fine line between being an idiot and thinking outside the box with a touch of apathy - RobertF
Reply With Quote
  #11  
Old 10-09-2018, 12:23 PM
kennith kennith is online now
Member
 
Join Date: Apr 2004
Location: North Carolina
Posts: 9,416
Quote:
Originally Posted by ERover82 View Post
How is information going to be transferred without using the network? Wireless isn't an option. USB sticks wouldn't need a hidden chip, and would be obvious. There's only a couple pathways for data to enter or exit a computer, or a network. Even a disguised gateway would be subject to network snooping/security tools.
That's not something I'm going to get into here, but I promise you can figure out a few if you put your mind to it.

You're just thinking too far up the ladder. We all do nowadays.

Cheers,

Kennith
__________________
Life is too serious to be taken seriously.

I own a magical island.
Reply With Quote
  #12  
Old 10-09-2018, 01:03 PM
Ballah06's Avatar
Ballah06 Ballah06 is online now
Member
 
Join Date: Jan 2007
Location: Savannah, GA
Posts: 5,560
Quote:
Originally Posted by ezzzzzzz View Post
Proper firewalls and administration of same are used to stop this type of infiltration. Records would show a particular PC or server sending out packets to a given address. Algorithms would alert the admin. A good admin would see the traffic pattern anyhow. The firewall would not allow the specific IP to be seen in the outside world and any hacking attempts would be found, again by algorithms or a good admin, and blocked. I gave 22 years in IT and cybersecurity for the DoD. This nothing new and hardly a threat unless there is no boundary. The biggest threat is and always has been the insider walking out with data.
Problem w 'regular' DoD IT and programs they use, at least from an IT outsider but user perspective, it's just the amount of barriers that it takes to get stuff done. Not talking even about complex issues, but even simple things. It's like you are stuck in first gear non-stop. Go to the G6 and keep filling out forms... Want unimproved software? Act of God... Tons of contractors and GS types who seemingly know nothing about IT who are the 'go to'. Sorry for venting.
__________________
2004 G4 (Sold and regularly missed...)



"I have come here to chew bubblegum and kick ass ... and I'm all out of bubblegum."
Reply With Quote
  #13  
Old 10-09-2018, 01:39 PM
ERover82's Avatar
ERover82 ERover82 is offline
Member
 
Join Date: Nov 2011
Location: Darien Gap
Posts: 2,871
Quote:
Originally Posted by kennith View Post
That's not something I'm going to get into here, but I promise you can figure out a few if you put your mind to it.

You're just thinking too far up the ladder. We all do nowadays.

Cheers,

Kennith
You watch too many movies. The way it was detected was down the ladder, back on earth.
Reply With Quote
  #14  
Old 10-09-2018, 03:22 PM
kennith kennith is online now
Member
 
Join Date: Apr 2004
Location: North Carolina
Posts: 9,416
Quote:
Originally Posted by ERover82 View Post
You watch too many movies. The way it was detected was down the ladder, back on earth.
Man, I've had enough of your shit. You're a fucking moron.

Read my post again. I literally just told you that you're thinking too high up.

I figured we just disagreed on flashlights and I was having fun with it, but if this is your response to my post, you have no critical thinking ability whatsoever.

This is NOT a subject that should be explored here. Period. If you can't be bothered to do it yourself, you will remain ignorant and clearly illiterate.

Now, that may be a personal deficit. You may have some learning disability. That's fine, but don't give other people advice, or enter conversations for which you are intellectually unprepared.

Cheers,

Kennith
__________________
Life is too serious to be taken seriously.

I own a magical island.
Reply With Quote
  #15  
Old 10-09-2018, 04:12 PM
ERover82's Avatar
ERover82 ERover82 is offline
Member
 
Join Date: Nov 2011
Location: Darien Gap
Posts: 2,871
I'm critically thinking about your unsubstantiated bold claims.

Maybe you're thinking along these lines:
https://www.wired.com/2017/02/malwar...-blinking-led/
https://www.wired.com/2016/07/radio-...ess-keyboards/
https://people.eecs.berkeley.edu/~ty...s.preprint.pdf

You're vague, so who knows.
Reply With Quote
  #16  
Old 10-09-2018, 04:33 PM
ERover82's Avatar
ERover82 ERover82 is offline
Member
 
Join Date: Nov 2011
Location: Darien Gap
Posts: 2,871
Hopefully you share just one of those "million" ways to transfer information undetected. While you're at it, you recently claimed USB sucks in another thread. Genuinely interested.
Reply With Quote
  #17  
Old 10-09-2018, 05:26 PM
kennith kennith is online now
Member
 
Join Date: Apr 2004
Location: North Carolina
Posts: 9,416
Quote:
Originally Posted by ERover82 View Post
Hopefully you share just one of those "million" ways to transfer information undetected. While you're at it, you recently claimed USB sucks in another thread. Genuinely interested.
I ain't sharing that publicly, or even privately beyond a select few people. You'll need to read up on the fundamentals on how computers actually function and take it from there.

