I just don't think it's in their DNA to approach a small group of blackhats to do what they could contract a legitimate firm to do
I'm still amazed it's in their DNA to do this at all, but if they did, blackhats are the right people for the job. No point in hiring a legitimate firm to build an illegitimate weapon. Remember, Stuxnet infected thousands of other factories around the world. Whoever built it ain't legitimate anymore.
Going back to the HBGary situation (again), I think it's clear that many of the firms that work with the government stretch the definition of legitimacy pretty far.
I'm still amazed it's in their DNA to do this at all, but if they did, blackhats are the right people for the job. No point in hiring a legitimate firm to build an illegitimate weapon. Remember, Stuxnet infected thousands of other factories around the world. Whoever built it ain't legitimate anymore.