Source: http://bitbanter.com/2015/02/20/lenovo-m...

Troubling news today, as the Lenovo corporation—a major computer manufacturer—was revealed to be the target of a massive Man-in-Middle-Management (MIMM) attack. “I’ve never seen anything of this scale before,” said Bruce Schneier, one of the world’s leading security specialists. “The only example that comes close is last decade’s Sony C-Level Rootkit; their CEO was replaced with a sophisticated British robot. But this breach is quite a bit more nefarious. It’s been hiding in the depths of Lenovo’s corporate belly and—remarkably—is not the direct fault of any single person at Lenovo.”

The attack, which has been dubbed “Superphishing the Managers,” is straightforward, if subtle. Imagine the Lenovo corporation as a hierarchy of people who are paid to respond to emails. The graph below is a simplified, if representative, distribution of pay vs email-response-rate.