Yes, this is true, but I imagine the NSA to have more interest in this sort of target than in the general case (owning logistics networks seems very useful).
They were using metasploit according to the article, so I doubt that they were sniffing out 0days, meaning that "everyone" knew of the exploits, not just the NSA.
Secondly, if you're trying to state that the NSA specifically knew that these specific companies were open to these specific exploits, but chose not to do anything, then that's a stretch. Were the NSA doing it's job of helping to secure networks, it would only be attempting to secure domestic networks. I doubt very much they would drop an email to a foreign company stating that they found their network security to be lacking.
Well, I imagine there's a lot of commonality between the Dutch and American logistics software stack. I would hope that securing America's ports falls within the NSA's purview.
I could of course be wrong, but hey. Obviously you're right that the technical level of expertise is a little below this level in this case anyway, but I just wanted to emphasize that this is the sort of societal impact of having a policy of subverting network security.
> Well, I imagine there's a lot of commonality between the Dutch and American logistics software stack. I would hope that securing America's ports falls within the NSA's purview.
If the Dutch logistics companies were running unpatched versions of Windows (for example) that seems more like an operations failure than anything else. Not necessarily something that is a broken part of the "stack."