As for USB, in a nutshell:

1: It's only good for about six feet before you have to get clever.

2: This is changing somewhat, but the connectors suck. For twenty fucking years or so we've all had to attempt to plug them in three times before we get it right.

3: Despite promises, even to this day it doesn't function overly well without a modern operating environment.

4: It's highly bandwidth limited. There have been better ways to handle this stuff. Now, that's improving as well, but when it takes this long, you've got a bad innovation.

5: The "universal" aspect isn't always so "universal".

6: I don't care how much technology they squeeze in there, you just need more copper than that for a reliable connection. The tiny connectors, while acceptable for phones and things of that nature, do not allow for fat enough wire.

It basically sucks for the same reasons HDMI sucks.

Cheers,

Kennith
__________________
Life is too serious to be taken seriously.

I own a magical island.
Reply With Quote
  #18  
Old 10-09-2018, 05:28 PM
kennith kennith is online now
Member
 
Join Date: Apr 2004
Location: North Carolina
Posts: 9,416
Quote:
Originally Posted by ERover82 View Post
I'm critically thinking about your unsubstantiated bold claims.

Maybe you're thinking along these lines:
https://www.wired.com/2017/02/malwar...-blinking-led/
https://www.wired.com/2016/07/radio-...ess-keyboards/
https://people.eecs.berkeley.edu/~ty...s.preprint.pdf

You're vague, so who knows.
Not too many people know, and that's the point. They could know, but they have no reason to even consider it.

You're still barking up the wrong tree, and that's the last thing I'll say on the subject.

Cheers,

Kennith
__________________
Life is too serious to be taken seriously.

I own a magical island.
Reply With Quote
  #19  
Old 10-10-2018, 06:15 AM
AbnMike AbnMike is offline
Member
 
Join Date: Apr 2016
Location: Morgantown, WV
Posts: 732
Member Trucks
So have we bombed China to teach them a lesson or did we just write hand wringing articles?
__________________
-------------------------------------
(I like old, unreliable stuff that keeps me from spending too much time surfing porn)
Reply With Quote
  #20  
Old 10-10-2018, 08:51 AM
kennith kennith is online now
Member
 
Join Date: Apr 2004
Location: North Carolina
Posts: 9,416
Quote:
Originally Posted by AbnMike View Post
So have we bombed China to teach them a lesson or did we just write hand wringing articles?
No telling what happened or didn't happen.

That Bloomberg "report" followed the popular "I heard it from my sister's cousin's hairdresser" model.

Just because it can be done doesn't mean it was done.

Hell, for all we know it's a security feature.

Cheers,

Kennith
__________________
Life is too serious to be taken seriously.

I own a magical island.
Reply With Quote
  #21  
Old 10-10-2018, 10:43 AM
SGaynor's Avatar
SGaynor SGaynor is online now
KN4KFS
Member
 
Join Date: Dec 2006
Location: Bristol, TN
Posts: 5,436
Quote:
Originally Posted by AbnMike View Post
So have we bombed China to teach them a lesson or did we just write hand wringing articles?
Last I checked, Bloomberg, Apple and Amazon don't own B52s.

But remember: America First!
__________________
Scott

'03 HSE
Go Hokies! - Ut Prosim


Dangerous time when our country is led by those who will lie about anything, backed by those who will believe anything, based on information from media sources that will say anything. Americans must break out of that bubble and seek truth.
Reply With Quote
  #22  
Old 10-10-2018, 11:32 AM
kennith kennith is online now
Member
 
Join Date: Apr 2004
Location: North Carolina
Posts: 9,416
Quote:
Originally Posted by SGaynor View Post
Last I checked, Bloomberg, Apple and Amazon don't own B52s.

But remember: America First!
Nothing wrong with propping someone up after cutting them down. It's been done for thousands of years.

You have a chance to redirect their interests for your own benefit.

Now, whether or not that happens is for the future to determine, but we have all of human history as precedent.

Cheers,

Kennith
__________________
Life is too serious to be taken seriously.

I own a magical island.
Reply With Quote
  #23  
Old 10-10-2018, 01:18 PM
ERover82's Avatar
ERover82 ERover82 is offline
Member
 
Join Date: Nov 2011
Location: Darien Gap
Posts: 2,871
Quote:
Originally Posted by kennith View Post
I ain't sharing that publicly, or even privately beyond a select few people. You'll need to read up on the fundamentals on how computers actually function and take it from there.

As for USB, in a nutshell:

1: It's only good for about six feet before you have to get clever.

2: This is changing somewhat, but the connectors suck. For twenty fucking years or so we've all had to attempt to plug them in three times before we get it right.

3: Despite promises, even to this day it doesn't function overly well without a modern operating environment.

4: It's highly bandwidth limited. There have been better ways to handle this stuff. Now, that's improving as well, but when it takes this long, you've got a bad innovation.

5: The "universal" aspect isn't always so "universal".

6: I don't care how much technology they squeeze in there, you just need more copper than that for a reliable connection. The tiny connectors, while acceptable for phones and things of that nature, do not allow for fat enough wire.

It basically sucks for the same reasons HDMI sucks.

Cheers,

Kennith
Understandable concerns. It was a hell of an improvement over earlier PC interface connectors and became an outdated victim of its own success. Consumers don't like change and tech companies can't agree on standards. For distances up to 50ft, we've had success using active cables. For longer distance we've used fiber, UTP, and network based bridges. Hard to expect consumer tech to go those lengths without extra work.
Reply With Quote
  #24  
Old 10-10-2018, 03:37 PM
kennith kennith is online now
Member
 
Join Date: Apr 2004
Location: North Carolina
Posts: 9,416
Quote:
Originally Posted by ERover82 View Post
Understandable concerns. It was a hell of an improvement over earlier PC interface connectors and became an outdated victim of its own success. Consumers don't like change and tech companies can't agree on standards. For distances up to 50ft, we've had success using active cables. For longer distance we've used fiber, UTP, and network based bridges. Hard to expect consumer tech to go those lengths without extra work.
I've got some active cables, but they do hiccup on occasion, especially before the drivers load into memory. It's better than nothing, though. I've got a sixteen foot active cable running the Ducky Shine 3 keyboard I'm using right now, and it does drop out and require cycling every now and again.

People would say just stick it in a 3.0 port. Hell, those are less reliable than 2.0. It's a mess.

If they amped up the power and used D-sub connectors, I'd be less prone to griping about it. Larger wire could be used. Smaller connectors work fine for phones, but there's no reason to rely on the same connectors for everything else.

The connectors are the main limiting factor of USB. If you fattened up the cable, you'd clean out most of the issues. You'd still have trouble with it outside of a modern operating environment, but the tech running it could be made more robust, thus mitigating the issue somewhat.

Miniaturization has caused many headaches, and many proprietary standards and regulations. HDMI fucked everyone. Sony owns anything that goes through those cables, and they suck. People think it's the only way to pass HD video from one device to another...

Hell, that video is delivered to hundreds of houses on their street via coaxial cable; audio and all. Any cable could have been used, and any connector; same as USB. Pump it up enough and you can use coat hangers.

An example would be your converters for longer runs. They work just fine, and are limited only by the USB standard itself. There is absolutely nothing special about USB or HDMI.

The standards can use any cable or connector implemented, and yet we spent nearly twenty five years bitching before someone finally realized it would be a good idea to at least have one that plugged in both ways.

It still sucks, but at least it doesn't take three tries to get it in there.

I loved DVI, though. It needed work, but it had everything it required to succeed in place of HDMI. I even designed a nice connector to replace the USB stuff at one point. It was only half again as large, and far better cable was possible.

Nobody in the industry cared. I did try, though. When I gripe, I don't just run my mouth. I do attempt to change things as best I can.

Cheers,

Kennith
__________________
Life is too serious to be taken seriously.

I own a magical island.
Reply With Quote
  #25  
Old 10-15-2018, 06:02 PM
az_max's Avatar
az_max az_max is offline
Asshole Extrordinaire
 
Join Date: Apr 2005
Posts: 7,434
__________________
Vote out all Incumbents
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
97 D-90 Built mightymg Vehicles For Sale 4 06-06-2013 10:32 AM
95 LWB...Built lynchee Parts For Sale 6 02-12-2012 03:46 PM
Built 99 SD kalix Vehicles For Sale 22 11-05-2009 11:21 AM
Built 98 D1 brookhaven Vehicles For Sale 14 07-25-2008 02:35 PM
Anyone built a hot rod? neil30076 General 9 07-26-2006 03:40 PM

» Log in
User Name Not a member yet?
Register Now!
Password
» Today's Birthdays
rufnit (46)
Powered by vBadvanced CMPS v3.2.3

All times are GMT -4. The time now is 09:08 PM.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2018, vBulletin Solutions Inc.
Copyright 2000 - 2015, DiscoWeb.org. All rights reserved.

Garage Plus vBulletin Plugins by Drive Thru Online, Inc.