bloomberg on supermicro: sky is falling
Mark Rousell
markr at signal100.com
Thu Oct 4 21:31:50 UTC 2018
On 04/10/2018 22:00, Naslund, Steve wrote:
> The other thing I am highly skeptical of is the suggestion of attempting to tap sensitive intel agency systems this way. Talking to a C&C server is suicide from within their network. How long do you think it would take them to detect a reach out to the Internet from inside? How are you going to get the data from the outside back into their network? You still have to defeat their firewalls to do it. If this was targeted to specialized video processing server then would it not be unusual for them to be talking to some random IP address on the Internet?
If I understand the article correctly, all the 'infected' systems were
built for outsourced service providers so not intended directly for the
most sensitive of systems. Still, I agree that network activity is
inevitably going to be seen in any modern competent network. In fact,
the article states that odd network traffic is how Apple found out about
the implants.
I have observed that a common trait in technically complex stories like
this is that we are not seeing the whole story. Key facts that cause
everything to make sense to technical readers are often left out, either
because those who have the information cannot release it (for safety or
security reasons) or because it's perceived as too complex for the
readership to understand. Sometimes these issues even result in
deliberate inaccuracies being introduced.
To put it another way: Considering that, if true, these were carefully
targeted attacks it is possible that there were other ways to exfiltrate
the target data that have been glossed over.
That said, even in highly complex or high cost plans, people sometimes
make basic errors. Misplaced decimal places, wrong units, etc. Perhaps
relaying on network access was another basic error.
--
Mark Rousell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20181004/5626d1a6/attachment.html>
More information about the NANOG
mailing list