|1/28/2018 1:27:41 PM
|Intel Warned Chinese Companies of Chip Flaws Before U.S. Government
Decision to disclose issue to select few customers, including Lenovo and Alibaba, has ripple effects through security and tech industries
By Robert McMillan in San Francisco and Liza Lin in Shanghai
Jan. 28, 2018 11:37 a.m. ET
In initial disclosures about critical security flaws discovered in its processors, Intel Corp. INTC 10.55% notified a small group of customers,including Chinese technology companies, but left out the U.S. government, according to people familiar with the matter and some of the companies involved.
The decision raises concerns, security researchers said, as it potentially could have allowed information about the chip flaws, dubbed Spectre and Meltdown, to fall into the hands of the Chinese government before being publicly divulged. There is no evidence any information was misused, the researchers said.
Weeks after word of the flaws first surfaced, Intel’s choices about whom would receive advance warning continue to ripple through the security and tech industries.
The flaws were first identified in June by a member of Google’s Project Zero security team. Intel had planned to make the discovery public on Jan. 9—people working to protect systems from hacks often hold off on announcements while fixes are devised—but sped up its timetable when the news became widely known on Jan. 3, a day after U.K. website the Register wrote about the flaws.
Because the flaws can be leveraged to sneak sensitive data out of the cloud, information about them would be of great interest to any intelligence-gathering agency, said Jake Williams, president of the security company Rendition Infosec LLC and a former National Security Agency employee. In the past, Chinese state-linked hackers have exploited software vulnerabilities to get leverage on their targets or expand surveillance.
It is a “near certainty” Beijing was aware of the conversations between Intel and its Chinese tech partners, because authorities there routinely monitor all such communications, Mr. Williams said.
Representatives from China’s ministry in charge of information technology didn’t respond to requests for comment. The country’s foreign ministry has in the past said it is “resolutely opposed” to cyberhacking in any form.
An Intel spokesman declined to identify the companies it briefed before the scheduled Jan. 9 announcement. The company wasn’t able to tell everyone it had planned to, including the U.S. government, because the news was made public earlier than expected, he said.
Intel’s tricky path—inform enough big customers to head off significant damage while keeping the information as contained as possible to limit potential leaks—continues to weigh on smaller companies that weren’t given an early nod.
Joyent Inc., a U.S.-based cloud-services provider owned by Samsung Electronics Co. , is still playing catch-up, said Bryan Cantrill, the company’s chief technology officer.
“Other folks had a six-month head start,” he said. “We’re scrambling.”
In the months before the flaws were publicly disclosed, Intel worked on fixes with Alphabet Inc.’s Google unit as well as “key” computer makers and cloud-computing companies, Intel said in an emailed statement to The Wall Street Journal.
An official at the Department of Homeland Security said staffers learned of the chip flaws from the Jan. 3 news reports. The department is often informed of bug discoveries in advance of the public, and it acts as an authoritative source for information on how to address them.
“We certainly would have liked to have been notified of this,” the official said.
The NSA was similarly in the dark, according to Rob Joyce, the White House’s top cybersecurity official. In a message posted Jan. 13 to Twitter, he said the NSA “did not know about these flaws.” A White House spokesman declined to comment further, referring instead to the tweet.
Chinese computer maker Lenovo Group Ltd. LNVGY -1.20% was among the large tech companies, including Microsoft Corp. , Amazon.com Inc. and ARM Holdings in the U.K., that were notified of the flaws beforehand.
Lenovo was able to issue a statement Jan. 3 advising customers on the flaws because of “the work we’d done ahead of that date with industry processor and operating system partners,” a spokeswoman said in an email.
Alibaba Group Holding Ltd. BABA 3.47% , China’s top seller of cloud-computing services, also was notified ahead of time, according to a person familiar with the company.
A spokeswoman for Alibaba’s cloud unit declined to comment on when the company was informed. She said any idea that the company might have shared information with Chinese authorities was “speculative and baseless.”
A Lenovo spokeswoman said Intel’s information was protected by a nondisclosure agreement.
Despite the security concerns, an early heads up to a select number of large global companies made sense, said Dave Aitel, chief executive of Immunity Inc., a company that sells security services. “They’re going to tell as few people as possible” to contain possible leaks, he said.
Because they had early warning, Microsoft, Google and Amazon were able to release statements soon after news of the flaws leaked out saying their cloud-computing customers were largely protected.
Smaller competitors, though, continue to struggle. DigitalOcean Inc., a cloud-services seller, said Jan. 19 it was still testing a fix for its customers. Rackspace Inc. said last Wednesday it has several teams working on a fix. The cloud company earlier in January told customers it understood the situation “can be frustrating.”
The DHS also stumbled with its initial guidance. The agency’s Computer Emergency Response Team first linked to an advisory stating the only way to “fully remove” the flaws was by replacing the chip. CERT now advises users instead to patch their systems.
The DHS should have been looped in early on to help coordinate the flaws’ disclosure, Joyent’s Mr. Cantrill said. “I don’t understand why CERT would not be your first stop,” he said.
