This post seems lacking in the data required to make such a claim; I do not understand how it has gained so much traction.
Where is the actual research, and where are the probable identified candidates? Did I miss a data analysis part somewhere that explained the methodology, and probable attribution to actual people? This appears to be a basic string search of the code and some simple syntax analysis.
There are learning algorithms for stylometry, and they can probably be adapted to code. This article appears to state that "it might be possible to use these anomalies as clues", but does not elaborate on, how, why, or what any hypothesis is other than this.
Looks to me like the author is posting initial findings (and if I am reading this right, withholding some).
It doesn't look like a crazy amount of time/resources have gone in, but it looks like a basic proof of concept to me. Perhaps it will get the ball rolling and someone else who reads this will figure it out.
However, in contrast to 3.5 billions Internet users, only a few hundred experts have to be identified.
This is the sentence that lets you know the post can be safely ignored. Anyone who thinks there are only a few hundred people in the world capable of writing Linux exploits doesn't have a grip on the scale of the world at all.
The assertion was not that there are only a few hundred people, but that the organization responsible for this software employed at most a few hundred people to write it.
(There are other problems with the article's conclusions absent the data they withhold, but I don't agree that this is one of them.)
e: Actually, on further reflection, neither your interpretation of their statement nor mine is a reasonable conclusion, so I now agree with you that this is a flaw in their argument.
But that isn't the approach the article takes - it tries to narrow down the list of possible authors from public data, not identify employees of organisations that may have a few hundred hackers.
Perhaps it's possible to limit the search space by also looking only at experts likely (or possibly) have worked with the US government or NSA in the past or present. Then maybe you could get the list down to a reasonable number? For example, any experts that have never been to the US for extended periods of time can probably be excluded.
Agreed. There are probably 5-25K (yes, large range, but still order of magnitude higher) people in the Bay Area alone that are capable of writing exploits.
Also, there's a huge difference in the number of people capable of secretly building exploits alone in their bedrooms at night (probably committing a crime), and those building them as a day job, where you can solicit feedback and advice from peers, reference well-organised documentation and study the original source code of previously successful exploits and freely discuss ideas and approaches with colleagues over lunch.
Which of course partially challenges this assumption in the article:
The developers of the malware [..] were discovered and not trained.
I'm currently working on anomaly detection algorithms and used the good opportunity (the Shadow Brokers release) to analyze a number of malware applications at once.
Indeed from what we also know or is suspected at least this is a group which is external to the NSA.
It could consist of former NSA employees and military personnel but it's not clear if this is a fully sanctioned group or just really good hackers for hire.
Github has a comprehensive open dataset [1]. I'm not sure if it keeps historical data, but I'm sure there are people hitting the API's and keeping the data archived :)
TLDR: Assumptions: "The developers of the malware are leading experts in the area of Linux, Network and Security development." and "They were discovered and not trained."
I also suspect the author may have a possible or likely identification of some programmer(s) involved.
While I am no fan of some of the things the US does, I don't bear these programmers the type of ill will that your encouragements of violence suggest. I think it's foolish to believe that every (sufficiently wealthy) government on earth doesn't have their own "Equation Group" writing stuff like this (or at least trying to).
Right... So because the US government treats some people badly, all of its employees are fair game for torture and murder. Which other countries' civil servants would you also like to see killed?
We're not talking about "some people the US government employs".
We're talking about cyber criminals of the highest order of the kind the US wants everyone to believe even Guantanamo bay and the raft of torture there is too good for, committing the kind of crimes that attract multiple life sentences.
Why shouldn't somewhere like Germany order their extradition and subject them to the same fate similar European citizens have been subject too.
I'm sure they tell themselves "its OK cos its patriotic". Rest of the world doesn't/shouldn't see it that way.
Why is it a problem if they are identified? It is probably the only case where writing Malware doesn't get your in trouble with the government because they paid you to do it.
Where is the actual research, and where are the probable identified candidates? Did I miss a data analysis part somewhere that explained the methodology, and probable attribution to actual people? This appears to be a basic string search of the code and some simple syntax analysis.
There are learning algorithms for stylometry, and they can probably be adapted to code. This article appears to state that "it might be possible to use these anomalies as clues", but does not elaborate on, how, why, or what any hypothesis is other than this.