[liberationtech] In his own words: Confessions of a cyber warrior

[Maxim Kammerer]

On Wed, Jul 10, 2013 at 4:43 PM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
> I couldn't disagree more. This sounds consistent with the current arms
> race and also relates directly to the 0day markets that have been active
> for many many years. Remember though: buying 0day bugs or exploits for
> 0day is just one part of a much larger picture.

The interview is either a hoax or an exaggerated “hunting story”, for
two primary reasons: number of employees, and number of exploits.
Militiaries have a huge problem recruiting cyber ops specialists at
present, and most of the recruited are not even remotely good. At the
moment, the whole of USA has just 4 colleges certified by NSA to teach
offensive security (CAE-CO) [1]. USCYBERCOM has “close to 750
employees” [2]. For the level of skill described, all of US military
might have, I don't know, 50 senior specialists? Why would this guy
work via a staffing company, in a team of 5000, in an unmarked
building? What's there to protect by obscuring their work? They need
to reside inside some TEMPEST-resistant installation at a military
base, especially if they work with classified equipment, etc. The
number of 0-days and rate of their production don't make sense either.
Unless 0-days are purchased exclusively in order to deny them to the
enemy (which doesn't seem to be the case), the exploits wouldn't cost
hundreds of thousands of USD each.

[1] http://www.nsa.gov/academia/nat_cae_cyber_ops/index.shtml
[2] http://abcnews.go.com/Technology/pentagon-cyber-command-unit-recommended-elevated-combatant-status/story?id=16262052

--
Maxim Kammerer
Liberté Linux: http://dee.su/liberte