On Wed, Jul 10, 2013 at 6:46 PM, Maxim Kammerer <m...@dee.su> wrote: > On Wed, Jul 10, 2013 at 4:43 PM, Jacob Appelbaum <ja...@appelbaum.net> > wrote: > > I couldn't disagree more. This sounds consistent with the current arms > > race and also relates directly to the 0day markets that have been active > > for many many years. Remember though: buying 0day bugs or exploits for > > 0day is just one part of a much larger picture. > > The interview is either a hoax or an exaggerated “hunting story”, for > two primary reasons: number of employees, and number of exploits. > Militiaries have a huge problem recruiting cyber ops specialists at > present, and most of the recruited are not even remotely good. At the > moment, the whole of USA has just 4 colleges certified by NSA to teach > offensive security (CAE-CO) [1]. USCYBERCOM has “close to 750 > employees” [2]. For the level of skill described, all of US military > might have, I don't know, 50 senior specialists? Why would this guy > work via a staffing company, in a team of 5000, in an unmarked > building?
My brother works for CCA. He works for the Office of the Secretary of Defence. He has worked for something having to do with MI since the 60s, and in 1979, a friend at MITRE at the MIT Strategic Games Society who vetted people for what clearances they have told me, "Tell me your brother's name/rank and where he's stationed, and I'll tell you his clearances." So, the next weekend, my friend comes back looking a little creeped out, takes me in a corner and says, "I've never had this happen before, but when I checked your bro? It said, 'Please establish a need to know; this transaction has been logged.'" The last business card I saw for him was when he'd mustered out and was consulting at Quantico, and his card said, in English on one side, and Korean on the other, "Master Wargamer." OK, I have to confess, I had title lust. We have interesting holiday dinners not talking about our work. He works at some facility uphill from Provo CO. Maybe it's Prism? I wouldn't know. We don't talk. None of my information is from him. I wouldn't do that to him. I am very careful. However, I do know that if he is like most CCA, Booz Allen, and other such folks with clearances like his he works in very large facilities. They are unremarkable. They are full of secretaries and file clerks and accountants and all the usual sorts of people that you would expect in any big IT company. They all, I imagine, work for big beltway-style consultants, not the military. His daughter does. His wife does. They have top secret clearances, too. They are not arch geeks. I did not see in that story that it said that all 5000 of the people were cyberwarriors. FOUR MILLION PEOPLE in the USA hold top secret clearances. http://www.washingtonpost.com/blogs/worldviews/wp/2013/06/12/top-secret-clearance-holders-so-numerous-they-include-packerscraters/ This is why. You work in one of these unmarked beltway buildings, you have to have a top secret clearance to get by the two levels of gate security to get up the drive to the parking area. They are fully staffed office buildings. As the story reports, they have mailroom staff with top secret clearances to move crates. Cyberwarrior types (even peaceful ones) don't tend to want to do their own paperwork. I think I have reason to know this...:) I wonder if it's wise to pick this story apart in such great detail when the very noir-storytelling flavored piece had so little detail described by the journalist himself? Did the journalist have anything he stated? Was he able to verify anything? No. He could not fact check. He was doing a character study, don't you think, not an investigative piece. Perhaps it was meant to portray a picture of the personality of the cyberwarrior type we are hiring, and an image of how tweaky that life is. Which I believe it succeeded in very well. But as a journalist you can't exactly say, "Look how egotistically tweaky this dude is!" without jeopardizing further stories, amiright? So perhaps the journalist is giving you as the reader a little credit for reading between the lines, intelligently (that being the root of the word: inter for between, and legens for reading), to figure out what exactly you can draw as credible or not, but the point may be -- omg, this is what we're grabbing for our cream of the crop?" Don't shoot the messenger. It's an interesting message if you don't dissect it too finely. yrs, -- Shava Nerad shav...@gmail.com
-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech