Hacker News new | past | comments | ask | show | jobs | submit login

They are also known to hoard 0-days for years, and use some of them in their own attacks against others (such as, quite likely, Stuxnet). So, even there, the reason why they release information about some cyber threats isn't the simple fact of their existence, it is some other calculation of the effect of releasing this information.

The good part about releasing information about exploits and such is that they can be easily verified to exist, so there is no need to trust the spy agency. Any claims they make about the source of those exploits is not easily verifiable, and since you can't trust them, should be ignored.




Tech has been too premature to achieve "fluorescent purple" while simultaneously achieving mission objectives. Besides, the hoarding all got burned last decade and the agencies have clearly evolved.

What's the significance of attribution of exploit source?


> Besides, the hoarding all got burned last decade and the agencies have clearly evolved.

You claim this based on what? Kaspersky has recently found what they claim is (another) massively complex US malware in the wild.

> What's the significance of attribution of exploit source?

As in my example above, people always look for the source of an exploit and claim various actors created them. This creates certain reputations for these actors, just as in the claim from Kaspersky above (which may or may not itself be true - Kaspersky is a private company, but it is also known to work with the Russian government, which is clearly antagonistic to the US).


One massively complex malware is nothing compared to 2010's shtshow.

Noone can bullsht too often; attribution for hacks/tools as disinfo has limited utility value. And, again, attributing brain injuries to REW's as disinfo wouldn't help and they know that.

I still don't believe the US would decide to lie about this matter.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: