[mdlug-discuss] [mdlug] [Fwd: [opensuse-offtopic]AndnowtheManchurianmicrochip]

[Aaron Kulkis]

Ingles, Raymond wrote:
>> From: Aaron Kulkis
> 
>>>  *Except* that we're talking about slipping design changes in at the
>>> fabrication level. The people who design the chips test them, and
> they
>>> know - *very* precisely - what timings to expect... The fabricators
>>> *can't* steal silicon without redesigning
>>> *something*, cutting into performance margins that are already cut
> as
>>> fine as the designers can get away with.
>> And when the motherboard assembly plant, and the chip fabs
>> are both in the same place, and both under People's Liberation
>> Army control (like ALL business in China)....
> 
>  You're missing something. There isn't just two players here, the
> fabricator and the end user. There's the *designers*, many of whom are
> based in the U.S. and presumably aren't *all* subverted. Consider a CPU.
> They simulate these things in excruciating detail before the designs are
> sent to the fab plant. They know the timing constraints and input/output
> profiles of each component to a very narrow range. They *have* to,
> because for performance reasons they have to know what the best and
> worst cases will be, and design things to work within narrow profiles.
> 

Most VLSI and ULSI chips these days, including CPUs even, are done
using circuit libraries.

You think the Chinese lack the intelligence necessary to, say,
modify some circuits, given the lay-out data?  Look at the
graduating classes of the Masters and Doctorate programs of
any engineering school in this country -- a substantial number
are Chinese nationals.

It's not like these file formats are company trade secrets --
those mask layers are done using standard file formats, and
I wouldn't be surprised if the network description files are
sent over from the U.S. to the chip fab plants, who then
generate the mask layer files on site.

Why would it NOT surprise me?

Because at the request/"persuasion" of the Chinese, the lunk-heads
at GM shipped over duplications of EVERY part of a Chevrolet
assembly line, and then were.. shocked..SHOCKED that the Chinese
took the duplicate machinery and set up their own competing plant
(and started selling their product as the "Cherry").

Any plan that relies on absolutely lame-brained concessions by
American management wanting to do business in China, and Chinese
duplicity taking advantage of those concessions to conduct
technological espionage is pretty much guaranteed to succeed.

The track record over the last 20 years is absolutely abominable.




>  Why narrow? Because 'too tight' and the thing will fail (or yield will
> be so low as to make it unprofitable); while 'too loose' and you're
> wasting money and performance that your competitors *won't* be wasting.
> The designers want - they *need* - to eke out maximum performance. They
> know the physics of fabrication as well as anyone, they know what's
> possible... and they work to be on the close edge of what's possible,
> because if they *don't* they'll be outcompeted. When they get the
> samples, they run detailed tests of each component on the chip, both
> individually and how they interact.

Really?

How detailed are these tests?

Back in 1980, It was possible for a single person to understand
at a very detailed level everything that was happening inside

What if the redesign to the chips keeps the "extra" functionality
turned off until an internal counter has run past a certain point?
How long are you going to test the chips to make sure that their
timings and functionality don't change?

Your attitude reminds me of that of the Japanese Navy, which
assumed that their code system was absolutely unbreakable, based
on the advice of a mathemetician who was, unfortunately for them,
completely uneducated in the field of cryptography.

It turns out, that the Japanese Army was using the same code
system, but a cryptanalyst told them that their code was weak;
the Japanese Army stopped using the code, and warned the Navy.
The Navy brushed off the warning.

And because of that, we beat the Japanese in 4 years.  If we
had not been able to read practically all of the Japanese
Navy's "mail", well, the 14-hour mission by a flight of P-38's
which shot down Admiral Yamoto's plane never would have happened,
and in general, it's estimated that EVEN WITH the use of the
two atomic bombs in 1945, the war would have probably dragged
on for several years longer.

You're good at looking for things to operate as specified --
that does NOT prevent other people from being skilled at
changing thing in ways that an inspector will find exactly
and ONLY what he's looking for during Quality Control tests
....while still not finding other things, because he's just
plain old not looking for them IN THE RIGHT WAY to uncover
the tampering.

