[ajross]

Surely they're not actually maintaining those hosts themselves (imagine the embarassment of doing a RDNS lookup and getting "flame-cc1.nsa.gov"). They are almost certainly compromised machines owned by someone else, which makes "securing" them in the classic sense pretty much impossible.

[runn1ng]

I know it was a joke comment, but names like "Flame", "Duqu" or "Stuxnet" are not names in which those viruses were developed, but those were attributed to them later through security community

[Splines]

How far down the rabbit hole would you have to go before you find a connection from a .gov machine?

Or do nation-state malware programmers maintain a strict no-contact policy to keep the government's hands clean?

I suppose we'll never know the answer.

[ceejayoz]

I'd imagine the folks doing this have a windowless van parked outside a Starbucks. I'm fairly certain you'd never be able to trace it back to a .gov computer without physically finding the computers themselves.

[Kadrith]

Did you ever read about Titan Rain? http://www.time.com/time/magazine/article/0,9171,1098961,00....

It talks a bit about how one person tracked attacks through multiple countries back to China.