I didn’t understand it that way at all. The drawing doesn’ t actually show the point of entry, but the description states that it was fiber between physical locations that is tapped. Those front end servers would be proxy servers, so they aren’t getting past those and taking the data from behind the front-end servers. They’d be getting their capture just before transmissions hit the proxy servers between physical locations. I suspect the drawing is a little misleading. You see one cloud bubble containing end users, and then the other containing the company’s own servers, showing those as transmitting data in unencrypted fashion. And, it makes some sense, since the company has not seen any need (until now) to protect its data from itself.
But where the drawing shows a bunch of different servers, I believe the intent was to show server farms,which would likely be located in various physical locations - which would usually make good sense, since that arrange protects backups from power failures or other disasters at any one location - i.e., protecting both their own business and their end users simultaneously. That would typically be regarded as just plain good planning, and decent systems architecture. The only thing they missed was the possibility of physical taps on their lines between locations. And they would not have suspected such a breach under ordinary circumstances, because NSA was hassling them with those funky FSA warrants. It’s not easy to tap a fiber line - you have to gain direct access to it, and that is usually not available to your average hacker. So, we can assume they not only are illegally stealing data, but committed some specific crimes in order to gain access to the hardware carrying that data.
Most immediately, the companies’ll be encrypting between locations now - but that alone won’t end it, and it’s gonna take a few hours to set it up.
This one is by far the most offensive. and just intensely stupid, move on the NSA’s own part. We knew they played offshore games, where the Brits would gank data for the US, and the US would gank for the Brits data, and they could each cover for the other. This one is all domestic, and all them. The best they could have hoped for was that they wouldn’t get caught until those who operate it were safely retired and out of the line of fire. And, the setup would have involved ATT&T or Sprint, whichever is /are the backbone providers involved - and how they each try to explain that away and make excuses is going to be some real theatre, for sure. Because, this level of crime against this many citizens committed by any single entity is a whole new low.
