I'm not sure the distinction of what is and is not NSA proper is even meaningful anymore. They deal with national security and intelligence, not child porn, so they almost certainly weren't the primary actor in this case. But given all of the contractors and cooperating agencies and resources that are publicly known, which I would assume is only the tip of the iceberg, it makes little practical difference which agency is on the badge of who pulls the final trigger.
Given the IP space involved, SAIC's involvement, their known existing work in this area including their willingness to purchase exploits for government/law enforcement, and the target, it's a huge stretch to come up with any other explanation.
As someone usually ending up on the anti-NSA side of these discussions, I don't think there is anything particularly surprising or worrying about this. They (whichever agency it was) used an exploit in what was a fairly significant bust in their eyes. I haven't personally analyzed it but I gather it did something ranging from log identifiable information to installing malware. Regardless of what it did, this is a pretty expected law enforcement tactic for adversaries of this nature.
As pointed out by you and others, SAIC definitely has fairly incompetent moments, but they have a lot of money. This is why they can put enough of an attack together to deliver a sophisticated exploit (likely purchased) and execute on the operation, while still leaving their tracks on everything and being somewhat sloppy.
I've seen mixed comments as to whether or not it was actually patched upstream, but if it was, that makes even more sense. If it was patched, they had to use it before it made it into the Tor bundle, or lose it entirely. Generally, high value exploits that are 0day - unknown and unpatched, are not given to law enforcement.
I think to suggest this was "psyops" or something is giving SAIC far too much credit. It was just a sloppy raid that used an exploit, for any number of legitimate reasons.
Given the IP space involved, SAIC's involvement, their known existing work in this area including their willingness to purchase exploits for government/law enforcement, and the target, it's a huge stretch to come up with any other explanation.
As someone usually ending up on the anti-NSA side of these discussions, I don't think there is anything particularly surprising or worrying about this. They (whichever agency it was) used an exploit in what was a fairly significant bust in their eyes. I haven't personally analyzed it but I gather it did something ranging from log identifiable information to installing malware. Regardless of what it did, this is a pretty expected law enforcement tactic for adversaries of this nature.
As pointed out by you and others, SAIC definitely has fairly incompetent moments, but they have a lot of money. This is why they can put enough of an attack together to deliver a sophisticated exploit (likely purchased) and execute on the operation, while still leaving their tracks on everything and being somewhat sloppy.
I've seen mixed comments as to whether or not it was actually patched upstream, but if it was, that makes even more sense. If it was patched, they had to use it before it made it into the Tor bundle, or lose it entirely. Generally, high value exploits that are 0day - unknown and unpatched, are not given to law enforcement.
I think to suggest this was "psyops" or something is giving SAIC far too much credit. It was just a sloppy raid that used an exploit, for any number of legitimate reasons.