BMW M5 Forum

Post Reply
 
Thread Tools Search this Thread
      10-04-2018, 03:18 PM   #1
detroitm2
Colonel
detroitm2's Avatar
United_States
2453
Rep
2,539
Posts

Drives: 2018 M2
Join Date: Aug 2018
Location: Michigan

iTrader: (2)

Garage List
2018 BMW M2  [10.00]
US Corporations Hacked by China

Its rather terrifying that this went so long without being noticed. Kind of a long read, but worth it.

https://www.bloomberg.com/news/featu...-top-companies
Appreciate 0
      10-04-2018, 05:51 PM   #2
GoneIn4Secs
Banned
1304
Rep
1,675
Posts

Drives: BSM F87 LCI (DCT)
Join Date: Jun 2018
Location: GTA

iTrader: (0)

Diane feinstien had a chinese spy working as her driver for 24 years, Hillary had her emails server setup so chinese govt could hack into her emails real time!

Iit not that it went 'unnoticed', it was by design, gisnts corporations liek apple /google openly work for chinese govt

There are traitors in govt and business who sell out and sold out to global interests

There arent mistakes at this level without someone giving the green light
Appreciate 0
      10-04-2018, 06:02 PM   #3
IanMan
First Lieutenant
IanMan's Avatar
390
Rep
369
Posts

Drives: Alpine White M3 Sedan
Join Date: Nov 2016
Location: Midwest

iTrader: (0)

I was aware of this a few years ago and our government has been for quite a while too. Why it is just now being made public is beyond me. No, I'm not a conspiracy theorist.
Yes, I know what I am talking about and have seen actual proof of this. Also, it isn't just the US to be spied on.

Here is what I know because of my line of work. Apple and Amazon have probably been aware of this for quite some time. Our government has known this for quite a while too. This has been going on for years. I'm going to leave a lot of details out of this explanation for certain reasons. We have all sorts of groups of people in the military, that do certain things, which require certain briefings. Before certain briefings or missions take place, all equipment that is used for said briefings gets analyzed, taken apart, put back together, and then used for the mission, (i.e. TV's, laptops, phones, etc.). A brand new Samsung TV, straight out of the box was purchased for a certain task to show images on. Said TV was taken apart and screened only to find that once it was going to be used, the TV would discreetly connect to the first open unsecured wifi connection and transmit all images that were displayed to an undisclosed location. This is a civilian, out of the box TV, not something that was hacked at the last moment. Imagine if our information for a serious situation was just carelessly transmitted for another government to see. Scary stuff.
__________________
2018 Alfa Romeo Giulia Quadrifoglio
2008 BMW M3 Sedan

Last edited by IanMan; 10-04-2018 at 06:11 PM..
Appreciate 1
      10-04-2018, 08:37 PM   #4
zx10guy
Brigadier General
5521
Rep
3,331
Posts

Drives: 2013 135i
Join Date: Feb 2014
Location: DC

iTrader: (0)

Issues of supply chain interception has been a real problem for a lot longer than what has been cited in this article. Those that have worked in IT at some capacity for the Federal government have known this is a major risk for at least a couple of decades. This is why pretty much all Federal agencies require hardware sold to them be TAA compliant where the equipment has been substantially "transformed" in a country deemed friendly to the US. There's also BAA compliance where the equipment has been US made.

Cisco got hit by counterfeit parts that were injected into legitimate supply chains. This came to light back in 2008.

https://www.infoworld.com/article/26...isco-gear.html

The public knowledge of this was premature as someone leaked the FBI slide deck going over their investigation into the problem. This pushed the FBI to move a lot sooner on entities/individuals they have been watching. The slide deck is still hosted here:

http://www.andovercg.com/datasheets/...08-01-11-a.pps

Looking through the slide deck, there is a picture of the WIC T1 WAN card used in Cisco ISR routers. I've personally worked with these cards. Without the FBI comparison of the genuine and counterfeit cards, I would have no idea which was real or genuine. The fakes were that good. The only tip off of why Cisco started to look into this issue was a spike in component failures.

The Bloomberg article also cited two companies Huawei and ZTE. Huawei was caught copying code Cisco used in their IOS software. Huawei has also been under tight scrutiny by many western nations for their close ties to Chinese Intelligence. This threat is such a concern where Australia banned the use of Huawei equipment in the major refresh of their telecom systems. The US Feds stepped in when they found out Sprint was going to purchase Huawei equipment.

This is the consequence of us freely allowing a hostile country to manufacture most of the electronics we use to save a few bucks.
__________________
Quote:
Originally Posted by Lups View Post
We might not be in an agreement on Trump, but I'll be the first penis chaser here to say I'll rather take it up in the ass than to argue with you on this.
Appreciate 0
      10-04-2018, 08:43 PM   #5
c1pher
Primo Generalissimo
c1pher's Avatar
United_States
5039
Rep
4,190
Posts

Drives: All of them
Join Date: Jun 2009
Location: DC area

iTrader: (0)

Garage List
Quote:
Originally Posted by zx10guy View Post
Issues of supply chain interception has been a real problem for a lot longer than what has been cited in this article. Those that have worked in IT at some capacity for the Federal government have known this is a major risk for at least a couple of decades. This is why pretty much all Federal agencies require hardware sold to them be TAA compliant where the equipment has been substantially "transformed" in a country deemed friendly to the US. There's also BAA compliance where the equipment has been US made.

Cisco got hit by counterfeit parts that were injected into legitimate supply chains. This came to light back in 2008.

https://www.infoworld.com/article/26...isco-gear.html

The public knowledge of this was premature as someone leaked the FBI slide deck going over their investigation into the problem. This pushed the FBI to move a lot sooner on entities/individuals they have been watching. The slide deck is still hosted here:

http://www.andovercg.com/datasheets/...08-01-11-a.pps

Looking through the slide deck, there is a picture of the WIC T1 WAN card used in Cisco ISR routers. I've personally worked with these cards. Without the FBI comparison of the genuine and counterfeit cards, I would have no idea which was real or genuine. The fakes were that good. The only tip off of why Cisco started to look into this issue was a spike in component failures.

The Bloomberg article also cited two companies Huawei and ZTE. Huawei was caught copying code Cisco used in their IOS software. Huawei has also been under tight scrutiny by many western nations for their close ties to Chinese Intelligence. This threat is such a concern where Australia banned the use of Huawei equipment in the major refresh of their telecom systems. The US Feds stepped in when they found out Sprint was going to purchase Huawei equipment.

This is the consequence of us freely allowing a hostile country to manufacture most of the electronics we use to save a few bucks.
TAA compliance is misleading reassurance.
Appreciate 0
      10-04-2018, 09:04 PM   #6
zx10guy
Brigadier General
5521
Rep
3,331
Posts

Drives: 2013 135i
Join Date: Feb 2014
Location: DC

iTrader: (0)

Quote:
Originally Posted by MGM135is View Post
TAA compliance is misleading reassurance.
It's something and better than nothing. Systems...especially in highly secure environments would still have to go through scanning and meeting various requirements specific to the agency such as STIG, JTIC, Common Criteria, etc. TAA is just a baseline/starting point.
__________________
Quote:
Originally Posted by Lups View Post
We might not be in an agreement on Trump, but I'll be the first penis chaser here to say I'll rather take it up in the ass than to argue with you on this.
Appreciate 0
      10-04-2018, 09:24 PM   #7
c1pher
Primo Generalissimo
c1pher's Avatar
United_States
5039
Rep
4,190
Posts

Drives: All of them
Join Date: Jun 2009
Location: DC area

iTrader: (0)

Garage List
Quote:
Originally Posted by zx10guy View Post
It's something and better than nothing. Systems...especially in highly secure environments would still have to go through scanning and meeting various requirements specific to the agency such as STIG, JTIC, Common Criteria, etc. TAA is just a baseline/starting point.
STIGs are great in a largely homogeneous environment like the USG but don’t work as well in regular industry. JTIC certifications mainly focus on operational testing. Yes you get an ATO after completing DIACAP or RMF, but those are checklists and we all know checklists don’t mean security. Case in point is AWS GovCloud has an ATO, is FEDRAMP accredited etc, and the Chinese purportedly could still do their thing.

I do agree with you that doing something is better than doing nothing, but we aren’t doing enough to understand what, exactly, network or IT equipment is doing and the explosion of IoT has only exponentially exacerbated the problem.
Appreciate 0
Post Reply

Bookmarks


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -5. The time now is 07:27 PM.




m5:
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
1Addicts.com, BIMMERPOST.com, E90Post.com, F30Post.com, M3Post.com, ZPost.com, 5Post.com, 6Post.com, 7Post.com, XBimmers.com logo and trademark are properties of BIMMERPOST