@irenes @timbray @lcamtuf @rfc6919 @projectgus
Yup. And to be clear, I don't necessarily think the US or UK in particular is behind this. I think it's more likely China, or perhaps Russia. The point is, we don't know. And like you implied, it could still turn out to have been an individual with an agenda.
@bruce @irenes @timbray @lcamtuf @rfc6919 @projectgus
Or, an individual with the idea of selling backdoors as a service. That'd be one reason to be this patient and persistent: you'd not use it (and presumably other created vulnerabilities) yourself once; you sell access to other people. With luck you could perhaps sell this a half a dozen times before it gets discovered and patched.