Write to Robert McMillan at Robert.Mcmillan@wsj.com and Liza Lin at Liza.Lin@wsj.com
|RecommendKeepReplyMark as Last Read
|3/15/2018 10:45:48 AM
|Finstead -- Intel's acquisition of Israel-based Mobileye, an autonomous vehicle technology provider is significantly positive in our view. The acquisition will help the company rapidly penetrate the autonomous car technology market, currently dominated by the likes of NVIDIA and Qualcomm. With the buyout, Intel will now have access to Mobileye’s technologies related to cameras, in-car networking, sensor-chips, roadway mapping, cloud software, machine learning and data management.
Finstead is particularly optimistic about the data center business. The drive to lower-cost computing devices is increasing the pressure on servers that are taking the load off these devices. As more information in various structures and formats are increasingly stored in the cloud, there is demand for a new breed of chips that are more efficient in terms of cost and energy but may not pack in quite as much compute power as in the past.
Will Intel be better in the future?
|RecommendKeepReplyMark as Last Read
|From: Don Green
|6/26/2018 10:28:17 AM
|Intel and the Danger of Integration
Posted on Monday, June 25, 2018
Last week Brian Krzanich resigned as the CEO of Intel after violating the company’s non-fraternization policy. The details of Krzanich’s departure, though, ultimately don’t matter: his tenure was an abject failure, the extent of which is only now coming into view.
Intel’s Obsolete OpportunityWhen Krzanich was appointed CEO in 2013 it was already clear that arguably the most important company in Silicon Valley’s history was in trouble: PCs, long Intel’s chief money-maker, were in decline, leaving the company ever more reliant on the sale of high-end chips to data centers; Intel had effectively zero presence in mobile, the industry’s other major growth area.
Still, I framed the situation that faced Krzanich as an opportunity, and drew a comparison to the challenges that faced the legendary Andy Grove three decades ago:
By the 1980s, though, it was the microprocessor business, fueled by the IBM PC, that was driving growth, while the DRAM business was fully commoditized and dominated by Japanese manufacturers. Yet Intel still fashioned itself a memory company. That was their identity, come hell or high water.
By 1986, said high water was rapidly threatening to drag Intel under. In fact, 1986 remains the only year in Intel’s history that they made a loss. Global overcapacity had caused DRAM prices to plummet, and Intel, rapidly becoming one of the smallest players in DRAM, felt the pain severely. It was in this climate of doom and gloom that Grove took over as CEO. And, in a highly emotional yet patently obvious decision, he once and for all got Intel out of the memory manufacturing business.
Intel was already the best microprocessor design company in the world. They just needed to accept and embrace their destiny.
Fast forward to the challenge that faced Krzanich:
It is into a climate of doom and gloom that Krzanich is taking over as CEO. And, in what will be a highly emotional yet increasingly obvious decision, he ought to commit Intel to the chip manufacturing business, i.e. manufacturing chips according to other companies’ designs.
Intel is already the best microprocessor manufacturing company in the world. They need to accept and embrace their destiny.
That article is now out of date: in a remarkable turn of events, Intel has lost its manufacturing lead. Ben Bajarin wrote last week in Intel’s Moment of Truth:
Not only has the competition caught Intel they have surpassed them. TSMC is now sampling on 7nm and AMD will ship their architecture on 7nm technology in both servers and client PCs ahead of Intel. For those who know their history, this is the first time AMD has ever beat Intel to a process node. Not only that, but AMD will likely have at least an 18 month lead on Intel with 7nm, and I view that as conservative.
As Bajarin notes, 7nm for TSMC (or Samsung or Global Foundries) isn’t necessarily better than Intel’s 10nm; chip-labeling isn’t what it used to be. The problem is that Intel’s 10nm process isn’t close to shipping at volume, and the competition’s 7nm processes are. Intel is behind, and its insistence on integration bears a large part of the blame.
Intel’s Integrated ModelIntel, like Microsoft, had its fortunes made by IBM: eager to get the PC an increasingly vocal section of its customer base demanded out the door, the mainframe maker outsourced much of the technology to third party vendors, the most important being an operating system from Microsoft and a processor from Intel. The impact of the former decision was the formation of an entire ecosystem centered around MS-DOS, and eventually Windows, cementing Microsoft’s dominance.
Intel was a slightly different story; while an operating system was simply bits on a disk, and thus easily duplicated for all of the PCs IBM would go on to sell, a processor was a physical device that needed to be manufactured. To that end IBM insisted on having a “second source”, that is, a second non-Intel manufacturer for Intel’s chips. Intel chose AMD, and licensed first the 8086 and 8088 designs that were in the original IBM PC, and later, again under pressure from IBM, the 80286 design; the latter was particularly important because it was designed to be upward compatible with everything that followed.
This laid the groundwork for Intel’s strategy — and immense profitability — for the next 35 years. First off, the dominance of Intel’s x86 design was assured thanks to its integration with DOS/Windows: specifically, DOS/Windows created a two-sided market of developers and PC users, and DOS/Windows ran on x86.
|RecommendKeepReplyMark as Last Read