Random Thoughts – Randocity!

Rant Time: Bloomberg and Hacked Servers

Posted in best practices, botch, data security, reporting by commorancy on October 5, 2018

Bloomberg has just released a story claiming SuperMicro motherboards destined for large corporations may have been hacked with a tiny “spy” chip. Let’s explore.

Bloomberg’s Claims

Supposedly the reporters for Bloomberg have been working on this story for months. Here’s a situation where Bloomberg’s reporters have just enough information in hand to be dangerous. Let’s understand how this tiny chip might or might not be able to do what Bloomberg’s alarmist view claims. Thanks Bloomberg for killing the stock market today with your alarmist reporting.

Data Compromise

If all of these alleged servers have been compromised by a Chinese hardware hack, someone would have noticed data streaming out of their server to Chinese IP addresses, or at least some consistent address. Security scans of network equipment require looking through inbound and outbound data logs for data patterns. If these motherboards had been compromised, the only way for the Chinese to have gotten that data back is through the network. This means data passing through network cards, switches and routers before ever hitting the Internet.

Even if such a tiny chip were embedded in the system, many internal only servers have no direct Internet access. This means that if these servers are used solely for internal purposes, they couldn’t have transmitted their data back to China. The firewalls would prevent that.

For servers that may have had direct access to the Internet, these servers could have sent payloads, but eventually these patterns would have been detected by systems administrators, network administrators and security administrators in performing standard security checks. It might take a while to find the hacks, but they would be found just strictly because of odd outbound data being sent to locations that don’t make sense.

Bloomberg’s Fantasy

While it is definitely not out of the realm of possibility that China could tamper with and deliver compromised PCB goods to the US, it’s doubtful that this took place in the numbers that Bloomberg has reported.

Worse, Bloomberg makes the claim that this so-called hacked hardware was earmarked for specific large companies. I don’t even see how that’s possible. How would a Chinese factory know the end destination of any specific SuperMicro motherboard? As far as I know, most cloud providers like AWS and Google buy fully assembled equipment, not loose motherboards. How could SuperMicro board builders possibly know it’s going to end up in a server at AWS or Google or Apple? If SuperMicro’s motherboard products have been hacked, they would be hacked randomly and everywhere, not just at AWS or Google or whatever fantasy Bloomberg dreams up.

The Dangers of Outsourcing

As China’s technical design skills grow, so will the plausibility of receiving hacked goods from that region. Everyone takes a risk ordering any electronics from China. China has no scruples about any other country than China. China protects China, but couldn’t give a crap about any other country outside of China. This is a dangerous situation for China. Building electronics for the world requires a level of trust that must exist or China won’t get the business.

Assuming this alleged “spy chip” is genuinely found on SuperMicro motherboards, then that throws a huge damper on buying motherboards and other PCBs made in China. China’s trust level is gone. If Chinese companies are truly willing to compromise equipment at that level, they’re willing to compromise any hardware built in China including cell phones, laptops and tablets.

This means that any company considering manufacturing their main logic boards in China might want to think twice. The consequences here are as serious as it can get for China. China has seen a huge resurgence of inbound money flow into China. If Bloomberg’s notion is true, this situation severely undermines China’s ability to continue at this prosperity level.

What this means ultimately is that these tiny chips could easily be attached to the main board of an iPhone or Android phone or any mobile device. These mobile devices can easily phone home with data from mobile devices. While the SuperMicro motherboard problem might or might not be real, adding such a circuit to a phone is much more undetectable and likely to provide a wealth more data than placing it onto servers behind corporate firewalls.

Rebuttal to Bloomberg

Statements like from this next reporter is why no one should take these media outlets seriously. Let’s listen. Bloomberg’s Jordan Robertson states, “Hardware hacking is the most effective type of hacking an organization can engineer… There are no security systems that can detect that kind of manipulation.” Wrong. There are several security systems that look for unusual data patterns including most intrusion detection systems. Let’s step back for a moment.

If the point in the hardware hacking is to corrupt data, then yes, it would be hard to detect that. You’d just assume the hardware is defective and replace it. However, if the point to the hardware hack is to phone data home, then that is easily detected via various security systems and is easily blocked by firewalls.

The assumption that Jordon is making is that we’re still in the 90s with minimal security. We are no longer in the 90s. Most large organizations today have very tight security around servers. Depending on the role of the server, it might or might not have direct trusted access to secured data. That server might have to ask an internal trusted server to get the data it needs.

For detection purposes, if the server is to be used as a web server, then the majority of the data should have a 1:1 relationship. Basically, one request inbound, some amount of data sent outbound from that request. Data originating from the server without an inbound request would be suspect and could be detected. For legitimate requests, you can see these 1:1 relationships in the logs and when watching the server traffic on a intrusion detection system. For one-sided transactions sending data outbound from the server, the IDS would easily see it and could block it. If you don’t think that most large organizations don’t have an IDS even simply in watch mode, you are mistaken.

If packets of data originate from the server without any prompting, that would eventually be noticed by a dedicated security team performing regular log monitoring and regular server security scans. The security team might not be able to pinpoint the reason (i.e. a hardware hack) for unprompted outbound data, but they will be able to see it.

I have no idea how smart such tiny chip could actually be. Such a tiny chip likely would not have enough memory to store any gathered payload data. Instead, it would have to store that payload either on the operating systems disks or in RAM. If the server was cut off from the Internet as most internal servers are, that disk or RAM would eventually fill its data stores up without transfer of that data to wherever it needed to go. Again, systems administrators would notice the spike in usage of /tmp or RAM due to the chip’s inability to send its payload.

If the hacking chip simply gives remote control access to the server without delivering data at all, then that would also be detected by an IDS system. Anyone attempting to access a port that is not open will be blocked. If the chip makes an outbound connection to a server in China and leaves it open would eventually be detected. Again, a dedicated security team would see the unusual data traffic from/to the server and investigate.

If the hacking chip wants to run code, it would need to compiled it first. That implies having a compiler in that tiny chip. Doubtful. If the system builder installs a compiler, the spy chip might be able to leverage it, assuming it has any level of knowledge about the current operating system installed. That means that chip would have to know about many different versions of Linux, BSD, MacOS X, Windows and so on, then have code ready to deploy for each of these systems. Unlikely.

Standards and Protocols

Bloomberg seems to think there’s some mystery box here that allows China to have access to these servers without bounds. The point to having multi-layer security is to prevent such access. Even if the motherboards were compromised, most of these servers would end up behind multiple firewalls in combination with continuous monitoring for security. Even more than this, many companies segregate servers by type. Servers performing services that need a high degree of security have very limited ability to do anything but their one task. Even getting into these servers can be challenge even for administrators.

For web servers in a DMZ which are open to the world, capturing data here might be easier. However, even if the hacker at SuperMicro did know which company placed an order for motherboards, they wouldn’t know how those servers would ultimately be deployed and used. This means that these chips could be placed into server roles behind enough security to render their ability to spy as worthless.

It’s clear, these reporters are journalists through and through. They really have no skill at being a systems administrator, network engineer or security administrator. Perhaps it’s now time to hire technical consultants at Bloomberg who can help you guide your articles when they involve technical matters? It’s clear, there was no guidance by any technical person who could steer Jordan away from some of the ludicrous statements he’s made.

Bloomberg, hire a technical consultant the next time you chase one of these “security” stories or give it up. At this point, I’m considering Bloomberg to be nothing more a troll looking for views.


If you enjoy reading Randocity, please like, subscribe and leave a comment below.

↩︎

 

Advertisements

Theme Park Music Series: AstroWorld

Posted in astroworld, music by commorancy on October 5, 2018

If you have ever visited the now defunct Six Flags AstroWorld theme park which was located in Houston, Texas until 2005, here is the music that set the ambiance of the park. If you came here by accident seeking Travis Scott’s ASTROWORLD, click here to listen to his music on Apple Music. Now, a little history…

A Short Park History

AstroWorld was a theme park that began its existence in the late 60s and was the brainchild of a former mayor of Houston, Judge Roy Hofheinz. It was located across the 610 freeway from the Astrodome. AstroWorld opened its doors on June 1, 1968 and operated seasonally each year until October 30, 2005 when it ceased operations.

When the park opened in 1968, it featured a unique sled ride called the Alpine Sleighs that wound its way through a constructed mountain. The Alpine Sleighs were located in the Alpine Valley section of the park and had the same thrill value of a roller coaster. A “sleigh” consisted of an electric powered 4 person cars with rubber tires. A steel roller coaster, called The Serpent, located in the Oriental Village section of the park opened in 1969. Even though The Serpent started out as an adult coaster, because of its relative size and tameness, it would eventually be classified as a children’s ride once Dexter Frebish’s Electric Roller Ride opened in 1972.

In 1975, the park was sold to Six Flags corporation. From 1975 to 2005, the park was owned and operated by Six Flags. In that time, Six Flags grew the park with more and more thrill rides including many large and wild roller coasters.

In 1976, The Texas Cyclone opened. This wooden roller coaster was located in the Coney Island section and was designed to mimic the feel of the original Cyclone located Coney Island in New York, but it did not mimic the track layout. It would be the only wooden coaster in the park. All other coasters built would be steel coasters.

