On Wed, Jul 10, 2013 at 4:43 PM, Jacob Appelbaum <ja...@appelbaum.net> wrote: > I couldn't disagree more. This sounds consistent with the current arms > race and also relates directly to the 0day markets that have been active > for many many years. Remember though: buying 0day bugs or exploits for > 0day is just one part of a much larger picture.
The interview is either a hoax or an exaggerated “hunting story”, for two primary reasons: number of employees, and number of exploits. Militiaries have a huge problem recruiting cyber ops specialists at present, and most of the recruited are not even remotely good. At the moment, the whole of USA has just 4 colleges certified by NSA to teach offensive security (CAE-CO) [1]. USCYBERCOM has “close to 750 employees” [2]. For the level of skill described, all of US military might have, I don't know, 50 senior specialists? Why would this guy work via a staffing company, in a team of 5000, in an unmarked building? What's there to protect by obscuring their work? They need to reside inside some TEMPEST-resistant installation at a military base, especially if they work with classified equipment, etc. The number of 0-days and rate of their production don't make sense either. Unless 0-days are purchased exclusively in order to deny them to the enemy (which doesn't seem to be the case), the exploits wouldn't cost hundreds of thousands of USD each. [1] http://www.nsa.gov/academia/nat_cae_cyber_ops/index.shtml [2] http://abcnews.go.com/Technology/pentagon-cyber-command-unit-recommended-elevated-combatant-status/story?id=16262052 -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech