Principia Discordia

Principia Discordia => Techmology and Scientism => Topic started by: P3nT4gR4m on October 05, 2018, 04:14:15 pm

Title: PLA hackers - all j00r servers are belong to us
Post by: P3nT4gR4m on October 05, 2018, 04:14:15 pm
Ouch! (
Title: Re: PLA hackers - all j00r servers are belong to us
Post by: chaotic neutral observer on October 07, 2018, 03:50:17 am
There aren't nearly enough technical details provided in that article for my taste.  Something seems a bit off.

Quote from: Bloomberg
they looked more like signal conditioning couplers, another common motherboard component, than microchips, and so they were unlikely to be detectable without specialized equipment.

"Signal conditioning couplers" aren't, to my knowledge, common motherboard components.  I can't even think of why you would put one on a motherboard to begin with, let alone use it as a disguise.  A passive component isn't a good choice if you're attempting subterfuge of this type, since it wouldn't generally be connected in a way such that it can both harvest the power it needs, and also alter signals on the board.

It would be much simpler to implement (and harder to detect) if they used an active component.  For example, if they replaced the flash chip that contained the BIOS with another chip that appeared identical, but contained "special logic".  No extra component on the board, and more die area (chip real estate) to work with.  Or maybe they could just skip the fancy hardware altogether, and load the motherboard with an evil BIOS?

And you wouldn't need specialized equipment to detect this type of espionage; it whould be pretty obvious from the extra network traffic.  They said in the article that the device didn't have much memory, so it needed to get further instructions from the network.  That sort of traffic should set alarms off all over the place for any half-competent security admin.

The lack of corroboration is another red flag.  Severe, widespread security problems, when they're disclosed, tend to be widely confirmed (see: Meltdown, Heartbleed). That does not appear to be happening here.

It's possible that the article author didn't understand the material he was reporting, or was intentionally dumbing it down for his audience, but something here does not add up.  The described attack vector is simultaneously more difficult to implement than it needs to be, and too easy to detect.

The question of who would want to make up a story like this, and why, is above my pay grade left as an exercise for the reader.

Disclaimer:  I don't claim to be an expert on any of this stuff.
Title: Re: PLA hackers - all j00r servers are belong to us
Post by: Cain on October 07, 2018, 04:56:36 pm
You're right, there is some unresolved weirdness with this story.

The speculation is that this was fed to the reporter by US intelligence, that could explain some of the stuff you noted, how it sounds like they're trying to explai something they don't really understand themselves.

Secondly, I believe Apple was disputing aspects of this story.

Was this maybe leaked to gin up Trump's "cyberwarfare done by China to target me" arguments? 
Title: Re: PLA hackers - all j00r servers are belong to us
Post by: Cain on October 09, 2018, 12:47:50 pm
More on this from the DragosInc CEO

I found their technical knowledge to be insufficient in covering these stories. But they also claimed all sorts of anonymous sources - which I honestly assessed that they had and believed - about the situation in the BTC pipeline. The shared unpublished details with me

They claimed anonymous US intelligence community sources as well. Except I led the ICS threat discovery mission at the time at the NSA. And I had never heard of this attack being a cyber attack. The NSA doesn’t see everything but if the US IC is your source we would have.

In the end I was left with the assessment that the journalists were entirely well meaning individuals. I thought them to be honest and they did have the anonymous sources they claimed. But their capturing of the technical details and proclivity for conspiracy theories hurt them.
Title: Re: PLA hackers - all j00r servers are belong to us
Post by: ńͤͣ̄ͦ̌̑͗͊͛͂͗ ̸̨̨̣̺̼̣̜͙͈͕̮̊̈́̈͂͛̽͊ͭ̓͆ͅé ̰̓̓́ͯ́́͞ on October 25, 2018, 07:58:20 am
Looks increasingly like a failed attempt to gin up anti-China/pro-nationalist sentiment.