Despite All Of Its Surveillance Capability, The NSA Still Depends On Hackers
REUTERS
Well, despite the rather obvious fact that the NSA has access to the haystack - a euphemism for all web communications - it still relies on hackers to find the needle.
That's because the web is largely still encrypted.
Recent stories have indicated that the NSA has pulled out all stops to degrade encryption - putting plants in the right positions in the tech industry, coercing companies to insert backdoors in software and hardware, etc.
The NSA takes those routes because brute force attacks on encryption - with the NSA's super computers guessing umpteen passwords a millisecond - simply cannot keep up with current encryption technology.
Even Edward Snowden said encryption still works.
So the NSA has constructed an elite group of hackers to attack target computers - what they call "end point" exploitation - prior to communications entering the encrypted ether of the Internet.
Matthew M. Aid of Foreign Policy writes that despite the massive collection capabilities of the NSA, its secretive hacking sub-unit - called TAO, Tailored Access Operations - is the ultimate force to be reckoned with in the cyber espionage landscape.
Even its name - Tailored Access - implies a reliance on software exploitation. From Foreign Policy:
According to sources familiar with the organization's operations, TAO has been enormously successful over the past 12 years in covertly inserting highly sophisticated spyware into the hard drives of over 80,000 computer systems around the world, although this number could be much higher.
The NSA's reliance on these elite hackers explains why the agency makes regular appearances at hacking conferences like DefCon and BlackHat.
There is simply no substitute for exploiting a target's computer in order to intercept all communications prior to those communications leaving the computer and becoming encrypted.
It's the cyber equivalent of the 1960s police tactic of bugging a suspect's rotary phone - they get the info right at the source.
Aid reports that the NSA also often pays outside services - what we've taken to referring to as "hacker mercenaries" - to provide these software exploits (known as "Zero Day Exploits," since no one knows they exist yet).
Since the Snowden disclosures, Aid notes, many of TAO's targets have updated their software, so the NSA's listening capability is going dark.
Nonetheless, every software has an exploit waiting to be found, and TAO has proven incredibly capable of finding them.
Which begs the question: if the NSA has proven it can exploit the needles, does it really still need the haystack?
Next Story
I spent 2 weeks in India. A highlight was visiting a small mountain town so beautiful it didn't seem real. 
I quit McKinsey after 1.5 years. I was making over $200k but my mental health was shattered.
Some Tesla factory workers realized they were laid off when security scanned their badges and sent them back on shuttles, sources say
Indian Railways to break record with 9,111 trips to meet travel demand this summer, nearly 3,000 more than in 2023
India's exports to China, UAE, Russia, Singapore rose in 2023-24
A case for investing in Government securities
Top places to visit in Auli in 2024
Sustainable Transportation Alternatives
