Re: bloomberg on supermicro: sky is falling

[Eric Kuhnke <eric.kuhnke () gmail com>]

The US' extensive reliance on third party commercial contractors to
implement a lot of programs, means that despite laws and SOW/PWS for their
contracts, many contractors *do* have sensitive data on their networks with
a gateway out to the public Internet. I have seen it. I have cringed at it.
SIGINT agencies in many cases rely on people being less than perfectly
reliable in their data hygiene practices to extract useful information.

I'm sure that all of the super secret squirrel stuff is going on properly
inside SCIFs, but mistakes will be made. Now draw an imaginary venn diagram
overlap of human mistakes with places that handle classified data.

On Thu, Oct 4, 2018 at 2:21 PM <valdis.kletnieks () vt edu> wrote:

> On Thu, 04 Oct 2018 21:00:57 -0000, "Naslund, Steve" said:
> > The other thing I am highly skeptical of is the suggestion of attempting
> to
> > tap sensitive intel agency systems this way.  Talking to a C&C server is
> > suicide from within their network.  How long do you think it would take
> them to
> > detect a reach out to the Internet from inside?
>
> Oh, at least 2 or 3 years. Or that's how long it took to be noticed the
> *last* time.
>
> https://en.wikipedia.org/wiki/Titan_Rain