digg

Facebook Connect Join Digg About

NSA Red Team Top Hacker Speaks Out

popularmechanics.com — In my years of reporting on the subject, I’ve often heard the National Security Agency’s red team referred to with a sense of breathless awe by security pros. These guys are purported to be just about the stealthiest, most skilled firewall-crackers in the game.

Who dugg this? Made popular Jul 1, 2008

Add a friend

submitted by

socialpyramid Jun 30, 2008

1512 diggs
digg

127 Comments

JonTheGoose, on 07/01/2008, -4/+132Pfft whatever, I've got Norton bitches!!
zscottkilgore, on 06/30/2008, -1/+126Dugg for last quote: “There is a perfectly secure network,” he said. “It’s one that’s shut off. We used to keep our information in safes. We knew that those safes were good, but they were not impenetrable, and they were rated on the number of hours it took for people to break into them. This is a similar equation.”
inactive, on 07/01/2008, -0/+104The reason NSA Red Team is so skilled is because they are highly educated engineers from within the industry who know the hardware/software they are working with from inside out.

Unlike the rebel kids who learned about hackers from watching movies and who dream of becoming famous by hacking the Gibson.
inactive, on 06/30/2008, -2/+101OMG THEY TOTALLY JUST SAW YOU WRITE THAT.
sockpuppets, on 07/01/2008, -1/+53I'm typing this in rot-26 in hopes they'll be unable to decipher my madness.
haikuFU, on 07/01/2008, -1/+49I do this for a living. About 5% of it is fun. The other 95% of it is writing documentation and presenting your findings to a bunch of stuffy execs that know absolutely nothing about technology, and trying to convince them that things that were a good idea 15 years ago might not be such a good idea now. Or that their buddy that told them they need Super Security Widgetizer version 11 might not know what he's talking about.
WTF69, on 07/01/2008, -3/+46I wonder how some one gets hierd as a top NSA hacker. I bet they found him on craigslist
sockpuppets, on 07/01/2008, -3/+42A spy is sappin mah sentry!
haooken, on 07/01/2008, -3/+40Blu?
strictnein, on 07/01/2008, -0/+37It's like the movie Hackers, only with more pillars!
robdiggity, on 07/01/2008, -2/+36And less Angelina Jolie.
S4MF1SHER, on 07/01/2008, -2/+35Because they are so secret that they themselves aren't even sure they exist.
Iluvator, on 07/01/2008, -1/+34I'm not a security professional, but from what I've been told by friends who are, hacking (even white-hat like this) is not nearly as cool as it seems from the outside.

It seems pretty frickin cool from here, though.
stgben, on 07/01/2008, -2/+31“An official within the National Security Agency’s Vulnerability Analysis Group.” So I’m just going to call him OWNSAVAG for short.
LuckyASN, on 07/01/2008, -3/+31Tom Clancy: Red Team?
wildfire, on 07/01/2008, -2/+30Quick! Swallow the red pill!
wonderchemist, on 07/01/2008, -1/+28Hack their network and find out!
Brak710101, on 07/01/2008, -3/+30Why don't we hear of the Blue team? :(
jonthebishop, on 07/01/2008, -3/+30But can they hack the Gibson?
gurellia53, on 07/01/2008, -2/+27OWNSAVAOG
jenrzzz1, on 07/01/2008, -0/+23The NSA offers exciting and interesting work for recent college graduates in mathematics and computer science. Pick up the phone, call your mom, and ask for an application.
DamnMan, on 07/01/2008, -1/+23He is right. Unless the NSA has a working quantum computer in a bunker somewhere. There are some pretty damn heavy duty encryption schemes available. Take the Windows source code leak a while back. The hackers never got anywhere near cracking IPSec to gain access to the network. They used nothing more than Trojans and exploits on employees personal computers to get access to the VPN just like a normal everyday user sitting at their laptop in Starbucks.

So in that example VPN technology is relatively secure "In the middle". Think of it like an armored truck delivering money to a rickety shack with a broken screen door. you could TRY to rob the armored truck on its way. Or you could just wait until the money is in the rickety shack. The same thing for networks. The network is secure (the truck) but the end point computer (the shack) is not, thus allowing easy access to the data (money).
dougvfr750, on 06/30/2008, -9/+29Sounds like a cool job. Are they hiring?
xtrench, on 07/01/2008, -0/+20But what about the most important question? Who is the Blue Team?
Mononuclear, on 07/01/2008, -2/+22I am using ROT52!!! twice the encryption of your ROT26!!
clutchperformer, on 07/01/2008, -1/+20My exact experience in a nutshell. I'm not saying it's not a thrill but there's a real persuasive political element to the job. Also, you have to make absolutely sure you warn them in writing of every possible break before you leave the engagement. A lot of the clients see the bill on the assessment and figure they can't afford to actually remedy the problems. So you get called in 9 months later when they actually get hacked. They see the bill for the forensics, recovery and implementation of your original security design and they mumble about legal action against you for improper practice or non-disclosure. Basically, they are looking for a scapegoat at this point... so you have to be smart and thorough.
Brad324, on 07/01/2008, -2/+16one man owns a vag, another man OWNSAVAOG
inactive, on 07/01/2008, -1/+15Hack the gibson, Hack the gibson, I'm seedin' bittorrents like a digital pimp, son!