This also reminds me of the movie "Force 10 from Navarrone", in
which a joint American/British team of irregular fighters are
operating in Yugoslavia.

The American officer (played by Harrison Ford) has been assigned
the task of destroying a bridge over a valley, but unfortunately
for him, he's lost his explosives to do the job, and is planning
on giving up on his mission.  The British officer tells him that
what he needs isn't whatever he wants, but instead, what he needs
is a miller. Miller turns out to be Sergeant Miller, a demolitions
expert.

Ford's character and Miller then have a disagreement about the
feasability the bridge with the amount of explosives which they
have managed to steal from a German supply base.  The American
officer is absolutely sure that a certain bridge cannot be taken
down, because, as he says, "Our engineers have gone all over it,
and it will take 5 times as much explosives to destroy it."

Miller disagrees, with the correct observation, "That's because
whereas your engineers are experts at building things, *I* am
an expert at destroying them."

Miller then (just barely) destroys a dam some distance upriver
from the bridge, and when the dam finally succumbs to the damage
which is minor, but in a critical portion, the resulting maelstrom
which is unleashed takes the bridge down.


A difference in perspective changes the the opinion of what
is possible and what is not.

The US has its own cyber-warfare teams, and knows that these
sorts of things are possible...because WE'VE DONE IT OURSELVES
during the Gulf War in 1990-91.  It certainly is *NOT* paranoia
to suspect that someone is doing to you the same sort of thing
that you yourself have done in the past to one of your enemies.

> 
>  Now, you change something behind their backs, and all their detailed
> schemes for avoiding deadlocks and missed signals and interference and
> overvoltage and undervoltage and heat dissipation - things which they
> don't even *share* with the fab plant - go out the window. Look at
> Microsoft's Xbox 360 - they screwed up on the heat dissipation big time,
> and it cost them at least a billion dollars. (Google 'RROD'.)
> 
>  Your Chinese engineers need to be able to reverse-engineer a chip in a
> matter of days, add a complex subversion module onto the same amount of
> silicon without compromising the function or timing of *any* of the
> component parts, and keep yields up to avoid suspicion. For multiple
> chip architectures. Over and over again. In the face of regular hardware
> revision requests that they have no control over.
> 
>> I don't know the specifics, but a standard COTS computer (i.e.
>> one of the all too many hundreds of thousands or even millions
>> of computer the DOD owns that run Windows) is not going to be
>> tested for signal timings on the motherboard.
> 
>  But the chipset makers will test their components' signal timings.

They're going to ship the chips from China, to the US, and then
back to China for final assembly on the motherboards?

You don't seem to realize -- once the Americans design the circuits,
in many brands, the Chinese then control the ENTIRE REST OF THE PROCESS.

And as doing this exact sort of attack against the U.S. military
is a VERY high priority for the Red Army -- they've got, and had
for years, teams who do NOTHING other than look for ways to
implement this sort of attack... it takes doesn't take very much
imagination to see how they can do this sort of thing, with so
much of our electronics work off-shored to China, combined with
the short-sighted greed of a lot of Baby-Boomer management types.

> The
> motherboard manufacturer will sure as hell test the motherboard signal
> timings, because if they don't they run the risk of shipping a board
> that flat out doesn't work.

If it works, it works.  Why wouldn't they tell the Chinese to
certify the boards?  Then the local manager, at the direction
of the PLA, just tells the testers to allow anything within
a certain spec which allows the deviant behavior.


> 
>>>  But if you're doing DMA-related work at the same time, you'll see a
>>> major drop in performance. Dang near everything on the system uses
> DMA
>>> now.
>> You would notice a "major drop" if the functionality was added
>> in AFTER the computer was installed.  On the other hand, if the
>> spy-ware (hard and/or soft) was in the computer from the time
>> of purchase...nobody's going to notice a "major drop in performance".
> 
>  Wait, the spy module is *always* stealing performance?

I didn't say that it is.  I'm just saying that even if they
were... your average admin isn't going to notice.

> It's *always* stealing DMA cycles? Why aren't the manufacturers noting that they
> aren't getting the performance they designed for and that their
> simulations tell them to expect?

Ship a couple of lots of motherboards that are untampered with
to establish "validation" of the design to the US company, and
once they trust it, start slipping in bugged motherboards.




> "Gee, we're losing 10% of our
> performance, all the time. That's funny, but there's no need to
> investigate that. After all, nobody in the computer world cares about
> tiny performance margins, right? People aren't silly enough to pay $100
> more for three extra frames per second in a game, right?"

We're not talking about high-end motherboards here...we're talking
about motherboards aimed at the market on which officers and
operations staffs make up their oh-so-precious PowerPoint files.

After they're loaded up with all the anti-virus software, and
other software mandated by DOD to keep the malware off, combined
with the well-known problem of Windows suffering from steady
performance erosion over time (between disk fragmentation and
that godawful bottleneck called the registry), your typical
user of these machines wouldn't recognize a performance
degradation if it was a giant talking tuna fish.


> 
>> Not only that, but the spy-ware doesn't have to be operating
>> non-stop constantly.  A busy disk drive on a quiescent system
>> would be noticeable...especially on a laptop.  But reading
>> and sending just a couple disk blocks at a time, and working
>> through the disk drive from start to finish would eventually
>> furnish a tremendous amount of data.
> 
>  As I've already noted repeatedly, a distributed system capable of
> running the equivalent of a 'background task' like that is nearly
> impossible to design and implement. Even so, when the system is doing
> something performance-critical, dropouts like that are quite
> noticeable... even when everything's working perfectly. (How is this
> system to know that a major resource drain isn't *about* to come up?) If
> there's a flaw in the design (of the nominal system, not the spyware
> module) or a bug in the software, you're very likely to trip it. At
> which point you have unexplainable but repeatable crashes, which people
> *do* notice.

I think you lack creativity.
Or you naively assume that everybody is honest.

The last 5 years or so, the majority of my field training with
the Michigan National Guard has revolved around anti-terrorist
training (as opposed to combating traditional uniformed armies
which observe the Geneva Convention).  One thing I've discovered
is that before you can even begin to battle a terrorist, you must
first learn to not only understand how he thinks, but to learn
to THINK LIKE HE THINKS.

Possibly, because of my duties in military communications, and
my familiarities with our security procedures regarding radio
communications (good to excellant) and data processing (some
areas are good, and some are horribly deficient)... it's not
too difficult for me to see how a determined attacker, with the
resources of a country as huge as China, can carry out these
sorts of things.  Especially since they've been teaching in their
general staff school for years that they will definitely be at
war with us in the mid 2010's, and intend to use our data processing
infrastructure against us in every way possible (our weakest link
is actually our banks -- and every Bank in the US has its
back-office operations being done in India... and a bribe which
is minor here, to say, look the other way when a Chinese-controlled
agent commits some sabotage against a back-office operation, is
large enough to retire on in India, because the cost-of-living
is so low over there.

> 
>  (Oh, BTW, I knew you couldn't substantiate your charge about taxes. Odd
> that that was about the only part of my message you *didn't* quote....

I have no intention of searching the archives for all of your silly
political pronouncements over the years -- the mere fact that your
.sig lines come direct from Dumbocrook Underground is evidence enough.

> Don't you feel ashamed about trying to use such a baseless tactic just
> because you feared your opponent was making good points? Are you really
> so callow that winning an argument is more important than figuring out
> the truth?)
> 
>  Sincerely,
> 
>  Ray Ingles                                               (313) 227-2317
> 
>  "I would like to see something like custom taxes, where you have a base
>    of required stuff to pay, and then you have electives where you can
>      have your say in the balancing of funds." - hyrdra, on Slashdot
> The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it.