Also, the NSA has a $10 billion budget. The Snowdon revelations are incredibly embarrassing to them, and I think they would easily spend a little over a month’s budget in order to hack him.
By the time they already knew who it was, much of those document were already in too many hands to hide. If I was Snowden, I’d have some set up on hidden prepaid hosting set to leak automatically if I didn’t keep on cancelling well before anything at all goes public. They wouldn’t just have to hack him, but every journalist who may have made copies, anywhere he may have copied it to, etc.
I don’t think it’s likely that their procedures on spending are that fast. By the time they got approval from whoever needs to approve it, it would be too late to be effective. Most of the damage was already done when Snowden handed over the first batch of documents, and if he suddenly disappeared, media wouldn’t forget about him.
But, if you spend a billion developing a zero-day exploit, surely you can use the exploit against anyone with the same operating system, or using the same program. In which case you are not paying a billion just to hack one person.
But just a zero day in Tails wouldn’t be enough to get Snowden. It would maybe let them get into his accounts, which we would have no idea about unless someone told us, but to silence him, they’d need to delete the files or find where he was. For whatever reason, they are unable to kill him while he’s in Russia, and I doubt Snowden keeps the only copy of the files hooked up to his computer while he’s online. You can do all your work offline, and only go online while sending something.
(I think they haven’t gone and killed Snowden yet because Russia would respond with World War 3. The probability of Russia doing that is high enough to justify inaction. Or in other words, the NSA knows how to lose.)
Counterexample: Snowden and people around him (Greenwald, Poitras). I think the spooks tried very hard to hack them; I also think they failed in that.
Hm. If I had a billion dollar budget I could do it. I don’t think the NSA can just put a billion into hacking a single person.
If you disagree with either of these points I’ll try to defend them.
I disagree with both, but I don’t think arguing over them is worthwhile as they both are not falsifiable.
Also, the NSA has a $10 billion budget. The Snowdon revelations are incredibly embarrassing to them, and I think they would easily spend a little over a month’s budget in order to hack him.
By the time they already knew who it was, much of those document were already in too many hands to hide. If I was Snowden, I’d have some set up on hidden prepaid hosting set to leak automatically if I didn’t keep on cancelling well before anything at all goes public. They wouldn’t just have to hack him, but every journalist who may have made copies, anywhere he may have copied it to, etc.
I don’t think it’s likely that their procedures on spending are that fast. By the time they got approval from whoever needs to approve it, it would be too late to be effective. Most of the damage was already done when Snowden handed over the first batch of documents, and if he suddenly disappeared, media wouldn’t forget about him.
But, if you spend a billion developing a zero-day exploit, surely you can use the exploit against anyone with the same operating system, or using the same program. In which case you are not paying a billion just to hack one person.
Snowden is sort of a special case here, as he uses Tails, which has very low adoption, and the value of an exploit is not as large as the value of an exploit in Windows. That said, there have been exploits in Tails:https://www.schneier.com/blog/archives/2014/07/security_vulner_4.html http://www.forbes.com/sites/thomasbrewster/2014/07/21/exploit-dealer-snowdens-favourite-os-tails-has-zero-day-vulnerabilities-lurking-inside/. NSA could probably find one for a few million (consider that a wild guess).
But just a zero day in Tails wouldn’t be enough to get Snowden. It would maybe let them get into his accounts, which we would have no idea about unless someone told us, but to silence him, they’d need to delete the files or find where he was. For whatever reason, they are unable to kill him while he’s in Russia, and I doubt Snowden keeps the only copy of the files hooked up to his computer while he’s online. You can do all your work offline, and only go online while sending something.
(I think they haven’t gone and killed Snowden yet because Russia would respond with World War 3. The probability of Russia doing that is high enough to justify inaction. Or in other words, the NSA knows how to lose.)