[ISN] Inside NSA Red Team Secret Ops With Government's Top Hackers

From: InfoSec News <alerts_at_private>
Date: Wed, 2 Jul 2008 03:08:01 -0500 (CDT)

By Glenn Derene
Popular Mechanics
June 30, 2008

When it comes to the U.S. government's computer security, we in the tech 
press have a habit of reporting only the bad news.for instance, last 
year's hacks into Oak Ridge and Los Alamos National Labs, a break-in to 
an e-mail server used by Defense Secretary Robert Gates ... the list 
goes on and on. Frankly that's because the good news is usually a bunch 
of nonevents: "Hackers deterred by diligent software patching at the 
Army Corps of Engineers." Not too exciting.

So, in the world of IT security, it must seem that the villains 
outnumber the heroes - but there are some good-guy celebrities in the 
world of cyber security. In my years of reporting on the subject, I've 
often heard the National Security Agency's red team referred to with a 
sense of breathless awe by security pros. These guys are purported to be 
just about the stealthiest, most skilled firewall-crackers in the game. 
Recently, I called up the secretive government agency and asked if it 
could offer up a top red teamer for an interview, and, surprisingly, the 
answer came back, "Yes."

What are red teams, you ask? They're sort of like the special forces 
units of the security industry -- highly skilled teams that clients pay 
to break into the clients' own networks. These guys find the security 
flaws so they can be patched before someone with more nefarious plans 
sneaks in. The NSA has made plenty of news in the past few years for 
warrantless wiretapping and massive data-mining enterprises of 
questionable legality, but one of the agency's primary functions is the 
protection of the military's secure computer networks, and that's where 
the red team comes in.

In exchange for the interview, I agreed not to publish my source's name. 
When I asked what I should call him, the best option I was offered was: 
"An official within the National Security Agency's Vulnerability 
Analysis and Operations Group." So I'm just going to call him OWNSAVAOG 
for short. And I'll try not to reveal any identifying details about the 
man whom I interviewed, except to say that his disciplined, military 
demeanor shares little in common with the popular conception of the 
flippant geek-for-hire familiar to all too many movie fans (Dr. 
McKittrick in WarGames) and code geeks (n00b script-kiddie h4x0r in 


Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com
Received on Wed Jul 02 2008 - 01:08:01 PDT

This archive was generated by hypermail 2.2.0 : Wed Jul 02 2008 - 07:25:29 PDT