I said oversee, not engineer it themselves. If they have in-house programs developing lie detection technology themselves, I know nothing about that; but assuming that lie prediction technology is being improved upon anywhere, then the NSA is probably aware of it and the first government agency in line to take advantage of the latest generation of that kind of tech (maybe second or third, etc).
Basically everything I know about zero days comes from Chinese zero days. And it seems to me that if a Zero Day was developed in the US, it would be developed with planting in mind, because routers are fabricated and assembled in Asian countries with their own intelligence agencies and their own guiding principles of planting zero days on hardware.
My understanding about what the NSA is and isn’t enthusiastic about might be nearly a decade out of date, if it was ever accurate at all.
So, zero day exploits are generally nonrivalrous; one agency can find one way to run code remotely on a device and another agency in a different country can find a different flaw or even the same flaw, and they’re not conflicting scenarios. “Planting” bugs as the software or hardware product is being developed is an avenue to accomplish that, but it’s unnecessary, especially for items like routers. I have several friends who do this exact type of work developing zero days for a private military contractor instead of the government. They’re handed a piece of equipment, they find bugs, they develop a plug-and-play weaponization for someone else in the military-industial complex, rinse, repeat; there’s no need to bribe anyone or do some sort of infiltration of the vendor themselves. When the NSA does the same thing in-house it’s very similar. Injecting bugs during software development of a product is risky for multiple reasons, and if the vendor is American it could be illegal, even if the NSA is doing it.
Otherwise I’m kind of confused as to what we’re talking about anymore.
I said oversee, not engineer it themselves. If they have in-house programs developing lie detection technology themselves, I know nothing about that; but assuming that lie prediction technology is being improved upon anywhere, then the NSA is probably aware of it and the first government agency in line to take advantage of the latest generation of that kind of tech (maybe second or third, etc).
Basically everything I know about zero days comes from Chinese zero days. And it seems to me that if a Zero Day was developed in the US, it would be developed with planting in mind, because routers are fabricated and assembled in Asian countries with their own intelligence agencies and their own guiding principles of planting zero days on hardware.
My understanding about what the NSA is and isn’t enthusiastic about might be nearly a decade out of date, if it was ever accurate at all.
So, zero day exploits are generally nonrivalrous; one agency can find one way to run code remotely on a device and another agency in a different country can find a different flaw or even the same flaw, and they’re not conflicting scenarios. “Planting” bugs as the software or hardware product is being developed is an avenue to accomplish that, but it’s unnecessary, especially for items like routers. I have several friends who do this exact type of work developing zero days for a private military contractor instead of the government. They’re handed a piece of equipment, they find bugs, they develop a plug-and-play weaponization for someone else in the military-industial complex, rinse, repeat; there’s no need to bribe anyone or do some sort of infiltration of the vendor themselves. When the NSA does the same thing in-house it’s very similar. Injecting bugs during software development of a product is risky for multiple reasons, and if the vendor is American it could be illegal, even if the NSA is doing it.
Otherwise I’m kind of confused as to what we’re talking about anymore.