This sounds like a PR move in response to the Snowden leaks. I will give them the benefit of the doubt in this case that they did actually do something worth while. One thing to consider is that if they hadn't have figured it out, someone else might have. If they think an anecdote of them doing something good as a distraction from the domestic surveillance is a bit of an insult though. For all we know, this malware attack could be the exception, and not the norm. Even if its the norm and not the exception, it still doesn't excuse the bad things they have done. IMHO, someone like Snowden leaking this information was inevitable. I think it was a bit naive to expect NDAs to contain something so questionable that I am assuming a good number of people at the NSA knew about. I think the best PR move the NSA could do right now is to suspend some of these programs for now. In the future, if they can find a way to run these programs in a way that respects constitutional protections, then they can continue. For example, if they can track users anonymously and compartmentalize who has access to what pieces of information about a mark. Considering they are trying to get rid of sysads, this makes it harder to compartmentalize because inevitably the few remaining admins have a lot more systems they control.