Profile picture
, 12 tweets, 5 min read Read on Twitter
Govs around the world, including China & Russia, but also US and allies, conduct "supply chain attacks", where they insert hardware implants into servers and routers before they get shipped to surveillance targets, according to Snowden documents…
In October Bloomberg published a widely-disputed story claiming China conducted supply chain attacks against Supermicro motherboards. While the specific story may be completely wrong, supply chain attacks definitely happen…
Our story, based on previous Snowden reporting, on docs that have previously been published but never analyzed, and on new docs we're publishing today, doesn't address Bloomberg's claims. But it's clear that the US takes seriously the threat from Chinese supply chain tampering
US intel found evidence that "China is capable of intrusions more sophisticated than those currently observed by U.S. network defenders" and China's BIOS attacks "reflects a qualitative leap forward in exploitation that is difficult to detect" (wiki from 2012)
US intel had discovered, and studied, BIOS malware from China (PLA) and Russia (MAKERSMARK). They also warned against AMI and Award BIOS firmware, saying they were "currently compromised". Both companies stated that BIOS security is much better today than in 2012
One document describes a supply chain attacks that France conducted in 2002 against Senegal, it's former colony ("by 2004 could access all the info processed by those systems"). Also attacks by Germany, and possibly by Israel against Iraq
As already reported, the US conducted a supply chain interdiction attack against Cisco routers getting delivered to Syria Telecom. Here's how that attack, and similar NSA attacks, work
NSA also conducted a supply chain attack against a surveillance target setting up a VoIP system for classified online phone calls
The US has diplomatic facilities, like embassasies and consulates, all around the world. It sometimes uses these facilities in "adversary space" to conduct supply chain operations
A division of NSA's elite hacking squad Tailored Access Operations (now known as Computer Network Operations) called the Persistent Division was tasked with actually developing NSA's firmware implants. A document describes some wild projects for Persistence Division interns
While supply chain attacks are real, and countries all over the world conduct them, it's important to remember that there are *much* easier ways to hack most organizations -- like spearphishing, or relying on people re-using their passwords
As @securelyfitz puts it, "The reality is that most organizations have plenty of vulnerabilities that don’t require supply chain attacks to exploit."
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Micah Lee
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!