http://www.youtube.com/watch?v=SnLB8wysMbY
S1ngular1ty1, on 07/01/2008, -3/+16The larger and more complex a network is the easier it is to break into because there will inevitably be more holes.
bryanpcola, on 07/01/2008, -0/+13because defense is boring!
fuhlavaflave, on 07/01/2008, -1/+13...and why are we both stuck in this box-shaped canyon?
nascentia, on 07/01/2008, -0/+12We just gotta slice into the Straylight and break out the 'Mute, mon.
hungryhermit, on 07/01/2008, -0/+12I worked with a guy who used to do it. He just interviewed at a college career day like a regular job (and had a grad degree). He quit because the gov't pay left something to be desired.
YesImAChick, on 07/01/2008, -3/+14I'm sure they are. Unfortunately, I don't think they pay well enough for new grads. They gave me an offer for $30K less than what I was offered somewhere else (in the public sector). I know that money isn't everything, but after being a broke college student, guess which job I didn't choose?
gyrfalcon, on 07/01/2008, -7/+18I found the article lacking, but then again Popular Mechanics doesn't write much that's in depth. Generally it's not the network that is difficult to secure, it's the endpoints. With modern encryption the analogy to a safe is stretched quite far.

I'm fairly confident I could setup a network on the Internet that the "Red Team" couldn't breach. Although the JDAM they would drop on my house probably would.
jenrzzz1, on 07/01/2008, -2/+12There's no such thing as a perfectly secure network. The weakest link is always the user. If a network was turned off, a good cracker/social engineer would call them and have them turn it back on.
Boyce, on 07/01/2008, -0/+10"We're working on it."
dha07030, on 07/01/2008, -6/+15Very cool job, but couldn't they have come up with a cooler name then Red Team. Any suggestions?
carpespasm, on 07/01/2008, -2/+11if they are I'm sure they'll let you know. That or you'll have to dig through some site enough to find the submital form.
Zaggynl, on 07/01/2008, -0/+9OWNSAVAOG...
Bob would've been easier no?
Ellipsys, on 07/01/2008, -2/+11Exactly. I did this on a consulting basis for a long time, and I spent about 90% of my time either covering my ass, or explaining something in sufficient detail.
Mononuclear, on 07/01/2008, -0/+9Government pay sucks compared to the same job in the private sector and yes the NSA CIA etc are always at college career days and recruit heavily from college.
xL0Sx, on 07/01/2008, -2/+11Team Alpha Super Awesome Cool Dynamite Wolf Squadron.

Yeah Yeah Yeah, I watched Shrek the Third.. so what?
Liability, on 07/01/2008, -0/+8I'm no computer hacker, but where's the damn interview?
whiteboy, on 07/01/2008, -0/+8All they do is create GUI interfaces using Visual Basic. To track IP addresses. Duh.
InfiniteNothing, on 07/01/2008, -0/+7In my contracting experience with both the public and the private sector, the private industry protects their IP better than the military protects their bases. Go figure
DamnMan, on 07/01/2008, -0/+7Only 3 diggs for a (real) Gibson reference?
mCanada, on 07/01/2008, -0/+7As a broke student in my nth year (approaching last), I would certainly take a cut at the get go if the position gave me deeper insight into the industry or allowed me to develop at a greater rate. But I suppose "a cut" would certainly have limits :)
zyklon, on 07/01/2008, -2/+9Obviously you didn't get the joke. Try to do some research on irony or puns before you venture into Digg.
Show 51 - 100 of 129 discussions
Add a Comment

Login or register to comment!
Or, sign-in super fast with your Facebook account ...

Site Links: Home; Take a Tour; Search Digg; Digg Mobile; RSS Feeds; Popular Archive

Help: Frequent Questions; How Digg Works; Report a Website Bug

All About Digg: About Us; Contact Us; Community Guidelines; The Digg Blog; Digg Townhalls & Meetups; Jobs at Digg; Advertise on Digg; Diggnation Podcast

Digg Store: Get hats, shirts, hoodies, stickers, and more at the Digg Store.

Digg Tools & API: All Digg Tools; DiggBar Tools; Firefox Toolbar; Twitter Feeds; Add Digg to Google; Netvibes Widget; Integrate Digg Buttons; Digg Badges; Make a Digg Widget; API for Developers

Digg Dialogg!: Digg Dialogg lets you choose the questions.

Digg Labs: Get a real-time view beneath the surface of Digg.; Digg Labs Home; Arc, Swarm, Stack, Bigspy, Pics

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.