A number of rides cycled in and out of the park from 1968 through to its closure in 2005, but the sections pretty much remained intact with only the occasional rename. Not many were renamed or rethemed. In fact, only one section would actually be rethemed in all of that time, Country Fair became Nottingham Village going from a midway carnival atmosphere to a renaissance fair look and feel including a Biergarten sporting Octoberfest style food all year round. In fact, with the introduction of Nottingham Village, they also introduced alcohol into the park through that same Biergarten.

The park was host to a number of themed sections including:

  • Americana Square (front gate)
  • Modville => International Plaza => USA
  • Coney Island
  • Alpine Valley
  • European Village
  • Western Junction
  • Plaza de Fiesta => Mexicana
  • Fun Island
  • Children’s World => Enchanted Kingdom => Looney Toons Town
  • Pioneer
  • Oriental Village
  • Country Fair => Nottingham Village

Unfortunately, Fun Island would be the only section that wouldn’t last beyond the 80s. In fact, that land would eventually become home to a roller coaster. Also, the Children’s World section would be moved from its original location to a new location near the Alpine mountain after the Alpine Sleighs ride was retired. Children’s World was renamed Enchanted Kingdom, then later renamed again to Looney Toons Town. The Pioneer section housed only one ride, Thunder River. For this reason, it never got separate section marker on the map.

As with any park, every year brought new changes, new additions and new removals. The park also underwent several logo changes. The first logo included 4 globe icons using two different typefaces. The next logo included the word AstroWorld stylized with stars above it (see below). This was my personal favorite logo. A modified version of the stars logo with the stars removed was used for a short period on maps. The final logo included a blocky italicized typeface and six small flags to obviously signify the park was owned by Six Flags. A special logo was used on only on the 1976 map to commemorate the Bicentennial.

Park Maps

Here are various park maps from 1968 to 2004 for you to see how the park changed up until 2004. The 2004 image is actually an aerial view of the park from Google Earth.

1968 1971 1972 1976
1977 1980 1981 1982
1983 1984 1987 1988
1990 1991 1992 2004

Demise

The park ultimately succumbed to a contract dispute between the Astrodome / Reliant Stadium parking lot owners and Six Flags. AstroWorld did not have its own parking lot. Instead, it leased parking from the Reliant land owners. Because AstroWorld was dependent on that parking lot for its attendees, when the contract dispute erupted and ultimately broke down, Six Flags evaluated the situation and the current land values of the ~72 acres of AstroWorld property. Instead of renewing the parking lease, Six Flags decided to cease AstroWorld’s operations, dismantle the park and sell the land.

After all of the dust settled, Six Flags had actually lost money on the deal because they couldn’t get the land prices they expected and demolishing the park cost a lot more than predicted. 120 full time employees lost their jobs and the 1200 seasonal workers hired each year would be lost. It was a sad demise to one of Six Flags’s better theme park properties. Today, that land still sits vacant and is only used as overflow parking for Reliant Stadium.

The then Six Flags CEO, Kieran Burke, was ousted just two months after AstroWorld closed because of his cluster of an idea to close AstroWorld had backfired on Six Flags and failed.

Anyway, let’s get into what you’ve really been waiting for …

The Music

To set the tone of each of the sections above, the park had loud speakers throughout the park playing music. Some were hidden in shrubs or under fake rocks, others were horn speakers affixed to buildings. Over the years, the music changed and updated as the audio systems improved, but many tracks remained the same.

During the 80s, the system used tapes. In the 90s and 00s, I’m sure the system was switched to first CDs, then computer based systems. In the updated systems, some new music was introduced into various sections.

Apple Music Playlists

You might remember hearing a few of these tracks while wandering through the park. Note, you will need an Apple Music account to play the music, but you can see the track names and artists and play short samples even if you don’t have a subscription.

The below playlists include music in use during the 80s, 90s and 00s. Note that I don’t have the playlists for the Country Fair, Modville or Fun Island sections. There was also Looney Toons Town section, but this music is not available on Apple Music that I have been able to find. There was also some incidental music used on rides such as the Dentzel Carousel and The River of No Return / River Adventure Ride that also don’t have playlists. There are also some additional Mexicana tracks which are not on Apple Music, but can be found in this playlist on SoundCloud.

Without further adieu, let’s have a listen to the music that played every operating day at AstroWorld.

Enjoy!


Apple Music Playlists for AstrowWorld
AstroWorld Western Junction
AstroWorld Pioneer
AstroWorld Americana
AstroWorld Coney Island
AstroWorld Mexicana
AstroWorld Alpine Valley
AstroWorld Nottingham Village
AstroWorld USA
AstroWorld European Village
AstroWorld Oriental Village

As always, if you enjoy what you’ve just read on Randocity or heard on Apple Music, please like, subscribe and comment. If you would like to read more about AstroWorld, please leave a comment below and I will consider writing a longer segment about this theme park.

↩︎

%d bloggers like this: