Head of NSA's hacker squad explains how to armor networks against the likes of him

Rob Joyce runs the NSA's Tailored Access Operations group, the spies who figure out how to hack systems, publishing a spook's version of the Skymall catalog, filled with software and hardware that other spies can order for use.



TAO's existence was only revealed in 2013 when leaked documents confirmed its existence. Joyce gave a presentation yesterday at the Enigma conference, a new security conference in San Francisco, explaining how TAO operates, and advising the attendees on how to prevent state-level actors from infiltrating and exploiting their networks and IT systems.

One revelation was that TAO is very patient: they will monitor adversaries' systems as a matter of course, waiting for an opportunity -- such as when a system malfunctions and the vendor asks the administrators to temporarily turn off password protection for a few moments.

Another favored mode of access is devices shared with workers' children -- the agency uses games on tablets that are brought between home and the office as a vector to penetrate the office networks. Joyce singled out Steam games as a favored vector for penetration.

Joyce did not talk about traffic injection, a tactic revealed in a separate Snowden leak: the agency and its Five Eyes allies have infiltrated fiber backbones, and are able to interrupt connections between sensitive systems and the public Internet and inject attack-code in those sessions.

If you really want to make the NSA’s life hard, he ticked off a list of things to do: limit access privileges for important systems to those who really need them; segment networks and important data to make it harder for hackers to reach your jewels; patch systems and implement application whitelisting; remove hardcoded passwords and legacy protocols that transmit passwords in the clear.

Another nightmare for the NSA? An “out-of-band network tap”—a device that monitors network activity and produces logs that can record anomalous activity—plus a smart system administrator who actually reads the logs and pays attention to what they say.

NSA Hacker Chief Explains How to Keep Him Out of Your System [Kim Zetter/Wired]


(Image: Kim Zetter)