In a story carried by multiple news outlets Super Micro said it had some production versions of its servers examined by a third party vendor which proclaimed that there was no hardware added to the motherboard. Of course, that is what everyone expected, so it would not come as a surprise. You remember that Bloomberg reported twice some stories that suggested China's intelligence services had planted something in the servers, widely used by some big cloud companies. None of them wanted to hear that their servers had been compromised, especially by the Chinese.
We will never know the truth of any of this, either Bloomberg's version or the vendors affected and Super Micro. Neither have we seen a lawsuit against Bloomberg. That should say a lot. None of these vendors want to go into court with any possibility of "reasonable doubt" coming out at trial. I think all of them are wrong.
First of all, this should never have gotten to Bloomberg to make a story. It would have been very sensitive information and known only to a hand-full of people anywhere. Second, there are secrets that are made to be kept, something both business and government know. The companies involved should have said nothing and the story would have gone away. Instead, they went to the trouble of making public comments on it and suggesting Bloomberg withdraw the story. Bloomberg stuck to its guns and published more. That doesn't sound like an unfounded story.
Let's assume instead that the story Bloomberg published was accurate and somebody really did think Super Micro's hardware was compromised by having additional chips inserted in it. It isn't something a vendor could do much about. It would be hard to detect. All the truth would show is that we have something nobody wants in those computers and we can't really do anything about it until those servers are replaced. This is a major supply chain problem that won't go away because so much network equipment is made in China and China is not shy about putting software and hardware monitors in equipment used in China. They may have learned from that how effective that can be for other purposes.
The solution is to make equipment somewhere other than China, seal the hardware and use US components for maintenance. If the Chinese really did what they are accused of, we are not going to get out of it very soon. In the meantime do something to stop them from exploiting the device they put into the motherboards - if they did that. If not, sue Bloomberg.
No comments:
Post a Comment