Re: [cryptography] [Cryptography] Equation Group Multiple Malware Program, NSA Implicated
Here's an interesting comparison. Most academic cryptographers believe that the NSA has lost its lead: While for years they were the only ones doing cryptography, and were decades ahead of anyone on the outside, but now we have so many good people on the outside that we've caught up to, and perhaps even surpassed, the NSA. I've always found this reasoning a bit too pat. But getting actual evidence has been impossible.
What evidence is there for this?
Snowden saying "encryption works."
This is probably quite true... from his particular vantage/access point and social network. Yet however much we may know about that side being relatively open and shary and the capabilities there, it is not an exclusive answer to the crypto question. None of the Snowden docs to date are or show any real details about the crypto side of the house. He either had no interest (unlikely), had no time, found it too risky (whether to pull off without being caught, or over concern about some element of grave damage), or simply had no access.
FBI complaining about going dark, we need backdoors - they only ever complain at that level as proxy for NSA, and same complaint is repeated in rapid succession in UK, DE.
These sort of things may be important indicators. Yet to prove them as such you'd also have to analyse the history of FUD making, grab attempts and so on to interpret. It could be that selective crypto is not dark, but merely expensive to scale into being "see all" as desired with the old in clear. So you would have to analyse the costs there. Electricity, rainbow disk storage, real estate, cooling. How do you know the disk makers and their suppliers do not have black wing budgets. Or that there is not a multi billion fab lab buried under some mountain powered by a ground radiator / aquifer cooled nuke reactor?
This is exactly how organizations win over smart individuals: They build a database of expertise over many years, and they are patient and can keep at it indefinitely.
Yes, that's one... who is tracking where all the brilliant maths and others go after high school? The student names in known friendly colleges and programs? The ones that seem to drop from the public scene? What media is publishing interviews with them? Where are known adversary retirees that may have something to say when invited?
It's not that I have evidence the other way. We just don't know.
At one level, this all comes down to your model of science. ... thinking of the question as a murder investigation - clues, hypotheses, correlations, etc.
To know the adversary you must continual analyse all potential aspects, and not just aspect itself but their inputs, dependencies and output/result chains. Then maybe you can answer some questions. After all, the adversary is doing analysis upon you.
Right. I'm surprised Android sells any phones in USA market.
It's surprising that maybe no one has yet reverse engineered the binary blobs/drivers in android to provide a fully open software stack there. And although more difficult, same goes for the firmware blobs. Regardless of effectiveness, it would show market demand.
New models for large corporations only started to arise in the late 1960's, with the development of so-called "knowledge organizations".
Knowledge, and knowledge dichotomy within capacity of biology as a whole to adapt evenly, seems quite a potential for scary outcomes... http://yro.slashdot.org/story/15/02/17/2229240/oregon-residents-riled-over-v... http://science.slashdot.org/story/15/02/17/030208/game-theory-calls-cooperat... http://yro.slashdot.org/story/15/02/17/0025237/att-to-match-google-fiber-in-... http://tech.slashdot.org/story/15/02/16/2332217/the-software-revolution
In sum, I'd say they are ahead in the pure math, but you'd be hard pressed to find an area where it mattered.
Maybe. It's really impossible to say. Two days ago, I would probably have agreed with you. Now ... I'm not so sure.
As with Google, they hire a lot of Maths and others, and have been at it for decades longer. Even generations of maths born into now. There is too much silence from these workers. Especially when society could probably get along just as well without so many organizational level secrets everywhere (wars), and now potentially against peoples if you believe that sort of thing. More Snowdens Please.
From someone failing to send to list: Or he actually got those docs ...
Possible, but you would expect crypto research to be well compartmented from legal, sigint and offensive ops that appear to be the sole scope of the known docs. If research does posess a break, maintaining that secret while producing politically/operationally useful decrypts would be harder to manage.
but the journalists he entrusted them to have decided not to release them.
You can always bury / escrow multiple copies in multiple locations known only to you in case you need them later. Hard to believe this was not forseen and done given history of media with prior leaks.
Can't trust anything, except the mail. Only solution: personally encrypt messages by hand, using computers and GPG only for transmitting master keys if the keys cannot be delivered in person. https://en.wikipedia.org/wiki/PGP_word_list Oddly there isn't as much outcry over this as compared to FBI black bag jobs, even though this is literally the same.
participants (2)
-
grarpamp -
Ryan Carboni