Bloomberg: Super Micro motherboards used by Apple, Amazon contained Chinese spy chips

Super Micro, Amazon, and Apple deny everything in the report.

Article intro image

(credit: Wikipedia)

Tiny Chinese spy chips were embedded onto Super Micro motherboards that were then sold to companies in the US, including Amazon and Apple, reports Bloomberg. The report has attracted strenuous denials from Amazon, Apple, and Super Micro.

Bloomberg claims that the chips were initially and independently discovered by Apple and Amazon in 2015 and that the companies reported their findings to the FBI, prompting an investigation that remains ongoing. The report alleges that the tiny chips, disguised to look like other components or even sandwiched into the fiberglass of the motherboards themselves, were connected to the management processor, giving them far-reaching access to both networking and system memory. The report says that the chips would connect to certain remote systems to receive instructions and could then do things like modify the running operating system to remove password validation, thereby opening a machine up to remote attackers.

The boards were all designed by California-based Super Micro and built in Taiwan and China. The report alleges that operatives masquerading as Super Micro employees or government representatives approached people working at four particular factories to request design changes to the motherboards to include the extra chips. Bloomberg further reports that the attack was made by a unit of the People's Liberation Army, the Chinese military.

Read 3 remaining paragraphs | Comments

The DNC keeps the Watergate file cabinet next to server hacked by Russia

The basement of the Democratic National Committee’s Washington, DC, headquarters holds one of the most fitting images to come out of the hacks that dogged Democrats in the 2016 presidential election. On the left: a 1960s era file cabinet that wa…

The basement of the Democratic National Committee's Washington, DC, headquarters holds one of the most fitting images to come out of the hacks that dogged Democrats in the 2016 presidential election. On the left: a 1960s era file cabinet that was jimmied open during the 1972 Watergate break-in. On the right: a DNC server that was hacked by what the US intelligence community says were Russian operatives.

The photo is from an 8,300-word New York Times article about how two separate Russian government groups hacked the DNC. The hacks first came to light in June, and the rough outline is well known. For months, the intruders had free reign over the DNC's computers. Over time, the Russians extended their reach into the Gmail accounts of Clinton campaign chairman John Podesta, former secretary of State Colin Powell, and others. The series of DNC blunders, bordering on ineptitude, that allowed the attacks to succeed has been well documented. Those blunders are now coming into sharper focus.

Like the feeble filing cabinet, the shortcomings exposed in the New York Times' blow-by-blow account show just how ineffective and doomed the DNCs's defenses were against a much-better organized adversary. Equally important, the report reveals how a "series of missed signals, slow responses, and a continuing underestimation of the seriousness of the cyberattack"—apportioned in almost equal parts by members of the FBI, the DNC, and the Clinton campaign—allowed the hacking drama to play out.

Read 3 remaining paragraphs | Comments

AdultFriendFinder hacked: 400 million accounts exposed

Enlarge
AdultFriendFinder has been hacked, revealing the account details of more than 400 million people who would undoubtedly prefer to keep their identities private on the “world’s largest sex and swinger community” site.
The hacked database—wh…

Enlarge

AdultFriendFinder has been hacked, revealing the account details of more than 400 million people who would undoubtedly prefer to keep their identities private on the "world's largest sex and swinger community" site.

The hacked database—which appears to be one of the largest ever single data breaches in history—apparently contains account details for numerous adult properties belonging to the California-based Friend Finder Network, and includes customers' e-mail addresses, IP addresses last used to log-in to the site, and passwords.

According to data breach notification site LeakedSource.com, the passwords were either kept in plain text format, or used the largely discredited SHA1 hashing algorithm. It claimed to have cracked 99 percent "of all available passwords" which "are now visible in plaintext."

Read 6 remaining paragraphs | Comments

Dropbox hackers stole e-mail addresses, hashed passwords from 68M accounts

“Scope of password reset completed last week protected all impacted users,” says Dropbox.

(credit: Jim Barton)

Dropbox hurriedly warned its users last week to change their passwords if their accounts dated back prior to mid-2012. We now know why: the cloud-based storage service suffered a data breach that's said to have affected more than 68 million accounts compromised during a hack that took place roughly four years ago.

The company had previously admitted that it was hit by a hack attack, but it's only now that the scale of the operation has seemingly come to light.

Tech site Motherboard reported—citing "sources in the database trading community"—that it had obtained four files, totalling 5GB in size, which apparently contained e-mail addresses and hashed passwords for 68,680,741 Dropbox users.

Read 7 remaining paragraphs | Comments