Why didn't Snowden disclose Heartbleed (and others)?
Lodewijk andré de la porte
l at odewijk.nl
Tue Apr 15 09:16:15 PDT 2014
Exhaustive list of possibilities (please extend where possible):
A Did not know
B Did not care
C Felt like it would negatively impact the NSA's (legitimate) functioning
D Didn't get around to it yet
E Snowden is an unconventional NSA set up
F Snowden's documents are not recent enough
A, is interesting, as it would show that the NSA has levels of secrecy and
secret data that go further than what they had so far. Something above "TOP
SECRET" should probably exist, and Snowden didn't find it. This actually
makes a lot of sense to me, so it might well be it.
B, he might think it's not very interesting. Using 0-days should be old-hat
and expected. Disclosing specific exploits would not stop the bleeding, the
NSA would just find new ones. He might even consider 0-day hoarding
acceptable business, just not the mass employment of them.
C, he's often maintained a sort of "I'm coming out to the public with this,
but I'm very sorry to hurt the US in a way"- kind of attitude. It would
definitely cripple the NSA if he released novel and important bugs. Think
of how hard it would be to hack-back at China!
D, There's some scheduling going on to maximize impact. He might release
the "0-day-exploit list that endangers live as we know it, and the NSA did
nothing" later, when attention dies down again.
E, Maybe the NSA have become a common thing in popular culture and they
dislike their image of being a completely opaque organization with
potentially unlimited power. So now they are sharing information about the
"outer shell" of the organization, a sort of facade. Meanwhile it seems
like the world is crushing down upon them.
In a few years their image will be renewed. Everyone will think "The NSA
was not that unlimited in it's capabilities and worked very hard. Now that
they have rules and limits it will all be okay". And with that a whole new
level of FUD will have been achieved. Making people believe they are the
evil you know.
Of course, this is religious level conspiracies. And of course, that's
exactly the level the NSA would start to accept. They're the information
and espionage experts. If anyone could pull this off, it'd be them.
(Didn't the CIA/NSA own the media? Don't they still? This might be easier
than you'd expect)
F, I couldn't find exactly to which date his documents go. Heartbleed was
merged December 31 2011 (lonely night? sneaky vacation timing?). Assuming
the NSA checks patches (ofc they do) they should've found it in Jan 2012.
Snowden. Ah. Found it. "reenwald began working with Snowden in either
February[113] or in April after Poitras asked Greenwald to meet her in New
York City, at which point Snowden began providing documents to them both"
That'd be April 2013.
He still might've stolen the documents earlier, but who knows?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3262 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20140415/f4497e46/attachment-0001.txt>
More information about the cypherpunks
mailing list