Why I Think the NSA is Releasing a Free Reverse Engineering Tool This Year at RSA:
The NSA is releasing a free reverse engineering tool this year at the RSA security conference in San Francisco.
A lot of people are asking about the motive of the NSA releasing a free reverse engineering tool at RSA this year.
Theories include: it's a backdoor, it's a tracking mechanism, etc.
My opinion? Recruiting.
It's a PR move to attract talent post-Snowden/ShadowBrokers.
- ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ (@DanielMiessler)
Many in the security community-who have an understandable and healthy distrust of the NSA-are wondering if there could be a backdoor in the software, if they're using it to spy on people, etc. The various theories are interesting reading.
And reducing the loss of talent they already have.
I think the answer is much simpler-they're using the release of the tool to inject some goodwill into the community in hopes of attracting new talent.
In short, it's all about recruiting.
Between Snowden, the ShadowBrokers leaks, and the damage caused by EternalBlue and NotPetya, I'm guessing morale is at a dangerously low level and they need to do something to raise interest and motivation for working there.
(Via Daniel Miessler)
An interesting theory, to be sure. It does assume one key aspect that may, in fact, be lacking: that someone with the wherewithal, knowledge, and authority released this tool at this time.
I wonder if it was slated to be released some time ago and the timer for release expired. No one was "at the switch", as it were. The intent may well be as Daniel and Leslie think initially, but the person(s) who put it into place is perhaps long gone from the administration or else taking advantage of chaos - placing a maybe valuable tool to security professionals because the government can't be trusted to do it themselves either through malfeasance or through incompetence.
Or it could be something else entirely. We're all just guessing.