| I don't think this is as easy as you say it is. from the article: > The machines turned out to be loaded with unauthorized instructions directing each one to secretly copy data about itself and its network and send that information to China, according to six former senior officials who described a confidential probe of the incident. The Pentagon found the implant in thousands of servers, one official said; another described it as “ubiquitous.” assuming this is true, there is a universe of "thousands" of supermicro servers purchased by the pentagon that were targeted. my expectation is that most supermicro servers would not be targeted, just those sold to certain buyers. does the pentagon sell used supermicro servers on ebay? is it easy to obtain a used supermicro server from the pentagon? (I don't know the answer to those - genuine questions). even if you had one in your possession, it wouldn't be easy to find the exploit, which was (again, assuming it exists) installed by nation state with the intention of concealing it from another nation state (the world's most powerful). for example, it might only turn on under certain conditions. I wouldn't know where to start. I'm not saying it's impossible, but I am saying it seems much more daunting then you make it out to be ("should have been simple to prove"). |
I think it would be far more likely to start with a well known component like a network or bus drive and produce a modified chip with identical packaging and markings. Only one person in the board vendor's supply chain needs to swap spools of tampered chips into the manufacturing stream.
It could sit dormant in most situations unless it saw, say, Pentagon LAN traffic. This means the EBay case is covered; the machine would be normal for everyone else, including the board vendor's QA.
You'd have to simulate the target's traffic to see the board doing something wrong. Or decap the chip and read it out.