Ask HN: Why isn't the NSA categorized as an APT?

5 pointsTheOpenSourcer4d ago9 comments

Israel Unit-8200 is an APT Iran has like 4 APT's under its army Why isn't the NSA categorized as an APT?

APT definition: APTs are state-run, organized, and stealthy. The NSA fits this definition.

Can someone explain this? Is it only politics?

9 comments

Sure they are. https://en.wikipedia.org/wiki/Equation_Group

It's probably more about convention and terminology. Security researchers tend to label foreign actors as APTs partly for tracking and reporting purposes. With domestic agencies, especially US ones, there's either reluctance or it's treated as a given.

rithdmc3d ago

That and the big question over, if they do detect a domestic agency's APT, will they even report it? Warning: Top Secret / NoForn leaks below.

Allegedly, - McAfee reached out to the FBI about Magic Lantern, - Kaspersky were believed by the NSA to not detect Russian-affiliated malware, - and I can't find any sources for this, but I remember reading about and having chats earlier in my career with folks in AV companies mulling over what to do in this situation.

sloaken4d ago

It is perspective. From the Iranian stance, NSA is an APT and theirs is not. Likewise the UK version, Russian versions etc.

Them / Us.

rl19874d ago

Because it's not wrong when "we" (i.e. those naming who counts as APT) are doing it.

tim-tday4d ago

Remember the Snowden leaks? They are.

mhb4d ago

WTF is an APT?

AnimalMuppet4d ago

Advanced Persistent Threat. It's a cyber security term.

sloaken4d ago

Thanks. Well that answers the question. Opponents are threats, your tools to counter are not.

As in: Your gun is a threat to me, my gun is how I defend against YOUR gun.

j / k navigate · click thread line to collapse

Ask HN: Why isn't the NSA categorized as an APT?

5 pointsTheOpenSourcer4d ago9 comments

Israel Unit-8200 is an APT Iran has like 4 APT's under its army Why isn't the NSA categorized as an APT?

APT definition: APTs are state-run, organized, and stealthy. The NSA fits this definition.

Can someone explain this? Is it only politics?

9 comments

KomoD4d ago

Sure they are. https://en.wikipedia.org/wiki/Equation_Group

cochinescu4d ago

rithdmc3d ago

That and the big question over, if they do detect a domestic agency's APT, will they even report it? Warning: Top Secret / NoForn leaks below.

sloaken4d ago

It is perspective. From the Iranian stance, NSA is an APT and theirs is not. Likewise the UK version, Russian versions etc.

Them / Us.

rl19874d ago

Because it's not wrong when "we" (i.e. those naming who counts as APT) are doing it.

tim-tday4d ago

Remember the Snowden leaks? They are.

mhb4d ago

WTF is an APT?

AnimalMuppet4d ago

Advanced Persistent Threat. It's a cyber security term.

sloaken4d ago

Thanks. Well that answers the question. Opponents are threats, your tools to counter are not.

As in: Your gun is a threat to me, my gun is how I defend against YOUR gun.

j / k navigate · click thread line to collapse