Latest in Culture

Image credit:

Zero-day exploits aren't as important to the NSA as you think

The head of the NSA's elite hacking unit explains.

Sponsored Links

The head of the National Security Agency's elite hacking arm, Tailored Access Operations, downplayed the importance of zero-day exploits during a talk at USENIX Enigma 2016 in San Francisco this week, as spotted by Vice. Zero-day security holes are secret (and usually short-lived) software vulnerabilities -- the vendor doesn't know about them (until it does). According to TAO chief Rob Joyce, zero-day exploits are a small part of the NSA's hacking agenda.

TAO chief Rob Joyce said, "I think a lot of people think the nation states, they're running on this engine of zero-days. You go out with your master skeleton key and unlock the door and you're in. It's not that. Take these big, corporate networks, these large networks, any large network -- I will tell you that persistence and focus will get you in, will achieve that exploitation, without the zero-days."

Joyce said that there are easier, safer and more productive ways to hack a nation-state than by taking advantage of a zero-day hole. The key is persistence and focus, Joyce said.

Another arm of the US government, the Federal Bureau of Investigation, recently revealed that it exploited zero-day vulnerabilities, though it preferred not to because the points of entry were usually short-lived. It sounds like the NSA and FBI are on the same page here.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Roku is giving away 30 days of premium video

Roku is giving away 30 days of premium video

View
NASA warns Moon base plans might slip by a year

NASA warns Moon base plans might slip by a year

View
Lab-in-a-box test can detect COVID-19 in 5 minutes

Lab-in-a-box test can detect COVID-19 in 5 minutes

View
Google rolls out Drive shortcuts ahead of folder structure changes

Google rolls out Drive shortcuts ahead of folder structure changes

View
SpaceX launches its original Dragon capsule for the last time

SpaceX launches its original Dragon capsule for the last time

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr