Security Market Segment LS
Monday, 01 February 2016 10:50

NSA hunts sysadmins

By

Rob Joyce, head hacker for the United States, spoke at the inaugural Usenix Enigma Security Conference about how to keep the NSA out of your systems.

Joyce heads up the NSA's Tailored Access Operations (TAO) team, the group charged with breaking into the systems of the United States' foreign adversaries - and occasionally, its friends too.

The TAO has actually existed for some time, but came to light during Edward Snowden's leaks in 2013. Joyce himself has been with the NSA for over 25 years, though only head of the TAO since April that same year Snowden made headlines.

Joyce was understandably tight-lipped on the inner workings of the TAO, but he did shine a light on how the NSA breaks in to systems. The key to success is the virtual key to the server - namely, credentials such as username and password. No, not credentials of the CEO or MD, but that of the sysadmin. Yes, the NSA hunts sysadmins. Such people have the network access and privileges that can reveal all a company's data.

Joyce was explicit: the NSA actively seeks credentials which are hardcoded in software, or passwords transmitted in cleartext. This is another reason to hate websites which send you "password reminder" emails that divulge your password. Not only does this mean they store your password in plaintext (not encrypted) on their end, but now they are broadcasting it to anybody snooping in on your email.

Joyce continued to say no crack is too small to be noticed or exploited. If you perform a penetration test of your network and maybe 97 things pass but three obscure things don't, you cannot actually relax and sit back. It is those three small things which the NSA, and attackers from other nations, will work on.

Even temporary cracks, Joyce revealed, are targets for the NSA. You open up firewall access for a support vendor for the weekend and the NSA will jump right in there, having been passively testing your systems periodically for such a weakness.

BYOD, the buzzword that electronic retailers love to throw around, is a boon to the NSA. Insecure personal devices are being brought into companies, connecting to WiFi behind the corporate firewall, exposing the company to potential risks. Even QR codes can be a trap.

The NSA will target tech you may not even normally think of, such as your heating and cooling systems and other aspects of building infrastructure.

Joyce stated "spies have little trouble getting into your network because they know better than you what's on it."

"We put the time in," he said, to know the network better than the people who designed it, and better than the people who are securing it. You may know the things you want to run in the network; Joyce's team knows the things that are actually running in the network.

Perhaps a novel sideline business for the NSA would be to sell documentation to companies. I know when I've gone into a new business and had to figure all this out myself it would be super-handy if I could just phone the NSA and buy their report!

Joking aside, Joyce gave practical tips for those who want to keep hackers out. You know the drill, these are not new. However, they are also not necessarily enforced, and that's the problem.

Limit access privileges to only those who need them.

Segment networks and important data.

Patch systems!

Implement application whitelisting.

Don't hardcode passwords.

Don't transmit passwords in plaintext.

However, the biggest way of keeping the hackers out, Joyce said, is to monitor and log network activity and then have a smart sysadmin who actually reviews the info and pays attention. Do you have this person on your payroll?


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments