The Chinese are hacking again

[MMaRsu]

https://www.bloomberg.com/businessweek

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.

During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.

This attack was something graver than the software-based incidents the world has grown accustomed to seeing. Hardware hacks are more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get.

Shit is getting crazy

[Nabbis]

Make shit in China and expect not to get fucked brehs.

[Great Rumbler]

What does it say about our intelligence agencies, and tech companies, that they seemingly never even considered that this might be possible until it was uncovered by accident?

[Tasty]

I don't see Google mentioned, Q.E.D.

[Akala]

The bit about the second gen chips is neat as well. By neat I mean scary, but phones are listening to you 24/7 and people install internet-enabled speakers and cameras all over their houses anyway. The future is not what we were promised.

As an aside, working with the various global supply chains, I've always found it funny how common it is that local(US) shops have a blanket superiority complex over the foreign plants. There is still a stigma that they are all just cheap knock-offs. I mean yeah, there are tons of plants that don't give a shit, but the leading edge moved over there some time ago. 

[Kara]

https://www.washingtonpost.com/news/the-switch/wp/2017/03/07/why-the-cia-is-using-your-tvs-smartphones-and-cars-for-spying/

[CatsCatsCats]

Just think of all the advancements in ai that will be made as they try to manage all that data tho

[Rufus]

They're just playing catch-up:
https://en.wikipedia.org/wiki/Dual_EC_DRBG
https://en.wikipedia.org/wiki/Intel_Management_Engine

It's safe to assume that everyone's shit is backdoor'd.

[kingv]

They're just playing catch-up:
https://en.wikipedia.org/wiki/Dual_EC_DRBG
https://en.wikipedia.org/wiki/Intel_Management_Engine

It's safe to assume that everyone's shit is backdoor'd.

Correction, everyone on the bore has been back doored

[Madrun Badrun]

Just think of all the advancements in ai that will be made as they try to manage all that data tho

Kinda.  I think almost all that data and stuff like PRISM is mostly useless for predictive counter-terrorism.  Its just way too noisy and unstructured to be useful for any current ai tech.  Also, I doubt that super secret data will help push the field just due to the fact that such a small number of people will be able to work with it.

My guess is that most of this kind of data is most useful just sitting around in a database only to be used if a specific person is already under suspicion.       

Where the kinda comes in is that governments are throwing a shit ton of money into ai right now mostly on the promise that we can make use of a lot of data (this is especially true of medical ai right now)

[Rufus]

A whole new world of denying healthcare coverage is upon us.

[Momo]

Didnt Amazon call this article bullshit?


EDIT: Yup
https://www.bbc.com/news/technology-45757531

[Coax]

Didnt Amazon call this article bullshit?


EDIT: Yup
https://www.bbc.com/news/technology-45757531

'We totally didn't find any malicious spying chip on our servers nor covered it up internally to protect from market panic.'

That said, reading HN comments on this there are automated x-ray scans of such boards to pick up on anomalies for this reason. Wouldn't be surprised if it's true though.

[Momo]

I'm more likely to believe amazon than US media when in comes to this.

[Coax]

Looking at some more recent comments saw this tidbit taken from from a 2016 Ars article on Apple designing their own servers.

"Apple has long suspected that servers it ordered from the traditional supply chain were intercepted during shipping, with additional chips and firmware added to them by unknown third parties in order to make them vulnerable to infiltration, according to a person familiar with the matter," the report said. "At one point, Apple even assigned people to take photographs of motherboards and annotate the function of each chip, explaining why it was supposed to be there."

While in that piece the source is also quoted as saying "you can’t go take an X-Ray of every computer that hits the floor." Curious what Bloomberg's response will be.

[kingv]

Just think of all the advancements in ai that will be made as they try to manage all that data tho

Kinda.  I think almost all that data and stuff like PRISM is mostly useless for predictive counter-terrorism.  Its just way too noisy and unstructured to be useful for any current ai tech.  Also, I doubt that super secret data will help push the field just due to the fact that such a small number of people will be able to work with it.

My guess is that most of this kind of data is most useful just sitting around in a database only to be used if a specific person is already under suspicion.       

Where the kinda comes in is that governments are throwing a shit ton of money into ai right now mostly on the promise that we can make use of a lot of data (this is especially true of medical ai right now)

I feel like right now a lot of vendors are seriously overhyping AI and Machine Learning.

They’re also just using the terms without much discipline because they are the hot terms of the movement (like Big data 4 or 5 years ago).

It’s interesting stuff but 99% of the utility seems to be just that computers are at the point now that we can readily process these big data sets using algorithms that aren’t really new or different, but computationally expensive.

I’ve seen a lot of vendor presentations talk about machine learning and then discuss how it uses logistic regression which is obviously not a new thing. Gradient boost seems to just be a different way to do stepwise regression that doesn’t really change the types of problems stats solve, just arrives at typically more accurate results.

[Madrun Badrun]

Just think of all the advancements in ai that will be made as they try to manage all that data tho

Kinda.  I think almost all that data and stuff like PRISM is mostly useless for predictive counter-terrorism.  Its just way too noisy and unstructured to be useful for any current ai tech.  Also, I doubt that super secret data will help push the field just due to the fact that such a small number of people will be able to work with it.

My guess is that most of this kind of data is most useful just sitting around in a database only to be used if a specific person is already under suspicion.       

Where the kinda comes in is that governments are throwing a shit ton of money into ai right now mostly on the promise that we can make use of a lot of data (this is especially true of medical ai right now)

I feel like right now a lot of vendors are seriously overhyping AI and Machine Learning.

They’re also just using the terms without much discipline because they are the hot terms of the movement (like Big data 4 or 5 years ago).

It’s interesting stuff but 99% of the utility seems to be just that computers are at the point now that we can readily process these big data sets using algorithms that aren’t really new or different, but computationally expensive.

I’ve seen a lot of vendor presentations talk about machine learning and then discuss how it uses logistic regression which is obviously not a new thing. Gradient boost seems to just be a different way to do stepwise regression that doesn’t really change the types of problems stats solve, just arrives at typically more accurate results.

I mean to a certain extent there hasn't been a change in fundament algorithms in ML and its true that basically what is driving a lot of the progress is big data and modern gpus.  That being said, there has been fairly big changes to the technical details of most ML systems.  Like to say that modern neural nets are just logistic regression is true but true in the same sense that saying a modern computer is just a Von Neumann machine.

[kingv]

My point isn’t 100% the superficial similarities of some of the algorithms to traditional methods, so much as people have been using the “machine learning” algorithms for quite a while and just didn’t call them that. I’ve worked with neural network and decision trees for almost a decade, we just didn’t have the “machine learning” or “AI” buzzword attached to them.

I think there is a lot of hype that suggests that these are doing something completely new, rather than just doing something similar to what is typically done with more precision.

I think the layman for sure, and even people professionally involved in analytics (including full PhD statisticians) seem to believe they are more novel than they really are because the extra precision makes the models useful for applications where traditional models might not provide enough lift to be useful.