Probability dictates it's more likely Huawei will abuse its power than the NSA will abuse Huawei's power. So be equally uncomfortable if you want, but it's Huawei you should be scared of (in this case).
Can you people cut the fucking bullshit? Everyone here is speaking either "quantitatively" or in "probabilistic" terms, but I have yet to see research or actual discourse backing it up.
You're saying Huawei is more power hungry than the NSA?
According to probability theory, if you have A (one single condition), and A+B (two different conditions), A will always be more probable to occur than A+B. Not seeing this is called conjunction fallacy, typically elucidated as the Linda problem. In this case, though, we have one known thing (Huawei has tech support accounts), and one unknown thing (the NSA have access to Huawei's tech support accounts).
Huawei accounts alone are already at risk of being abused by Huawei. We don't know if NSA has access to the accounts. But even if they did, it would still be more probable that Huawei's access would be abused than the NSA using Huawei's access.
1)We can assume NSA has access.
2)Is it not the NSA that wants to actively penetrate every single device in existence? https://firstlook.org/theintercept/document/2014/03/20/hunt-...
3)Is there any evidence that Huawei abuses their customers? Like, evidence, not CNN talking points.
I'm just estimating based on assumptions of possibilities. Even if I had evidence that Huawei has never abused their customers, and with evidence that the NSA themselves have used Huawei's accounts to abuse customers, it's still more probable that Huawei's accounts themselves are a greater threat than the NSA abusing them.
Now. Is it more likely that the NSA will abuse them? That's a completely different question. Probability describes the function of an outcome based on a set of fixed parameters; in other words, you can estimate how often a coin flipped will land heads 10 times. The likelihood, however, is based on watching it come up heads 10 times, and would describe whether the coin was rigged or not.
Based on outcomes, is it likely the NSA is spying on customers using Huawei's tech support accounts? The only outcomes we can see is one report from a guy who says he saw a Huawei tech support account exfiltrating data that an American intelligence agency would like to have. It's really not enough data to make many conclusions. The only likelihood we can determine is that Huawei accounts are used to exfiltrate data from companies that American intelligence agencies would like.
Like someone else commented (could have been the OP?) another possible actor could be a CIA mole or some bribed/corrupt employee. Could be a rival company, or someone who wants to sell the information. We don't really know. We could assume the NSA is the only organization with an interest in hacking Huawei because this is the only report we've heard about such a thing, but that's speculating about unknowns.
There's really nothing about this action that screams NSA specifically; it's just being correlated with the story because the data appears to be useful for American intelligence. To say that there is no data that could be useful to both American intelligence and other parties would probably be a stretch. The only thing we do know for sure is that Huawei's accounts were used to exfiltrate data; who wants the data, and what for, is a mystery. But what is certain is that you should be afraid of your Huawei support accounts.
"We currently have good access and so much data that we don't know what to do with it," states one internal document. As justification for targeting the company, an NSA document claims that "many of our targets communicate over Huawei produced products, we want to make sure that we know how to exploit these products."
No, your reasoning is a common fallacy: assuming that A and B are independent probabalistic events.
Attackers are not earthquakes.
If we assume that both NSA and Huawei are intelligent actors (spare us the jokes please) and that both NSA and Huawei have the option of abusing a certain power, then
P(I get pwned) = P(NSA wants to pwn me) + P(Huawei wants to pwn me) + P(other)
Either NSA or Huawei can pwn you with this power, or both. Even if they both elect not to it's still possible someone else can and will.
Always holds whether or not A and B are independent. A contains (A n B) therefore is always bigger.
The assumption being made is that the NSA can't abuse the Huawei access without Huawei being complicit. I.e. if NSA pwn me, Huawei gave them access, so actually it's the NSA and Huawei pwning me together.
P(NSA pwn me) = P(NSA pwn me because Huawei pwned me and gave them access) <= P(Huawei pwn me)
The article is about the possibility that the NSA could be bribing Huawei engineers or infiltrating Huawei with spies. Either way, it requires Huawei employees to be complicit, and for the Huawei support infrastructure to be compromised.
The article discusses the NSA embedding themselves in the Huawei support infrastructure. If true, Huawei's access is being abused by individuals who work for both Huawei and the NSA. So, in order for the NSA to abuse Huawei's access in the way discussed in the article, then that requires Huawei employees to abuse Huawei's access. Hence,
P(NSA abuses H's access) <= P(H abuses H's access)
Nothing is assumed to be happening, that's why we're talking about probabilities. We are discussing the possibility that the NSA could be infiltrating and subverting the Huawei support infrastructure. That's what the article is about. We're not discussing whether or not the NSA directly hacked Huawei. While that is also a worrying piece of news, it isn't the same thing.
To give you an example, if I pick something up at random, the probability that it is a shoe is at least as big as the probability that it is a red shoe. That's because it can't be a red shoe without also being a shoe. Same thing with the A's and B's. If A and B happen, then that means A happens.
Conjunction fallacy only applies if A=A.
Here, your first A is different than your second A, no? If A is "X will abuse account access, given the opportunity" then it matters who is X.
In light of recent revelations it's clear to me that the NSA employees have unsupervised access to an incredible amount of data. I am pretty uncomfortable with that.
I have no information on what sort of access Huawei employees have but I assume at the very least they are not recruited specifically to spy on me and find 'individuals of interest'. People who are recruited to spy on individuals will have a completely different mindset to your average network engineer.
But either way it's a less than ideal situation, and too much power is at the fingertips of these employees.
You are assuming that the individuals are distinct - it is FAR more likely that a TLA agency has implanted support engineers who operate on their orders.
Just a few years ago, Chinese hackers were caught hacking into the US for no reason. The fact of the matter is that Huawei, with its close connections to the Chinese Government, could be straight up responsible for this.
Remember, half of the western world have banned Huawei devices from their country.
Keep up with the modern cyberwar people! The Chinese National Security Committee has already deployed "The Great Firewall of China" and banned the use of VPNs on their shores. HTTPS connections fail randomly in China and encryption is illegal.
Between the US and China, there is one country where people disappear for saying the wrong things on the internet.
