A government is far more likely to oppress you, deny you rights, blackmail you for political reasons, etc. because it has the resources to do so.
As HN's possibly-most strident torchbearer for the measurement of organizational dynamics, can you quantify this statement? How are your ranking?
I only see a difference between an opaque, unaccountable organization in the USA and an opaque, unaccountable organization in China when I look through a nationalistic lens.
They're less accountable than I would like, but they are accountable for their actions.
For example. You can become a Juniper Networks Certified Internet Expert but that doesn't mean you can get a job. People still need to trust you.
And a good spy is someone people trust.
Has anyone else come up with a better reason?
The US government was publicly accusing the Chinese government of inserting backdoors in Huawei products, while at the same time seeking and exploiting vulnerabilities in Huawei products themselves.
Perhaps this was an attempt to cover tracks by pre-emptively blaming the Chinese government for backdoors installed by the US government, should these backdoors ever be discovered.
Personally I'm inclined to call Hanlon's razor on the hypocrisy of it all.
The US intelligence agencies can simultaneously act to protect the information security of American businesses by warning people of the vulnerability AND act to exploit the vulnerability for their own intelligence-gathering goals.
First, if its fear they're trying to spread, it's working. No way I'd ever use a Huawei device, ever.
Secondly, do you think a nuclear arms race in the middle east would be a good thing??
I'm a little skeptical.
I wonder what they mean by "watched," because I doubt that they guessed the tty for reading or that the hacker joined a screen session. What is the likelihood that one would just "happen" to be staring at that server during an "incident."
The SQL query took 15 minutes to run. We saw it using 'ps'.
We then kept dumping their '.bash_history'.
As an alternative to dumping history, if your system has perl and strace and you want to watch a live ssh or bash session, I wrote a script that will do that. https://github.com/psypete/public-bin/blob/public-bin/src/sy...
export HISTSIZE=0?
Do they have mtree in this OS?
I'm no security expert but this little story just sounds very unsophisticated given the seriousness you are attributing to it.
You can remotely connect to machines and analyze memory, commands, etc. It doesn't matter what TTY it was when you have full system access.
http://digital-forensics.sans.org/blog/2011/07/21/live-mem-f...
My interpretation was that after IDS had identified a particular host, they had tailed syslog (or the equivalent) on that host. The observation that they would have missed it if they hadn't been watching seems to imply that normally their logs wouldn't have retained the level of detail needed to see either the event or the deletion of the logs of the event.
I am somewhat skeptical as well.
However, it had both a subject and a timeframe that were peculiar. Googling the subject revealed news stories about it -- making it clear this was something the U.S. was interested in, but which would be no particular interest to anybody else.
But embedding themselves inside the support infrastructure would give the NSA nearly unlimited access to much of the world. Huawei claims that a third of the Internet is running their devices. Almost all of it is under support contract. These means a Huawei support engineer, or a spy, can at any time reach out through cyberspace and take control of a third of the Internet hardware, located in data centers behind firewalls.
So the companies that use Huawei's products put the control ports behind their firewalls, but somehow are allowing unrestricted access through that firewall to/for Huawei's support mechanism?
Is that common?
It's the norm today that companies have firewall/VPN holes allowing support engineers from other companies to have access to their networks, to manage things as simple as the HVAC system, or things as complex as their entire routing infrastructure.
Throughout the world, most Huawei routers come with such support contracts.
Hello, Target breach. =)
1. Huawei has support contracts
2. Huawei needs to be able to interact with their hardware to execute those support contracts
3. Companies don't want to expose routers
4. Huawei routers "phone home" (i.e. query Huawei) and in this fashion allow Huawei support to establish a connection
Edit: finally found it, with some Googling. There are a lot of things with TAO as their TLA leading to a lot of false leads. TAO in this story means "Total Access Operations".
Edit 2: "tailored", not "total".
It seems like something that powerful would be of interest to any intelligence service (or group of any sort), anywhere.
Chinese intelligence might be interested in something simply because they (correctly or not) deduce that American intelligence will be interested in it.
The capabilities the NSA and GCHQ have developed are scary enough in and of themselves but the sheer breadth and depth of what they have achieved is far more horrifying, If I was the CTO for a large multi-national or a foreign government I'm not even sure where I'd start protecting against them.
Here are rules I am suggesting.
1. The on-premise appliance should not be directly accessed from the network unless folks at the local environment enable contact.
2. Everything else, regarding services, should be loosely coupled and designed not to give significant access to either party over the other.
This sort of thing strikes me as an area where the industry is going to have to evolve. The danger of "we can connect to your systems" is becoming clearer to a larger section of the market.