By Glenn Derene
June 30, 2008
When it comes to the U.S. government's computer security, we in the tech
press have a habit of reporting only the bad news.for instance, last
year's hacks into Oak Ridge and Los Alamos National Labs, a break-in to
an e-mail server used by Defense Secretary Robert Gates ... the list
goes on and on. Frankly that's because the good news is usually a bunch
of nonevents: "Hackers deterred by diligent software patching at the
Army Corps of Engineers." Not too exciting.
So, in the world of IT security, it must seem that the villains
outnumber the heroes - but there are some good-guy celebrities in the
world of cyber security. In my years of reporting on the subject, I've
often heard the National Security Agency's red team referred to with a
sense of breathless awe by security pros. These guys are purported to be
just about the stealthiest, most skilled firewall-crackers in the game.
Recently, I called up the secretive government agency and asked if it
could offer up a top red teamer for an interview, and, surprisingly, the
answer came back, "Yes."
What are red teams, you ask? They're sort of like the special forces
units of the security industry -- highly skilled teams that clients pay
to break into the clients' own networks. These guys find the security
flaws so they can be patched before someone with more nefarious plans
sneaks in. The NSA has made plenty of news in the past few years for
warrantless wiretapping and massive data-mining enterprises of
questionable legality, but one of the agency's primary functions is the
protection of the military's secure computer networks, and that's where
the red team comes in.
In exchange for the interview, I agreed not to publish my source's name.
When I asked what I should call him, the best option I was offered was:
"An official within the National Security Agency's Vulnerability
Analysis and Operations Group." So I'm just going to call him OWNSAVAOG
for short. And I'll try not to reveal any identifying details about the
man whom I interviewed, except to say that his disciplined, military
demeanor shares little in common with the popular conception of the
flippant geek-for-hire familiar to all too many movie fans (Dr.
McKittrick in WarGames) and code geeks (n00b script-kiddie h4x0r in
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com