NSA’s Hacker-in-Chief: We Don’t Need Zero-Days To Get Inside Your Network

The NSA has caught a lot of attention in recent years when it comes to the use of zero-day exploits, the precious security holes unknown to software vendors that hackers use to infect machines and penetrate networks.

By Joshua Kopstein|MOTHERBOARD

The market for these unpatched vulnerabilities is massive, driven by a seemingly insatiable demand from global intelligence services, most notably the US government. But many security experts have suggested that the role of zero-days in government-sponsored hacking has perhaps been overstated.

Including, now, the head of the NSA’s most elite and secretive hacking unit.

In an unprecedented talk on Thursday at the USENIX Enigma security conference in San Francisco, Rob Joyce, chief of NSA’s Tailored Access Operations (TAO), downplayed the importance of zero-days and the degree to which nation-state hackers like those in his unit depend on them.

“I think a lot of people think the nation states are running on this engine of zero-days. You go out with your skeleton key and unlock the door and you’re in. It’s not that,” he said.

read more