Phish and Chips

Even readers of this blog who do not identify as ‘conspiracist’ will almost certainly have been unable to avoid observing the escalating trade war between the USA and China, or indeed the raising of tensions between The West and Russia, which have taken a sharp turn north after ‘The Salisbury Incident’.

In the case of the Russians; America, the Netherlands, the UK and the Canadians (and who wouldn’t trust a Canadian?) have accused named individuals, as well as the GRUesome (mwahahahaha) organisations for whom they work, as being responsible for attacks against multiple Western corporations and government bodies.

Whilst many of these so called ‘attacks’ exist solely in cyberspace, four Russian agents were busted (thanks to, one assumes, fantastic European intelligence sharing) trying to breach the WiFi, or at least reconnoitring, the Organisation for the Prohibition of Chemical Weapons (OPCW) in Holland, which is the place that provided technical assistance to the UK Government about the nerve agent used in Salisbury.

Talk about being caught with your pants down.

As our very own Malcolm Taylor discussed on both national TV and Radio this week, “we can look forward to yet more incredulous Russian denial”.

The highly skilled investigators at Newsthump have suggested activities even more sinister.

In the case of the Chinese, as the trade war between them and the USA intensifies and some predict will spiral out of control, the USA reliance on minerals mined in China is cited as a major outlier.

So is it any surprise that this week saw the publication of a report claiming that the Chinese have been infecting computers destined for the USA (or anywhere for that matter) with well below the operating system bugging devices, as in on the motherboard, for the motherland, land, call it what you will?

The report quotes numerous unnamed sources and is being disputed/denied by Apple, Amazon, Super Micro and others. In time, we may find out.

Putting the Geopolitics to one side, if we consider the possibility of snooping chips on manufacturer’s motherboards, and recall the reports of Russian UEFI attacks (dubbed LoJax) using an adapted version of the LoJack laptop tracing software, we can see a clear pattern of nation states being exposed as going down, not up, the stack.

Whilst this has more than likely ‘ever been thus’, this sort of low level rummaging is beginning to show its face. Combined with the threats presented by processor side-channel attacks, we think it is only a matter of time before seriously organised criminals will be taking the same path. After all, if you can start up before the bootstrap, you can make like a funnel web spider in a trainer, or even more scary a wellington boot.

It is probably time we donned our collective thinking caps and started digging down, not looking up. Layer seven firewall indeed.

If you would like to discuss how nation state activity may well eventually bubble down into real world Enterprise and personal issues, we run a Cyber Council event twice a year where highly experienced Government advisory types paint a view of the world which is then discussed and positioned in the corporate space. Please contact us at: [email protected] or call 020 7517 3900 if you would like to join the forum.

Since most of us have just been paid. If you have a few hard earned Pounds/Euros/Dollars/Bitcoin/Ethereum or small change to spare, please think about donating to the Red Cross/DEC to help out those really in need.  One earthquake and subsequent tsunami wiped out more men, women and children than the GRU ever has. As far as we know.