CS Table 10/9/18: The Big Hack

We will discuss a recent report from Bloomberg about a security breach in the hardware supply chain for servers used by almost 30 major US-based companies. Bloomberg’s reporting suggests that a group within the Chinese government’s intelligence agency were able to add a small chip to motherboards manufactured for SuperMicro, a major server hardware supplier in the US. These chips apparently inject malicious code into the server’s operating system, allowing hackers to remotely access compromised servers and bypass security controls within the operating system. We will discuss the mechanisms used to carry out these attacks, the differences between hardware- and software-based exploits, consider the impacts of such an attack, and discuss possible ways to mitigate attacks like this one in the future.

Readings include Bloomberg's original reporting (The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies, J. Robertson and M. Riley, Bloomberg Businessweek, 4 Oct 2018) and two articles providing some additional perspective on this story, which has not yet been independently confirmed (The China SuperMicro Hack: About That Bloomberg Report, N. Weaver, Lawfare, 4 Oct 2018, and Decoding the Chinese SuperMicro super spy-chip scandal: What do we know – and who is telling the truth? K. McCarthy, The Register, 4 Oct 2018.)

Computer science table (CS Table) is a weekly meeting of Grinnell College community members (students, faculty, staff, etc.) interested in discussing topics related to computing and computer science. CS Table meets Tuesdays from 12:00–12:45pm in JRC 224C (inside the Marketplace). Contact the CS faculty for the weekly reading. Students on meal plans, faculty, and staff are expected to cover the cost of their meals. Visitors to the College and students not on meal plans can charge their meals to the department (sign in at the Marketplace front desk).

CS Table: Global Health Information Technology

This Friday at CS Table, Josh and I will lead a discussion of health information technology in the global context. For readings, see
Syndicate content