

How the NSA Got So Smart So Fast  - julienchastang
http://on.wsj.com/11HXT5w

======
mindcrime
The question(s) I have about the NSA aren't "Do they use Hadoop, Spark, S4,
MPI, OpenMP, etc." but rather things like:

1\. Do they already have a functional quantum computer, capable of rendering
most modern encryption useless?

2\. Do they have a mathematical breakthrough that allows them to factor
products of large prime numbers multiplied together, far faster than anyone
suspects - which would render most / all modern encryption useless?

3\. Have they planted backdoors and vulnerabilities in popular, widely
distributed hardware / software platforms?

etc.

~~~
fab13n
Re: #3; can you seriously imagine that they can't take control of an MS-
Windows PC, with or without MS's knowledge?

And you forgot a point: can they get an SSL root certificate signed for them,
in order to perform MitM attacks on seemingly secured connections? Here again
it's a foregone conclusion, several less technically-savvy countries have been
caught doing that.

~~~
6d0debc071
> Re: #3; can you seriously imagine that they can't take control of an MS-
> Windows PC, with or without MS's knowledge?

Can they take control of an MS-Windows PC without the cooperation of my router
maker and my firewall maker? And what does it cost them to do so for the
different makers?

You know? I'm fairly sure they can, after all if some kiddy off the internet
can what are the chances they can't. But what's the cost to cover the
different profiles? Is there a single point of failure?

~~~
jlgaddis
Shouldn't be hard for the NSA to monitor your web browsing for a few days and
then inject a 0-day for whatever browser you're using into an HTTP response
from, say, HN, right?

~~~
6d0debc071
If they've got to rely on the infrastructure provider to know what I've been
looking at, then I assume that they don't have infrastructure in place
themselves to arbitrarily do HTTP injection in a push button manner. May be
wrong though.

------
vsviridov
Paywall for me... :(

~~~
adamtj
[http://lmgtfy.com/?q=How+the+NSA+Could+Get+So+Smart+So+Fast#](http://lmgtfy.com/?q=How+the+NSA+Could+Get+So+Smart+So+Fast#)

~~~
fnordfnordfnord
Most of the top links are just teasers which link to the paywalled story.

Here is a complete (I assume) version. [http://finance.yahoo.com/news/nsa-
could-smart-fast-235100722...](http://finance.yahoo.com/news/nsa-could-smart-
fast-235100722.html?.tsrc=mobifone)

~~~
adamtj
When I posted the link, the top result was the actual story. Simply add
"site:wsj.com" to the search and the top link should be correct. If you click
the link from google, you avoid the paywall.

------
omonra
Article behind paywall. Here is link that works:
[http://stream.wsj.com/story/latest-
headlines/SS-2-63399/SS-2...](http://stream.wsj.com/story/latest-
headlines/SS-2-63399/SS-2-252859/)

------
caycep
welp if the PLA has a backdoor on my Shenzhen-made electronic goodies, I need
an NSA backdoor in order to keep em honest. Also any conversation with
"backdoor" could get dirty fast...

------
joeguilmette
I wonder if the NSA will open source their server architecture?

~~~
mindcrime
Believe it or not, they do open source some of their stuff, sometimes. See,
for example, Accumulo.[1][2]

[1]:
[http://en.wikipedia.org/wiki/Apache_Accumulo](http://en.wikipedia.org/wiki/Apache_Accumulo)

[2]: [http://accumulo.apache.org/](http://accumulo.apache.org/)

~~~
snowwrestler
I believe NSA has a dual mandate. We are hearing a lot lately about their
efforts to discover and use intelligence via electronic means, but I believe
they are also responsible for providing guidance on how the U.S. can secure
its own electronic communications--this is where efforts like SELinux and the
guide to securing OS X come from.

~~~
fnordfnordfnord
>but I believe they are also responsible for providing guidance on how the
U.S. can secure its own electronic communications

How can anyone find them credible in such a role with such huge glaring
conflicts of interests, and their demonstrated lack of trustworthiness?

~~~
dietrichepp
We see the same kind of behavior in corporations all the time. "Sony" is both
"Columbia Pictures", which wants to put invasive DRM in your TV, and "Sony
Electronics", which wants to sell TVs without DRM so more people buy them.

And you can just look at the NSA's guide to securing Red Hat Linux.

[http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf](http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf)

It's not substantially different than the information you'd find in any other
book about security. Anyone is free to review or comment on it. I don't find
it plausible that the NSA would hide any tricks in that document so they could
track you. At best, they might omit information, such as knowledge of a 0-day
exploit.

~~~
fnordfnordfnord
I don't consider Sony trustworthy either.

As far as the NSA's published guide you linked, of course it is in the
national interest for them to do things like that, and given the nature of a
public document it would be foolish for them to put false or misleading
information in it. That would be both bad, and comically obvious. I was
thinking more along the lines of them promoting or mandating the use of
encryption/technology that has weaknesses known only to them.

