Reply to post: Stupidity meets politics meets face-saving. Lovely combination

Guilty: NSA bloke who took home exploits at the heart of Kaspersky antivirus slurp row

Anonymous Coward
Anonymous Coward

Stupidity meets politics meets face-saving. Lovely combination

There's so much FUD flying around here (mainly spread by politicians who no nothing about technology) that it's hard to see straight. Here's what I see:

1. The NSA TAO group had some pretty nifty hacks in their toolchest. Good for them. Reasonable people can quibble about whether they are playing fair by stockpiling zero-days: it seems analogous to a humint controller stockpiling juicy tidbits about a potential source, but I get that people might be strongly opposed.

2. TAO were targeting US citizens without a warrant, regular or FISA. Very naughty. Snowden's point essentially. No one has really been called to account for this.

3. The NSA's opsec was so poor that employees, including TAO members, were able to take work home undetected. This has been going on for years (witness the other case recently with the guy with a shed full of NSA documents). My response is slack jawed. WTF?! Massive fail here.

Everything after this is a corollary:

4. One TAO operator loaded up his work on a home PC fitted with AV, and the AV smelt it. the fact that it was Kaspersky is not relevant here, nor would it matter if the user's PC had been infected by other malware. AVs sniff out malware. TAO code obviously reeked.

5. The AV uploaded it to the mother ship for analysis. In this case, the mother ship was in the mother land. Would it have mattered if the mother ship had been in Oxford, or Redmond? Some analyst would have written it up, pushed an update, and it would have stopped working anyway.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon