Reply to post: Re: The NSA isn't trying to exploit everything it can find

Biden to Putin: Get your ransomware gangs under control and don’t you dare cyber-attack our infrastructure

martinusher Silver badge

Re: The NSA isn't trying to exploit everything it can find

We really don't know what the NSA is trying to exploit. We know that they collect vast troves of information, we know they developed a bunch of mostly Wnidows hacking tools and we know they had systematic exploits in place. At the time -- this is years ago -- we were warned that trying to keep vulnerabilities secret was a losing game, sooner or later they'd be discovered and they'd be turned against us.

Curiously enough, though, most exploits don't start with looking for obscure buffer overflow or privilege escalation bugs. They, like the Colonial pipeline exploit, started with a generic phish. Phishes work because we insist that email should be webpages and include active content (a real plaintext mail is completely bulletproof). The phish works because our systems are vulnerable to remote downloads, requiring just a user mouse click to load anything. This is really our fault for relying on obsolete software (it just won't work to tell people not to click on attachments -- sooner or later someone will). Anyway, blaming 'the Russians' is about as meaningful as blaming 'the Martians' -- maybe there's some Russians involved, maybe not. Most actual crime (rather than the tools) seems to originate from the US and UK although we can't be sure that the criminals are physically based there.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon