The NSA is not suspect number one. The Russians have had superb cryptographers for decades, heck GCHQ invented public key cryptography years before Diffie Helmann and denied it's very existence within for decades.

Attribution is a bitch. It's not a slam dunk to suggest that a particular agency is at fault without supporting evidence.

The NSA is the largest such organization, surely there are others. But just to correct: the GCHQ beat DH by three years and RSA by four, not decades.

> the GCHQ beat DH by three years and RSA by four, not decades.

Correct. But they kept the fact that they did secret for decades. That's what I meant, apologies if it was ambiguous (I can't actually edit the comment now to fix it).

The Russians have far more of an economic risk to set something like this off in the middle east. Their huge investments in oil infrastructure could go up in flames if this was traced back to them. And this is just the stuff that's somewhat above the table.

Indeed.

It's easy to pin it on a nation state or intelligence agency, but it's worth considering the possibility that it was rogue elements in one (or both worlds) that exploited this (and various people) for purely financial gain.

Hell, the people I know who don't work for the government scare me with the kind of advanced research they do. And if it was government funding they might farm out to the private sector if there was more advanced research there with this kind of attack vector in mind.

I think it's naive to assume there wasn't a clear, valuable target in mind that warranted its release.

After all, it's been in the wild since at least 2010. The entire Arab Spring has happened since then.