[Cryptography] Equation Group Multiple Malware Program, NSA Implicated

Arnold Reinhold agr at me.com
Mon Feb 23 13:15:08 EST 2015 

On Sun, 22 Feb 2015 10:24 Ray Dillinger (Bear) wrote:

> On 02/20/2015 04:37 AM, ianG wrote:
> 
>> Yes, precisely my point.  The organisation is so large that this has to
>> be a statistical thing.  And as they have offended their people's
>> constitution and other sensibilities, the statistics lean against them,
>> not for them.
> 
> This is a point I make from time to time.  You will never have good
> security unless you have full and enthusiastic cooperation from your
> people.  And you won't have that if you're doing anything that your
> people don't believe is RIGHT.
> 
> And, you know, that "Constitution" thing -- a whole lot of Americans
> believe in that.  It's going to be really really hard to do decent
> security with Americans on your staff if you're going up against it.
> 
> Larger groups always increase the odds of a non-cooperative member.
> But those odds start out an order or two of magnitude different
> depending on how much your employees believe in what you're doing.

I love the US Constitution too, but let us not make too much of a morality play about this. There are always reasons for someone to turn on an organization he or she was once loyal to (or appeared to be).  Communism was the biggie in the mid 20th century, but religion, political ideology, money troubles, blackmail over an illicit affair, mental illness, or just a new significant other can all do it. I heard Daniel Ellsberg, the guy who leaked the Pentagon Papers, speak years ago and he said a divorce and new girl friend helped alter his view of the Vietnam War. 

IanG also wrote:
> 3 years is not a long time to roll out a change of the size needed to stop a Pvt. Manning episode, in an org the size of the NSA.

The United States went from Perl Harbor to the Invasion of Normandy in just over 2-1/2 years. I suspect NSA put a lot of changes in place within months after Snowden. The point is you cannot have vast quantities of secrets circulating freely on digital networks accessible to thousands of people, no matter how well vetted, even if your goals and methods are pure as can be, and not expect major leaks from time to time. Securing US secrets is one of NSA two missions. They should have gotten the message with Pvt. Manning. Obviously they did not. 


Arnold Reinhold

More information about the cryptography mailing list