[Cryptography] GHCQ Penetration of Belgacom

David I. Emery die at dieconsulting.com
Mon Dec 15 16:55:36 EST 2014

On Mon, Dec 15, 2014 at 12:28:25PM -0500, Jerry Leichter wrote:

> Anyway ... no surprise, whoever designed Regin had deep familiarity
> with the innards of Windows.  But the information and the basic design
> patterns here didn't require insider knowledge.  I'm not particularly
> versed in Windows internals (and the last time I had to use Windows, it
> was Win2K), but none of this is new to me.  That doesn't minimize the
> sophistication of Regin as a whole - but nothing here leads me to say
> "Microsoft had to be involved".

	Can anyone hear give me a good reason not to believe that the
NSA TAO folks (and probably their major contractors) don't have  access
to more or less complete Windows source code and probably much of the
internal documentation for it ?   I would assume this would be under a
perfectly legal (if perhaps secret) agreement with Microsoft - but it
would seem awfully likely that if they really needed it they could
simply use their well developed dark arts to find a copy out there
somewhere not so well protected and purloin it ...  after all they have
tapped inter data center pipes for those companies and one presumes that
finding copies of this sort of stuff when you have THAT kind of access
isn't hard.

	I'd even argue that there is good case those folks DO need this
to efficiently do their job (even the just relatively neglected
defensive side of it) and giving them read only access is probably not 
inappropriate at least if you accept the value or necessity of
NSA/CQHQ's existence at all...

  Dave Emery N1PRE/AE, die at dieconsulting.com  DIE Consulting, Weston, Mass 02493
"An empty zombie mind with a forlorn barely readable weatherbeaten
'For Rent' sign still vainly flapping outside on the weed encrusted pole - in 
celebration of what could have been, but wasn't and is not to be now either."

More information about the cryptography mailing list