IMHO, they can't be sure but it's possible to estimate in the following scenario.
NSA finds some 0-day vulnerability in some router. To use it someone must send some specific data to a specific port, so that it causes some buffer overflow and leaks information.
NSA also might have all the traffic that is exchanged by some key points of the USA sites. They can monitor from now on, and also look the stored traffic, and try to find if that packed (attack) was ever used, is being used, or even activate some trigger if it shows up.
So, if others used it, warn the manufacturer. Not seen in the wild, save it in the "only ours" folder and use at will.
That's a very plausible bit of paranoia. And to add my paranoia to the mix: Then the "auction" of Equation Group stuff could be a way for the NSA to expose the vulnerabilities that others are starting to exploit.
Just because you're paranoid doesn't mean that's not exactly what they're doing ;)
Given what is becoming more apparent about the NSA on a day by day basis, anything you can think might be being done but write it off as needless paranoia is probably exactly what's being done... because "you're just being paranoid, we'd never do that to millions of innocent Americans." Yet somehow...
Sure... the underlying cause though isn't because of policy or issues though, it's trust in the agencies creating the policies, mandating them and enforcing them.
If we trusted them to adequately safeguard our information, and not to misuse it, then none of this would be an issue. But they've broken trust many times over and once that horse has bolted, you can't just close the stable door and expect people to just trust you again - especially not when you keep getting caught with your hand in the cookie jar, get caught lying about it or using smoke and mirrors to sidestep the consequences and then coming back and saying don't worry, not only can we be trusted with the cookie jar, but we must be the ones safeguarding you from the cookies because they make you fat. So it's for the good of everyone. Meanwhile, they're just sitting their eating the cookies. It's always a land grab for more cookies.
You wouldn't trust your six year old with that kind of behavior, you certainly shouldn't trust a Government agency that acts the same way.
This is a fine argument for not allowing NSA to help design things like key escrow, or to prevent them from involving themselves in crypto standards development. I'm not sure how it bears on vulnerability disclosure. NSA discovering and stockpiling vulnerabilities shouldn't impact other organizations discovering and then disclosing vulnerabilities.
NSA finds some 0-day vulnerability in some router. To use it someone must send some specific data to a specific port, so that it causes some buffer overflow and leaks information.
NSA also might have all the traffic that is exchanged by some key points of the USA sites. They can monitor from now on, and also look the stored traffic, and try to find if that packed (attack) was ever used, is being used, or even activate some trigger if it shows up.
So, if others used it, warn the manufacturer. Not seen in the wild, save it in the "only ours" folder and use at will.