from Popular Mechanics

In the world of IT security, it must seem that the villains outnumber the heroes—but there are some good-guy celebrities in the world of cyber security. In my years of reporting on the subject, I’ve often heard the National Security Agency’s red team referred to with a sense of breathless awe by security pros. These guys are purported to be just about the stealthiest, most skilled firewall-crackers in the game. Recently, I called up the secretive government agency and asked if it could offer up a top red teamer for an interview, and, surprisingly, the answer came back, “Yes.”

What are red teams, you ask? They’re sort of like the special forces units of the security industry—highly skilled teams that clients pay to break into the clients’ own networks. These guys find the security flaws so they can be patched before someone with more nefarious plans sneaks in. The NSA has made plenty of news in the past few years for warrantless wiretapping and massive data-mining enterprises of questionable legality, but one of the agency’s primary functions is the protection of the military’s secure computer networks, and that’s where the red team comes in.

In exchange for the interview, I agreed not to publish my source’s name. When I asked what I should call him, the best option I was offered was: “An official within the National Security Agency’s Vulnerability Analysis and Operations Group.” So I’m just going to call him OWNSAVAOG for short. And I’ll try not to reveal any identifying details about the man whom I interviewed, except to say that his disciplined, military demeanor shares little in common with the popular conception of the flippant geek-for-hire familiar to all too many movie fans (Dr. McKittrick in WarGames) and code geeks (n00b script-kiddie h4×0r in leetspeak).

So what exactly does the NSA’s red team actually do? They provide “adversarial network services to the rest of the DOD,” says OWNSAVAOG. That means that “customers” from the many branches of the Pentagon invite OWNSAVAOG and his crew to act like our country’s shadowy enemies (from the living-in-his-mother’s-basement code tinkerer to a “well-funded hacker who has time and money to invest in the effort”), attempting to slip in unannounced and gain unauthorized access.

These guys must conduct their work without doing damage to or otherwise compromising the security of the networks they are tasked to analyze—that means no denial-of-service attacks, malicious Trojans or viruses. “The first rule,” says OWNSAVAOG, “is ‘do no harm.’?” So the majority of their work consists of probing their customers’ networks, gaining user-level access and demonstrating just how compromised the network can be. Sometimes, the red team will leave an innocuous file on a secure part of a customer’s network as a calling card, as if to say, “This is your friendly NSA red team. We danced past the comical precautionary measures you call security hours ago. This file isn’t doing anything, but if we were anywhere near as evil as the hackers we’re simulating, it might just be deleting the very government secrets you were supposed to be protecting. Have a nice day!”
assive data-mining enterprises of questionable legality, but one of the agency’s primary functions is the protection of the military’s secure computer networks, and that’s where the red team comes in.