It has now been two weeks without confirmation of Bloomberg’s reporting concerning a supply chain attack targeting SuperMicro motherboards from any news outlet.
Nicholas Weaver is a senior staff researcher focusing on computer security at the International Computer Science Institute in Berkeley, California, and Chief Mad Scientist/CEO/Janitor of Skerry Technologies, a developer of low cost autonomous drones. All opinions are his own.
Subscribe to this Lawfare contributor via RSS.
According to Jordan Robertson and Michael Riley in Bloomberg Businessweek, China has recently engaged in bulk supply-chain sabotage, corrupting thousands of servers on computers that end up in the server rooms of major U.S. companies such as Amazon or Apple, government systems and other locations around the planet.
On Aug. 4, as Venezuelan President Nicolas Maduro gave a speech in front of the ranks of the Venezuelan National Guard, two DJI Matrice M600 drones took to the sky. Each drone was armed with a little less than a kilogram of explosives, their operators seemingly intent on assassinating Maduro.
Glenn Greenwald released a photograph from the Snowden documents in May 2014 showing the National Security Agency covertly installing an implant in a Cisco router intercepted during shipping.
On May 13, the president tweeted:
President Xi of China, and I, are working together to give massive Chinese phone company, ZTE, a way to get back into business, fast. Too many jobs in China lost. Commerce Department has been instructed to get it done!
CTS Labs, an Israel-based hardware security company, released on Tuesday a whitepaper and website describing flaws they discovered in two lines of computer chips produced by the company AMD. CTS Labs hasn’t released the actual exploits and only describes the flaws in the EPYC and Ryzen processor lines in terms of high-level approach and capabilities. As is the current tradition, these flaws have all been given fancy names (RYZENFALL, MASTERKEY, FALLOUT and CHIMERA) with matching logos.
The Russian information-operation strategy can be summed up as “chaos monkeys”: agents seeking to destabilize the United States by exploiting fissures in our society. The Mueller indictments announced Friday show just one aspect. Guccifer 2.0 and WikiLeaks were another. And there is no indication that these efforts are over.