We may have witnessed a NSA "Shotgiant" TAO-like action

Where there are security vulnerabilities, I'd rather it be the NSA exploiting them than someone else. The fact that Huawei support engineers have so much power is much more troubling.

<i>A backdoor or 0day for a Huawei router would be of limited use to the NSA, because the control ports are behind firewalls. Hacking behind firewalls would likely give full access to the target network anyway, making any backdoors&#x2F;0days in routers superfluous.<p>But embedding themselves inside the support infrastructure would give the NSA nearly unlimited access to much of the world. Huawei claims that a third of the Internet is running their devices. Almost all of it is under support contract. These means a Huawei support engineer, or a spy, can at any time reach out through cyberspace and take control of a third of the Internet hardware, located in data centers behind firewalls.</i><p>So the companies that use Huawei&#x27;s products put the control ports behind their firewalls, but somehow are allowing unrestricted access through that firewall to&#x2F;for Huawei&#x27;s support mechanism?<p>Is that common?

&gt;In 2012, during an incident, we watched in real time as somebody logged into an account reserved for Huawei tech support, from the Huawei IP address space in mainland China.<p>I&#x27;m a little skeptical.<p>I wonder what they mean by &quot;watched,&quot; because I doubt that they guessed the tty for reading or that the hacker joined a screen session. What is the likelihood that one would just &quot;happen&quot; to be staring at that server during an &quot;incident.&quot;

I&#x27;m not sure if this is in any way useful, but consider that Ed Snowden himself was in a &quot;support&quot;&#x2F;administrator role and that&#x27;s what gave him access to the documents he later then leaked.

TAO?<p>Edit: finally found it, with some Googling. There are a lot of things with TAO as their TLA leading to a lot of false leads. TAO in this story means &quot;Total Access Operations&quot;.<p>Edit 2: &quot;tailored&quot;, not &quot;total&quot;.

The normal guidelines for developing a security strategy is to estimate the resources and capabilities ranged against you and the probability they will be levelled against you and then develop a strategy for mitigation (absolute security is impossible).<p>The capabilities the NSA and GCHQ have developed are scary enough in and of themselves but the sheer <i>breadth and depth</i> of what they have achieved is far more horrifying, If I was the CTO for a large multi-national or a foreign government I&#x27;m not even sure where I&#x27;d <i>start</i> protecting against them.

What I don&#x27;t understand is why the US government would point fingers at the Chinese for putting backdoors in Huawei devices when it was really the NSA all along. It seems like they&#x27;re shooting themselves in the foot by giving pointing out the backdoors. My best guess is that they assumed someone would figure it out eventually and they wanted to spread misinformation to get out ahead of that.<p>Has anyone else come up with a better reason?

I dont understand why this level of access (if it is accurately described in the article) would only be of use to American intelligence, and &quot;would[&#x27;t] interest other intelligence services -- except to pass it on to the Americans.&quot;<p>It seems like something that powerful would be of interest to any intelligence service (or group of any sort), anywhere.

One of the biggest ironies of the Huawei hacking case is that now every time someone detects an attack from a Huawei device or the company itself, they can never be sure if it&#x27;s China or the US that&#x27;s behind it.

What we really need is a new agency just like the NSA except for it&#x27;s <i>only</i> mandate is closing holes everywhere even if those holes are actively being exploited by the NSA and CIA. Such an agency would actively discover holes, patch them when possible or disclosing the vulnerabilities to the engineers responsible for the software or hardware in question. Furthermore, the NSA and CIA would need to be barred from trying to get any access to this organization for its own use.

So what was the SQL query?

This sort of thing is significant. It puts remote support for systems in a very different light. At Efficito, we have plans to release on-premise appliances as well as our cloud hosting options. This sort of story makes me think about how to avoid this sort of problem.<p>Here are rules I am suggesting.<p>1. The on-premise appliance should not be directly accessed from the network unless folks at the local environment enable contact.<p>2. Everything else, regarding services, should be loosely coupled and designed not to give significant access to either party over the other.<p>This sort of thing strikes me as an area where the industry is going to have to evolve. The danger of &quot;we can connect to your systems&quot; is becoming clearer to a larger section of the market.

This blog post is trying to say something tremendously important but it also is not giving us any information to evaluate it. Apparently everything is on fire but they can&#x27;t tell us how.

How does the support login have the privileges to delete all of the activity log files, and why is a login with enough privilege to delete logs allowed to perform SQL queries?

It&#x27;s scary to think that a third of the internet relies on any one company&#x27;s backbone products, regardless of the country that company calls home. Way too many eggs in one basket, but much easier for the humans involved compared to having a ton of different manufacturers who would have their own individual issues. Find an exploit once, employ it (most) everywhere (appropriation of old Java tagline).

I don&#x27;t understand why there&#x27;s a sharp distinction between installing a backdoor and using stolen support access as a backdoor.

Witnessing in this way runs counter to my experience of system management. How can you see (in real time) a query, the encryption, the email and the log deletion? I have run sql monitors and I see queries appear and then disappear... but my brain doesn&#x27;t allow me to understand what the user is &quot;up to&quot; without lots of investigation and so on.

It&#x27;s one thing getting spied on by the US government, but one would hope they&#x27;d use something more sophisticated than Hotmail to move the information around.