The National Security Agency’s hackers have a problem.
Last week, multiple outlets reported that its elite Tailored Access Operations unit—tasked with breaking into foreign networks—suffered another serious data breach. The theft of computer code and other material by an employee in 2015 allowed the Russian government to more easily detect U.S. cyber operations, according to The Washington Post. It’s potentially the fourth large-scale incident at the NSA to be revealed in the last five years.
Now, multiple sources with direct knowledge of TAO’s security procedures in the recent past tell The Daily Beast just how porous some of the defenses were to keep workers from stealing sensitive information—either digitally or by simply walking out of the front door with it.
One source described removing data from a TAO facility as “child’s play.” The Daily Beast granted the sources anonymity to talk candidly about the NSA’s security practices.
TAO is not your average band of hackers. Its operations have included digging into China’s networks, developing the tools British spies used to break into Belgium’s largest telecom, and hacking sections of the Mexican government.
While other parts of the NSA may focus on tapping undersea cables or prying data from Silicon Valley giants, TAO is the tip of the NSA’s offensive hacking spear, and could have access to much more sensitive information ripped from adversaries’ closed networks. The unit deploys and creates sophisticated exploits that rely on vulnerabilities in routers, operating systems, and computer hardware the general population uses—the sort of tools that could wreak havoc if they fell into the wrong hands.
That doesn’t mean those tools are locked down, though. “TAO specifically had a huge amount of latitude to move data between networks,” the first source, who worked at the unit after Edward Snowden’s mega-leak, said.
The former employee said TAO limited the number of USB drives—which could be used to steal data—after that 2013 breach, but he still had used several while working at TAO.
A recent report by the Defense Department’s inspector general completed in 2016 found that the NSA’s “Secure the Net” project—which aimed to restrict access to its most sensitive data after the Snowden breach—fell short of its stated aims. The NSA did introduce some improvements, but it didn’t effectively reduce the number of user accounts with “privileged” access, which provide more avenues into sensitive data than normal users, nor fully implement technology to oversee these accounts’ activities, the report reads. Physical security wasn’t much better, at least at one TAO operator’s facility.
He told The Daily Beast that there were “no bag checks or anything” as employees and contractors left work for the day—meaning, it was easy smuggle things home. Metal detectors were present, including before Snowden, but “nobody cared what came out,” the second source added. The third source, who visited TAO facilities, said bag checks were random and weak.
Read more from the Daily Beast
Last week, multiple outlets reported that its elite Tailored Access Operations unit—tasked with breaking into foreign networks—suffered another serious data breach. The theft of computer code and other material by an employee in 2015 allowed the Russian government to more easily detect U.S. cyber operations, according to The Washington Post. It’s potentially the fourth large-scale incident at the NSA to be revealed in the last five years.
Now, multiple sources with direct knowledge of TAO’s security procedures in the recent past tell The Daily Beast just how porous some of the defenses were to keep workers from stealing sensitive information—either digitally or by simply walking out of the front door with it.
One source described removing data from a TAO facility as “child’s play.” The Daily Beast granted the sources anonymity to talk candidly about the NSA’s security practices.
TAO is not your average band of hackers. Its operations have included digging into China’s networks, developing the tools British spies used to break into Belgium’s largest telecom, and hacking sections of the Mexican government.
While other parts of the NSA may focus on tapping undersea cables or prying data from Silicon Valley giants, TAO is the tip of the NSA’s offensive hacking spear, and could have access to much more sensitive information ripped from adversaries’ closed networks. The unit deploys and creates sophisticated exploits that rely on vulnerabilities in routers, operating systems, and computer hardware the general population uses—the sort of tools that could wreak havoc if they fell into the wrong hands.
That doesn’t mean those tools are locked down, though. “TAO specifically had a huge amount of latitude to move data between networks,” the first source, who worked at the unit after Edward Snowden’s mega-leak, said.
The former employee said TAO limited the number of USB drives—which could be used to steal data—after that 2013 breach, but he still had used several while working at TAO.
“Most
operators knew how they could get anything they wanted out of the
classified nets and onto the internet if they wanted to, even without
the USB drives,” the former TAO employeesai.
Read more: Elite Hackers: Stealing NSA Secrets Is ‘Child’s Play’A recent report by the Defense Department’s inspector general completed in 2016 found that the NSA’s “Secure the Net” project—which aimed to restrict access to its most sensitive data after the Snowden breach—fell short of its stated aims. The NSA did introduce some improvements, but it didn’t effectively reduce the number of user accounts with “privileged” access, which provide more avenues into sensitive data than normal users, nor fully implement technology to oversee these accounts’ activities, the report reads. Physical security wasn’t much better, at least at one TAO operator’s facility.
He told The Daily Beast that there were “no bag checks or anything” as employees and contractors left work for the day—meaning, it was easy smuggle things home. Metal detectors were present, including before Snowden, but “nobody cared what came out,” the second source added. The third source, who visited TAO facilities, said bag checks were random and weak.
Read more from the Daily Beast
No comments:
Post a Comment