Still trying to understand how this was allowed to happen and hasn't been realized by security vendors sooner?
So the Australian Government won't let Huawei bid on projects because suspect that there's spyware on their devices / appliances, yet we now KNOW that devices from US based companies are potentially riddled with US written spyware.
From a technical perspective, the vendors whose routers and firewalls have the malware present MUST have been involved and let it be installed.
The likes of Cisco, Checkpoint etc. would 100% have been involved and allowed this to happen otherwise they would have picked it up.
As other commentators on Slashdot have raised, the problem is that if an exploit is present on a device, there's nothing stopping anyone else in addition to the original installer getting access to the compromised device.
If this article is true (and it looks pretty legit) this is possibly the biggest security breach on a global scale in the last decade.
What legal consequences will the US-based engineers involved now face?
Will be interesting to see if any software makes its way onto the interwebs to check if your router / firewall has been compromised.
I think Obama asked for a cowboy outfit for Christmas and all he got was the NSA...