China's social network surveillance databases are ...

[dTal]

NSA spying on US soil was long known[1] (and of course "clear authorization" was never granted if you interpret that phrase to mean "public" and "accountable")

I'm not sure where you got the notion that they need physical access to anything either. Apart from intercepting comms on the wire, they deliberately subvert crypto standards in such a way that only they have access [2]. That is as close to a "magical backdoor" as it's possible to get.

[1] https://en.wikipedia.org/wiki/Room_641A [2] https://www.theguardian.com/world/2013/sep/05/nsa-gchq-encry...

[Laforet]

Well, Room 641A is a form of physical access. They are not yet capable of breaking into any commpany's network from outside.

The slides in the guardian article is pretty vague. The only proven case of NSA inserting a backdoor would have been the DUAL_EC_DRBG algo, and people have been alleging that from the very beginning. IIRC, Bernstein went on further and suggested that the NIST ECC curves may be compromised, but that's far from proven.

Most real life attacks we have seen such as logjam and beast arises from longstanding vulnerabilities that are in no way exclusive to the NSA, but they are probably in a better position to analyse past interceptions once an.exploit has been found.

[6nf]

> They are not yet capable of breaking into any commpany's network from outside.

They can break into any company's network but they can't break into every company's network.

I believe that if the NSA targets a company, they'll almost certainly be able to infiltrate the network after some nontrivial targeted and sustained effort. Maybe someone like Google could fend off the NSA but I doubt it. The NSA only has to get lucky once, Google has to be secure 100% of the time. It's a tough battle.

But the NSA isn't currently monitoring every private corporate network, that's just crazy talk. I think.