SuperMicro Servers Hacked with China Chips ?
Problem reported by Curtis Kropar www.HawaiianHope.org - October 5 at 1:53 AM
Submitted
This is more of a general info heads up.
If you did not see this...
like.. WOW !    The investigation is still going on according to the article.
A few years ago at Shaka Con ( https://www.shakacon.org/ ) we were talking about exactly this

https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

www.HawaiianHope.org - Providing technology services to non profit organizations, homeless shelters, clean and sober houses and prisoner reentry programs. To date we have given away over 1,000 free computers.

7 Replies

Reply to Thread
0
echoDreamz Replied
We have thousands of Supermicro servers...

Christopher

0
Scarab Replied
Although everyone is shocked, panicking, and DHS is trying to cover it up and/or minimize the panic, the public was warned specifically about SuperMicro doing precisely this by both the Gartner Group and the DoD several years ago (at least 6 or 7 years ago).

At this point, if you are affected regard this the same as the Spectre, Meltdown, and Spectre2 issues; mitigate it as best as you can and follow the suggestions in the NCCIS & CERT notice
https://www.us-cert.gov/ncas/alerts/TA18-276B until you can replace the hardware in your next scheduled hardware refresh.

(We use Dell servers almost exclusively, whose motherboards are mostly made by Intel, but when we whitebox we use ASRock Rack motherboards...but almost everyone else it seems relies on SuperMicro for everything server-side.)
0
Paul Blank Replied
Thanks for the info! We did know about the hack several years ago. Scary that the problem is still occurring.
0
Paul Blank Replied
I have read that all the issues with these mobos is with blade servers. Let's try and keep this thread updated with what we find out. Scary even if we're not using blades.

Perhaps Supermicro will release a list of compromised product. Ya never know.
0
echoDreamz Replied

Christopher

0
Paul Blank Replied
Might just be false. So far there is no hard proof. 
0
Paul Blank Replied
In the following article, it is strongly suggested that the problem is global, and that Supermicro is being scapegoated by bigger players:


Worth reading!

Reply to Thread