[liberationtech] In his own words: Confessions of a cyber warrior
Richard Brooks
rrb at acm.org
Wed Jul 10 16:28:05 PDT 2013
1. The NSA center of excellence program is not really that
important. If you look carefully, they are mainly 2 year
community colleges located near Army bases that give
basic sysadmin training. This is good and necessary, but
don't get fooled into thinking that they are training
the highly skilled cyber operations people. They are
training low level IT support mainly.
2. There is a growing outsourcing of intel and cyber work. You
could look at some of the Washington Post articles on the large
number of companies and facilities doing classified work. Northern
Virginia has more tech workers now than silicon valley. There
are lots of SCIFS available for cyber work.
3. 0-days are not bought to deny them to the enemy. They are
bought for integration into things like stuxnet.
There are a large number of contracting companies with a
highly skilled workforce in this domain. There are also
other branches of the government with expertise...
On 07/10/2013 06:46 PM, Maxim Kammerer wrote:
> On Wed, Jul 10, 2013 at 4:43 PM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
>> I couldn't disagree more. This sounds consistent with the current arms
>> race and also relates directly to the 0day markets that have been active
>> for many many years. Remember though: buying 0day bugs or exploits for
>> 0day is just one part of a much larger picture.
>
> The interview is either a hoax or an exaggerated “hunting story”, for
> two primary reasons: number of employees, and number of exploits.
> Militiaries have a huge problem recruiting cyber ops specialists at
> present, and most of the recruited are not even remotely good. At the
> moment, the whole of USA has just 4 colleges certified by NSA to teach
> offensive security (CAE-CO) [1]. USCYBERCOM has “close to 750
> employees” [2]. For the level of skill described, all of US military
> might have, I don't know, 50 senior specialists? Why would this guy
> work via a staffing company, in a team of 5000, in an unmarked
> building? What's there to protect by obscuring their work? They need
> to reside inside some TEMPEST-resistant installation at a military
> base, especially if they work with classified equipment, etc. The
> number of 0-days and rate of their production don't make sense either.
> Unless 0-days are purchased exclusively in order to deny them to the
> enemy (which doesn't seem to be the case), the exploits wouldn't cost
> hundreds of thousands of USD each.
>
> [1] http://www.nsa.gov/academia/nat_cae_cyber_ops/index.shtml
> [2] http://abcnews.go.com/Technology/pentagon-cyber-command-unit-recommended-elevated-combatant-status/story?id=16262052
>
> --
> Maxim Kammerer
> Liberté Linux: http://dee.su/liberte
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
More information about the liberationtech
mailing list