October 14, 2018

Wow!

Jerry Miculek takes his trusty Barret M-82 "Light .50" against body armor. This seems pretty pointless, as an anti material rifle against a foam chest plate light enough to be used in a life preserver is not even a....Wait. What!



M-82 Tan seems to be taking it well. 

 Art, by Saru.


Posted by: The Brickmuppet at 12:04 AM | Comments (2) | Add Comment
Post contains 52 words, total size 1 kb.

October 13, 2018

Well, That's Not Good.

In addition to the already horrific news regarding the aftermath of Hurricane Michael,  there is a report that the Air-Force may have lost as many as 22 of its currently irreplaceable F-22 stealth fighters when Hurricane Michael flattened most of Tyndall AFB. While the initial report is from the New York Times,  there is photographic evidence of at least one Raptor destroyed and Air Force Magazine is reporting much the same story albeit with a smaller number of fighters (12 as opposed to 22). Given that we can't MAKE the things anymore, this is bad news regardless. 

Posted by: The Brickmuppet at 09:28 PM | Comments (4) | Add Comment
Post contains 101 words, total size 2 kb.

October 08, 2018

Follow Up

Regarding that Bloomberg Story about the hardware hacking that is alleged to have affected 30 companies and the U.S. military.. Here's a video of Jordan Robertson, one of the story's authors, being interviewed by...Bloomberg.


Interestingly, one of the Bloomberg anchors asks Robertson some very pointed questions regarding various details in the first two minutes or so. 
Robertson keeps referencing Snowden.

Note that the DHS is saying that there is no reason to doubt the denials of the companies implicated as being hacked in the report. Which is a way of saying "No!" that allows all sorts of deniability down the road. 

For a story as potentially explosive as this is, it hasn't been getting a lot of coverage over here past the initial flurry of interest,  but it is reportedly making some waves in Asia.  Note, that to the best of my Googling however,  as of 4 days later, no one has produced a single rice grain sized spy chip. 

However, there IS an interview in NY Mag with a guy who wrote a techno thriller based on the concept. 


"Sourcing may be thin."

Posted by: The Brickmuppet at 12:23 PM | Comments (2) | Add Comment
Post contains 186 words, total size 2 kb.

October 04, 2018

Are we Surprised? No. (UPDATED)

Are we terrified concerned?


Yes.

It appears that there has been a hack involving at least 30 companies, as well as the D.O.D and C.I.A.

Worse, it's a hardware issue. 

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.
During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.
This attack was something graver than the software-based incidents the world has grown accustomed to seeing. Hardware hacks are more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get.


One can assume that this is NOT an isolated incident. This is probably one of many, and  one can infer that very little is now beyond the reach of the CCP. On a global level, it is very likely that all those Chinese funded infrastructure projects in Oceana, Latin America, Africa and South Asia are riddled with similar, and perhaps more hard to detect bugs, possibly embedded into the very structures of the facillities.  

Pretty much every technical advancement made by compromised companies as well as state and military secrets can now be assumed to be in China's possession.

This doesn't mean they know them all yet. The sheer quantity of data that China must now have to sift through is daunting, and to be useful needs to be looked at by people who have enough knowledge in the given subject matter and sufficient imagination to be able to recognize something's merits. Encryption is a further obstacle. However, they probably have at least as big an edge on our Military as we had over the Japanese and German's after breaking or acquiring their respective codes in WW2.

This turn of events should not be the least bit surprising given that our self anointed aristocracy has off-shored much of our electronics manufacture to China (because slave labor is so cheap). Well, as we learned from Google & Facebook, if one finds something exceedingly cheap, one might well be the product.

Of course, knowing is the first step to fixing, so it should be pretty straightforward to correct this right?


Fixing this is beyond daunting.  The expense of pulling out all the old circuit boards is going to be phenomenal and replacing them is subject to the same issue. The complexities of the global supply chain means that tracking down not just the manufacturers, but subcontractors, will be next to impossible. 
Going forward, we may need to have some blockchain certification for all our electronic components, certainly for D.O.D. related applications. This is a sufficient breach of trust with sufficiently troubling ramifications that it ought to remove some of the opposition to restrictions on imports from the Middle Kingdom. 

If oughts were dollars though we would have no debt.

This is outside my ballywick, so I eagerly look forward to the perspectives of commenters on this mess. 

UPDATE: In the comments section, Pixy Misa is expressing considerable skepticism. Pixy is the owner and administrator of the Mee.Nu domain (Praise the lathe of the maker!) and an IT professional himself. He has an extensive disquisition on this topic over at his place that you should read in full

Now. Answer the following question. Did you read Pixy's post?

No: Go back and read it.
Yes: Proceed.

I found the story credible because I already have concerns about China and spying. That something like this could be done seems completely plausible.

However, all other sources I've looked at since posting this have been either rewritten versions of, or link back to, the Bloomberg article with no additional info. The Bloomberg article is anonymously sourced. 

One thing I had not fully grokked, but Pixy mentions extensively, is how LONG this story has been in development. 

The Gell-Mann Amnesia Effect is a very real thing.

To Wit: The following excerpt from the article on the nuts and bolts of the alleged hack sounds plausible to me, partly because it comports with my limited understanding of how these systems work, but mainly because the words, Dilithium, turbo-encabulator, and Midichloreans do not appear anywhere in it. 

Officials familiar with the investigation say the primary role of implants such as these is to open doors that other attackers can go through. "Hardware attacks are about access,” as one former senior official puts it. In simplified terms, the implants on Supermicro hardware manipulated the core operating instructions that tell the server what to do as data move across a motherboard, two people familiar with the chips’ operation say. This happened at a crucial moment, as small bits of the operating system were being stored in the board’s temporary memory en route to the server’s central processor, the CPU. The implant was placed on the board in a way that allowed it to effectively edit this information queue, injecting its own code or altering the order of the instructions the CPU was meant to follow. Deviously small changes could create disastrous effects.
Since the implants were small, the amount of code they contained was small as well. But they were capable of doing two very important things: telling the device to communicate with one of several anonymous computers elsewhere on the internet that were loaded with more complex code; and preparing the device’s operating system to accept this new code. The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off.
This system could let the attackers alter how the device functioned, line by line, however they wanted, leaving no one the wiser.  

In the comments, Pixy (who, again, does IT for a living) seemed spectacularly unimpressed with the plausibility of this scenario. 

Over at Medium, one of those linked to in Pixy's piece on the subject has objections , but they are mostly about how on earth this would have been detected, as it would have been an insanely comprehensive audit to detect this. However, he closes with this...
For me, Bloomberg’s article could go either way. The logic of backdooring the BMC makes a lot of sense. Whether it happened in this case — given all the categorical denials — I have no idea.

I will go so far as to say that I think something along these lines is likely to happen at some point, however, if this story does turn out to be bunk then Bloomberg will, via the cry wolf effect will have facilitated the very thing they pretended to report on.

This story is looking sketchy, but for now, we await more info....

Posted by: The Brickmuppet at 07:37 PM | Comments (11) | Add Comment
Post contains 1238 words, total size 10 kb.

<< Page 1 of 1 >>
50kb generated in CPU 0.1066, elapsed 0.4669 seconds.
70 queries taking 0.454 seconds, 233 records returned.
Powered by Minx 1.1.6c-pink.