CATEGORIES
home News

NSA Chief Hacker Explains How To Harden Defenses Against His Elite Attack Dogs

by Rob WilliamsSaturday, January 30, 2016, 12:55 PM EDT

If you think that the likes of the NSA needs to rely on zero-day exploits to get their job done, you apparently have things completely wrong. At the USENIX Enigma security conference in San Francisco this week, the NSA's chief of Tailored Access Operations, Rob Joyce said that it's his team's sheer talent makes its attacks successful, not simple flaws waiting to be exploited.

While it does seem likely that the NSA makes use of zero-day exploits when the juicier ones are found, Joyce says that it's not as though his team simply has a "skeleton key" that's able to open any door it chooses. Instead, "persistence and focus will get you in." He continued that "There's so many more vectors that are easier, less risky, and quite often more productive than going down that route."

That latter comment should raise some red flags for anyone managing a network in the enterprise, or perhaps even at home. Sometimes, Joyce says, his hackers merely lurk in the shadows, waiting for an opportunity to present itself.

Steam
Even something as modest as Steam could open an attack vector

So you don't update the bevy of PCs you oversee quick enough? Depending on the vulnerabilities squashed, that means the door can sometimes be left wide open until action is taken. Another major issue is that otherwise secure networks can become unsecure because people introduce outside devices that could open up vulnerabilities. "Why go after the professionally administered enterprise network when people are bringing their home laptops, where their kids were going out and downloading Steam games the night before?"

As mentioned above, there's little doubt that the NSA takes advantage of zero-days when it makes sense to, but zero-days always have a time-limit, as companies tend to be quick to patch them. It's for that reason why the NSA prefers to not rely on them.

If there's a lesson to be learned from Joyce's comments, it's that if the government wants in, it has the resources to get in. The best thing we can do as home users is to keep our devices up-to-date, and just hope that no one would ever want to fiddle around with your network.

Tags:  security, Privacy, Government, vulnerabilities, NSA
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment