nanog mailing list archives
Re: bloomberg on supermicro: sky is falling
From: Mark Rousell <markr () signal100 com>
Date: Thu, 4 Oct 2018 22:31:50 +0100
On 04/10/2018 22:00, Naslund, Steve wrote:
The other thing I am highly skeptical of is the suggestion of attempting to tap sensitive intel agency systems this way. Talking to a C&C server is suicide from within their network. How long do you think it would take them to detect a reach out to the Internet from inside? How are you going to get the data from the outside back into their network? You still have to defeat their firewalls to do it. If this was targeted to specialized video processing server then would it not be unusual for them to be talking to some random IP address on the Internet?
If I understand the article correctly, all the 'infected' systems were built for outsourced service providers so not intended directly for the most sensitive of systems. Still, I agree that network activity is inevitably going to be seen in any modern competent network. In fact, the article states that odd network traffic is how Apple found out about the implants. I have observed that a common trait in technically complex stories like this is that we are not seeing the whole story. Key facts that cause everything to make sense to technical readers are often left out, either because those who have the information cannot release it (for safety or security reasons) or because it's perceived as too complex for the readership to understand. Sometimes these issues even result in deliberate inaccuracies being introduced. To put it another way: Considering that, if true, these were carefully targeted attacks it is possible that there were other ways to exfiltrate the target data that have been glossed over. That said, even in highly complex or high cost plans, people sometimes make basic errors. Misplaced decimal places, wrong units, etc. Perhaps relaying on network access was another basic error. -- Mark Rousell
Current thread:
- Re: bloomberg on supermicro: sky is falling, (continued)
- Re: bloomberg on supermicro: sky is falling Denys Fedoryshchenko (Oct 04)
- Re: bloomberg on supermicro: sky is falling William Herrin (Oct 04)
- Re: bloomberg on supermicro: sky is falling valdis . kletnieks (Oct 04)
- Re: bloomberg on supermicro: sky is falling Mark Rousell (Oct 04)
- Re: bloomberg on supermicro: sky is falling William Herrin (Oct 04)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 04)
- Re: bloomberg on supermicro: sky is falling Denys Fedoryshchenko (Oct 04)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 04)
- Re: bloomberg on supermicro: sky is falling valdis . kletnieks (Oct 04)
- Re: bloomberg on supermicro: sky is falling Eric Kuhnke (Oct 04)
- Re: bloomberg on supermicro: sky is falling Mark Rousell (Oct 04)
- Re: bloomberg on supermicro: sky is falling Denys Fedoryshchenko (Oct 04)
- Re: bloomberg on supermicro: sky is falling William Herrin (Oct 04)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 04)
- Re: bloomberg on supermicro: sky is falling Matt Harris (Oct 04)
- Re: bloomberg on supermicro: sky is falling valdis . kletnieks (Oct 04)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 04)
- Re: bloomberg on supermicro: sky is falling Randy Bush (Oct 04)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 04)
- Re: bloomberg on supermicro: sky is falling William Herrin (Oct 04)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 04)