So FireEye is a big cybersecurity company. They were hacked and got all of their offensive hacking tools stolen. Both their statements and the FBI says that the hacker was probably a foreign government because it was a really sophisticated attack, but they never publicly says it was Russia. Some of the articles about this don't even mention Russia (https://www.cnn.com/2020/12/08/tech/fireeye-cyberattack/index.html).
The NYT says, with no discernible sources, that:
" The hack raises the possibility that Russian intelligence agencies saw an advantage in mounting the attack while American attention — including FireEye’s — was focused on securing the presidential election system. At a moment that the nation’s public and private intelligence systems were seeking out breaches of voter registration systems or voting machines, it may have a been a good time for those Russian agencies, which were involved in the 2016 election breaches, to turn their sights on other targets."
deleted by creator
Agreed. A responsible government might pay security researchers to find 0 days, but then they would turn around and make sure their citizens were safe from them. The NSA is more interested in attacking other countries then protecting US citizens or allies.
But if they disclose zero-days and they are fixed, the NSA loses a hacking method from their toolbox. I'm sure they are constantly evaluating if hacks can provide more "good" (in terms of the state's interest) than potential harm. They aren't whitehats and we shouldn't expect them to be
deleted by creator
deleted by creator
deleted by creator