A New Spin on Tech Recruitment

January 7, 2022

Knock Knock! Who’s There? – An NSA VM” is an interesting essay for three reasons.

First, it contains a revealing statement about the NSO Group:

Significant time has passed and everyone went crazy last week with the beautiful NSO exploit VM published by Project Zero, so why not ride the wave and present a simple NSA BPF VM. It is still an interesting work and you have to admire the great engineering that goes behind this code. It’s not everyday that you can take a peek at code developed by a well funded state actor.

I noticed that the write up specifically identifies the NSO Group as a “state actor.” I think this means that NSO Group was working for a country, not the customers. This point is one that has not poked through the numerous write ups about the Israel-based company.

Second, the write up walks through a method associated with the National Security Agency. In terms of technical usefulness, one could debate whether the write up contains old news or new news. The information does make it clear that there are ideas for silent penetration of targeted systems. The targets are not specific mobile phones. It appears that the targets of the methods referenced and the sample code provided are systems higher in the food chain.

Third, the write up is actually a recruitment tool. This is not novel, but it is probably going to lead to more “look how smart and clever we are, come join us” blandishments in the near future. My hunch is that some individual, eager to up their games, will emulate the approach.

Is this method of sharing information a positive or negative? That depends on whom one asks, doesn’t it?

Stephen E Arnold, January 7, 2022


Comments are closed.

  • Archives

  • Recent Posts

  • Meta