[liberationtech] In his own words: Confessions of a cyber warrior

Maxim Kammerer mk at dee.su
Wed Jul 10 17:22:31 PDT 2013


On Thu, Jul 11, 2013 at 2:28 AM, Richard Brooks <rrb at acm.org> wrote:
> 1. The NSA center of excellence program is not really that
> important. If you look carefully, they are mainly 2 year
> community colleges located near Army bases that give
> basic sysadmin training. This is good and necessary, but
> don't get fooled into thinking that they are training
> the highly skilled cyber operations people. They are
> training low level IT support mainly.

I have no illusions wrt. quality of higher education in USA, but these
colleges definitely do not aim for “basic sysadmin training”. You can
read more about their approach here: [1]. Maybe you are thinking about
NSA Information Assurance programs [2], with many participating
colleges.

[1] http://dx.doi.org/10.1109/MSP.2012.117
[2] http://www.nsa.gov/ia/academic_outreach/nat_cae/institutions.shtml

> 2. There is a growing outsourcing of intel and cyber work. You
> could look at some of the Washington Post articles on the large
> number of companies and facilities doing classified work. Northern
> Virginia has more tech workers now than silicon valley. There
> are lots of SCIFS available for cyber work.

If I understand correctly, expansion of outsourcing in NSA started
post-9/11. The guy in the interview is supposed to have been doing
this for much longer. But it's a possibility, sure, although I still
find a team of 5000 expert exploit writers hardly a believable figure.

> 3. 0-days are not bought to deny them to the enemy. They are
> bought for integration into things like stuxnet.

Which had four 0-days. With the outstanding importance assigned to the
project, I would expect them to lose count of 0-days stuffed inside if
they really had “tens of thousands” of those.

--
Maxim Kammerer
Liberté Linux: http://dee.su/liberte



More information about the liberationtech mailing list