The level, reach, and breadth of NSA surveillance activities, which were originally brought to the surface by Edward Snowden, undoubtedly opened the eyes of many. As a result, the public over the past three years has learned an awful lot about the NSA’s capabilities and some of the more clever approaches they incorporate when conducting surveillance.
One of the more interesting pieces of information relayed by Snowden was the existence of a top-secret hacking unit within the NSA called the Tailored Access Unit (TAO). According to reports, TAO is the elite of the elite, with its members capable of “gaining undetected access to intelligence targets that have proved the toughest to penetrate through other spying techniques.” Not only that, one official reportedly said that TAO operations have yielded “some of the most significant intelligence our country has ever seen.”
With that as a backdrop, the head of TAO, Rob Joyce, recently gave an unprecedented and gripping presentation at the Usenix Enigma security conference where he discussed, in a broad sense, some of the NSA’s go-to hacking techniques while also providing general advice on how to make life frustrating for NSA snoopers.
Of course, Joyce didn’t disclose any classified methods or anything of the like, but when the head of the NSA’s TAO group gives a talk, it’s probably a good idea to pay attention.
In detailing some of Joyce’s speech, Wired relays a number of interesting tidbits, including the degree to which the NSA values network administrator login credentials.
In the world of advanced persistent threat actors (APT) like the NSA, credentials are king for gaining access to systems. Not the login credentials of your organization’s VIPs, but the credentials of network administrators and others with high levels of network access and privileges that can open the kingdom to intruders. Per the words of a recently leaked NSA document, the NSA hunts sysadmins.
The NSA is also keen to find any hardcoded passwords in software or passwords that are transmitted in the clear—especially by old, legacy protocols—that can help them move laterally through a network once inside.
That being the case, Joyce advises those keen on thwarting attacks to limit administrator privileges, segment the accesses, and enforce two-factor authentication because “nothing is really more frustrating to us than to be inside a network, know where the thing is you need to go get to, and not have a path to get over to find that.”
Another interesting point brought up by Joyce is that the NSA is always looking for interesting ways to gain access, whether it be through an HVAC system – which was the cause of the massive Target breach of 2014 – or even through personal devices on which employees have “allowed their kids to load Steam games, and which the workers then connect to the network.”
“A lot of people think that nation-states are running on zero-days,” Joyce explained. “But there are so many more vectors that are easier, less risky than going down that route.”
The full video of Joyce’s presentation can be viewed below.