During one of his rare public appearances, the head of the NSA elite hacker TAO explains how a network admin can make life difficult for his team.
Rob Joyce doesn’t often go on stage explaining to a few hundred security experts and researchers how to protect a network from government hackers. This is primarily due to the fact that Joyce has been leading perhaps the best state hackers in the world for almost three years, the NSA elite TAO ( Tailored Access Operations ).
His approximately 1,000 subordinates break into networks, hack system administrators, bug rooms, computers and accessories. “Getting the ungettable” is the TAO motto, wrote Der Spiegel at the end of 2013 when it published an entire catalog with TAO tools. This catalog was full of technology that could have come from inventor Q in the James Bond films.
On Thursday, Joyce gave a lecture ( video ) at the Usenix Enigma conference in San Francisco and made it clear to his savvy audience how astonishingly often secret access to third-party computers succeeds even without aids of the Bond category.
No gap is too small for the NSA
Of course, Joyce, who had taken over the management of the TAO a few weeks before the Snowden revelations began, did not reveal any state secrets. On the contrary, his advice should not have surprised any system administrator. Still, the lecture was remarkable.
“Never go assuming that a gap is too small to be noticed and exploited” , quoted him Wired . If 97 out of 100 things pass the test in a security check and three “esoteric” little things fail, one should not think that they are unimportant. “We need this first gap, this first seam. And we will search and search and search for these esoteric borderline cases.”
Remote maintenance as a gateway
Even openings that only exist for a few hours are highly attractive to the NSA and all other state-sponsored attackers. As an example, he named maintenance work from a distance, for which a corresponding channel is often opened for a short time at the weekend advanced systemcare 12.1 key. “There are reasons why it’s called Advanced Persistence Threat: We poke and poke and wait and wait until we get in.”
The infrastructure of a building, such as ventilation and heating systems, can also be used by a secret service for its espionage attacks if they are connected to computer systems. Popular gateways are also connections to cloud service providers, hard-coded passwords or passwords transmitted in clear text, such as those still found in old protocols, as well as intercepted login data from network administrators and known, but carelessly unpatched security gaps.
Promising attack vectors are also smartphones and other devices that employees bring with them from home and connect them to the company network. Here Joyce even got a bit more specific and indicated that a laptop on which the children have downloaded a game from the Steam platform at home can be a real security risk if it is subsequently used in a company.