[dguido]

Probably not: "The initial infection doesn't appear to exploit any vulnerabilities in Cisco devices. Rather, attackers seem to be taking advantage of routers that use passwords that are factory default or are somehow otherwise known."

[oconnore]

This rhetoric of casually discounting the possibility of government breaches in commercial networks might have sounded insightful and worldly several years ago. Now it just seems ignorant.

The person you were responding to had no evidence to back their claim (in this particular instance), but neither do you.

[tptacek]

Quoting facts from a story that rebut someone's theory isn't "rhetoric of casually discounting", even if you don't like where those facts take us.

[kbenson]

I don't know, I think it could be seen as that if the facts quoted do not support the position they were used to bolster.

[tptacek]

I don't think so. Maybe you could point out the part of the comment I replied to that supports that argument?

[kbenson]

I don't think how "easy" or low-tech the infection method is really points one way or another towards whether it was a government agency, whether it be the NSA or some other, or not. Using such a fact, whether it be from the story or not, does not strongly indicate to me, and I do not think it should strongly indicate to others, that this was or was not the NSA. I can see that as "rhetoric of casually discounting".

I'm not particularly a fan of the comment in question, it was a bit confrontational for my taste, but I also think evidence in support of a position should be relevant, and I view this evidence as only loosely relevant, if that, to the stated position. Whether it's from the source article or not is besides the (or at least my) point in this case.

If someone were to make a persuasive argument that the initial method of infection actually mattered to the NSA (which I haven't seen yet), I might change my position.

[oconnore]

Like how the NSA doesn't know how to use default passwords?

"Foiled again! We found this high value computer network, but using a default password to break in is too crude for our tastes."

I don't care where the facts take us, but that observation does nothing to tell us what is going on here.

[tptacek]

Yes, but Dan Guido's point was that the parent comment didn't have anything to tell us either. He used a fact to rebut the insinuation. You accused him of "casually dismissing" it. You were wrong.

[oconnore]

> but Dan Guido's point was that the parent comment didn't have anything to tell us either

You talked to him offline? Because he didn't actually write that.

What he said is "Probably not", in reference to the NSA being involved. He then quoted a line that doesn't support his "Probably not" assertion.

[kordless]

> rhetoric of casually discounting the possibility

Rhetoric: language designed to have a persuasive or impressive effect on its audience. Casually: without definite or serious intention.

From a logical standpoint, that sentence fragment is a representation of cognitive dissonance given it states there is and is not intent to impress (raise interest). I'd consider rephrasing it.

[Lawtonfogle]

Why would a government use something super secret if a normal attack would work?

[tptacek]

To a first approximation every country in the world has an interest in backdooring Cisco routers, so if the vector for accomplishing that is as dumb as default passwords, why exactly would you single NSA out for that? Nobody's saying it couldn't have been NSA --- like China, Russia, France, Israel, &c NSA also backdoors foreign routers --- only that this story doesn't point to NSA directly.

The moral drama in this story is much less interesting than the technical phenomenon, especially when we barely have an inkling of what's happening technically.

[kbenson]

I agree it doesn't point to the NSA directly, but I'm interested in how they use the default password as an infection vector. There are theoretically very interesting and sophisticated ways to do that, such is other infected routers on the network identifying source traffic from factory booted routers and initiating the infection at that point, which would have an extremely high chance of succeeding. In that case what would have been discovered is the reproduction method, and possibly not the initial infection method.

[c0nducktr]

A different attack method doesn't rule out the NSA though.