Author Topic: PLA hackers - all j00r servers are belong to us  (Read 755 times)

P3nT4gR4m

  • Official SSOOKN Pariah
  • Deserved It
  • ****
  • Posts: 72463
  • I'm an artist now - isn't that depressing?
    • View Profile
    • fuck you
Not actually a meat product.
Ass-Kicking & Foot-Stomping Ancient Master of SHIT FUCK FUCK FUCK
Awful and Bent Behemothic Results of Last Night's Painful Squat.
High Altitude Haggis-Filled Sex Bucket From Beyond Time and Space.
Internet Monkey Person of Filthy and Immoral Pygmy-Porn Wart Contagion
Octomom Auxillary Heat Exchanger Repairman
walking the fine line line between genius and batshit fucking crazy

"computation is a pattern in the spacetime arrangement of particles, and it’s not the particles but the pattern that really matters! Matter doesn’t matter." -- Max Tegmark

chaotic neutral observer

  • An entirely Normal Person, who is Definitely not
  • Outlandish
  • ***
  • Posts: 3474
  • not a real discordian
    • View Profile
Re: PLA hackers - all j00r servers are belong to us
« Reply #1 on: October 07, 2018, 03:50:17 am »
There aren't nearly enough technical details provided in that article for my taste.  Something seems a bit off.

Quote from: Bloomberg
they looked more like signal conditioning couplers, another common motherboard component, than microchips, and so they were unlikely to be detectable without specialized equipment.

"Signal conditioning couplers" aren't, to my knowledge, common motherboard components.  I can't even think of why you would put one on a motherboard to begin with, let alone use it as a disguise.  A passive component isn't a good choice if you're attempting subterfuge of this type, since it wouldn't generally be connected in a way such that it can both harvest the power it needs, and also alter signals on the board.

It would be much simpler to implement (and harder to detect) if they used an active component.  For example, if they replaced the flash chip that contained the BIOS with another chip that appeared identical, but contained "special logic".  No extra component on the board, and more die area (chip real estate) to work with.  Or maybe they could just skip the fancy hardware altogether, and load the motherboard with an evil BIOS?

And you wouldn't need specialized equipment to detect this type of espionage; it whould be pretty obvious from the extra network traffic.  They said in the article that the device didn't have much memory, so it needed to get further instructions from the network.  That sort of traffic should set alarms off all over the place for any half-competent security admin.

The lack of corroboration is another red flag.  Severe, widespread security problems, when they're disclosed, tend to be widely confirmed (see: Meltdown, Heartbleed). That does not appear to be happening here.

It's possible that the article author didn't understand the material he was reporting, or was intentionally dumbing it down for his audience, but something here does not add up.  The described attack vector is simultaneously more difficult to implement than it needs to be, and too easy to detect.

The question of who would want to make up a story like this, and why, is above my pay grade left as an exercise for the reader.

Disclaimer:  I don't claim to be an expert on any of this stuff.
It took less than a week for this thread to go from “U.S. resistance politics” to “international spray cheese.”  --Brother Mythos

Cain

  • Alea iacta est
  • Chekha
  • Deserved It
  • ****
  • Posts: 106435
    • View Profile
Re: PLA hackers - all j00r servers are belong to us
« Reply #2 on: October 07, 2018, 04:56:36 pm »
You're right, there is some unresolved weirdness with this story.

The speculation is that this was fed to the reporter by US intelligence, that could explain some of the stuff you noted, how it sounds like they're trying to explai something they don't really understand themselves.

Secondly, I believe Apple was disputing aspects of this story.

Was this maybe leaked to gin up Trump's "cyberwarfare done by China to target me" arguments? 

Cain

  • Alea iacta est
  • Chekha
  • Deserved It
  • ****
  • Posts: 106435
    • View Profile
Re: PLA hackers - all j00r servers are belong to us
« Reply #3 on: October 09, 2018, 12:47:50 pm »
More on this from the DragosInc CEO

https://twitter.com/robertmlee/status/1049617855396933632?s=21

Quote
I found their technical knowledge to be insufficient in covering these stories. But they also claimed all sorts of anonymous sources - which I honestly assessed that they had and believed - about the situation in the BTC pipeline. The shared unpublished details with me

Quote
They claimed anonymous US intelligence community sources as well. Except I led the ICS threat discovery mission at the time at the NSA. And I had never heard of this attack being a cyber attack. The NSA doesn’t see everything but if the US IC is your source we would have.

Quote
In the end I was left with the assessment that the journalists were entirely well meaning individuals. I thought them to be honest and they did have the anonymous sources they claimed. But their capturing of the technical details and proclivity for conspiracy theories hurt them.

N E T

  • Turbo-Charged Marmoset of Inappropriate Public Displays of Horrid Affection
  • Deserved It
  • ****
  • Posts: 18547
    • View Profile
Re: PLA hackers - all j00r servers are belong to us
« Reply #4 on: October 25, 2018, 07:58:20 am »
Looks increasingly like a failed attempt to gin up anti-China/pro-nationalist sentiment.

“There are some defeats more triumphant than victories.” - M I C H E L   D E   M O N T A I G N E