A top NSA hacker has revealed some stunning secrets about the way the agency hacks.
The National Security Agency has come under much scrutiny in recent years over their surveillance policies, but the agency recently provided a shocking look at how some of its best hackers operate. According to a report from ABC News, the NSA employs some of the world’s best computer hackers to break into networks around the globe.
The Tailored Access Operations cell (TAO) functions under secretive terms, but the department’s chief recently revealed some truly amazing secrets about how the nation’s top hackers operate.
“I will admit that it’s very strange, to be in that position and up her on a stage in front of a group of people,” said Rob Joyce, the head of the NSA’s TAO. Joyce was speaking to an audience at the Usenix Enigma security conference held in San Francisco this Wednesday. “I’m in a unique position in that we produce, in TAO, foreign intelligence for a wide range of missions to include advice for informing policymakers, protecting the nation’s warfighters 24/7 and in that space we’re doing nation-state exploitation. My talk today is to tell you, as a nation-state exploiter, what you can do to defend yourself, to make my life hard.”
Joyce explained how to make it difficult for the NSA to keep tabs on people, and the steps taken by TAO when they have a target in sight. Joyce revealed that there are six steps to taking down a hacker: reconnaissance, initial exploitation, persistence, tool installation, lateral movement, and collection and analysis of data.
How does all of this translate into something you should be concerned about? To the NSA, no network is impenetrable. The reconnaissance phase identifies weak points in a network’s architecture, and NSA hackers typically learn a network inside and out before even trying to breach it.
Once they know what they’re up against, a hacker can use any number of tricks to gain access to a network, including tricking a user into entering information in an unsecure field or getting them to click a phony link. After they have gained access, hackers can install small programs that will allow for further manipulation with more sophisticated tools. The TAO chief declined to provide further details into the specific tools NSA hackers use.
From this point, hackers employ a number of tactics that help them access the types of data they’re looking for specifically. Lateral movement from one part of the network to another allows a hacker to search for valuable information.
The good news is that hacking can take time. “A lot of people think the nation states, they’re running on these engines of zero days. You go out with your master skeleton key and unlock the door and you’re in. It’s not that. Take these big corporate networks, these large networks, I will tell you that persistence and focus will get you in, will achieve that exploitation without the zero days. There are so many more vectors that are easier, less risky, and quite often more productive,” said Joyce.
Joyce reiterated that well-run networks are the best defense against hackers, and companies and individuals can take certain precautions to limit their exposure. They can limit access to data to only the people who need to access it. Administrators can also segment networks and remain vigilant against anomalies and other strange things going on. “Penetration testers” can help big organizations test their security procedures before a hacker does it for them.
Joyce closed with a question and answer session, expanding on the legal rights of the NSA to hack and defend against attacks from other nation-states. “It’s amazing the amount of lawyers that the Department of Homeland Security, FBI, and NSA have. So if the government is saying that we have positive attribution too, you ought to book it. Attribution is really, really hard. So when the government’s saying it, we’re using the totality of the sources and methods we have to help inform that. But because those advanced persistent threats aren’t going away… we can’t bring all that information to the fore and be fully transparent about everything we know and how we know it.”
Daniel J. Brown
Daniel J. Brown (Editor-in-Chief) is a recently retired data analyst who gets a kick out of reading and writing the news. He enjoys good music, great food, and sports, with a slant towards Southern college football, basketball and professional baseball.