NSA’s war with sys admins

Ryan Gallagher and Peter Maas at The Intercept have an important story about how the NSA has been hunting and hacking the systems administrators of companies.

Across the world, people who work as system administrators keep computer networks in order – and this has turned them into unwitting targets of the National Security Agency for simply doing their jobs. According to a secret document provided by NSA whistleblower Edward Snowden, the agency tracks down the private email and Facebook accounts of system administrators (or sys admins, as they are often called), before hacking their computers to gain access to the networks they control.

By infiltrating the computers of system administrators who work for foreign phone and Internet companies, the NSA can gain access to the calls and emails that flow over their networks.

The classified posts reveal how the NSA official aspired to create a database that would function as an international hit list of sys admins to potentially target. Yet the document makes clear that the admins are not suspected of any criminal activity – they are targeted only because they control access to networks the agency wants to infiltrate. “Who better to target than the person that already has the ‘keys to the kingdom’?” one of the posts says.

The NSA wants more than just passwords. The document includes a list of other data that can be harvested from computers belonging to sys admins, including network maps, customer lists, business correspondence and, the author jokes, “pictures of cats in funny poses with amusing captions.” The posts, boastful and casual in tone, contain hacker jargon (pwn, skillz, zomg, internetz) and are punctuated with expressions of mischief. “Current mood: devious,” reads one, while another signs off, “Current mood: scheming.”

As The Intercept revealed last week, clandestine hacking has become central to the NSA’s mission in the past decade. The agency is working to aggressively scale its ability to break into computers to perform what it calls “computer network exploitation,” or CNE: the collection of intelligence from covertly infiltrated computer systems. Hacking into the computers of sys admins is particularly controversial because unlike conventional targets – people who are regarded as threats – sys admins are not suspected of any wrongdoing.

Why is this important? Because sys admins are the people best suited to thwart the NSA’s spying efforts and this information is likely to really irk them, especially since the documents reveal that the people who work for the NSA have little respect for hackers who do not work for the government and disdain them. Nobody likes being taken advantage of and in the world that these people live in, being hacked by someone else implies that your skills are inferior to theirs.

Technical people are in the best position to build in as the default in systems the kinds of safeguards that would create greater levels of privacy protection. Up to now, they have been largely anonymous and viewed as apolitical lower-rung cogs in the machine, just carrying out policies that are set at higher levels. What their fellow sys admin Edward Snowden has showed is that they can be important political players if they become radicalized.

In one session at the 30C3 conference held in Germany in December 2013 where the audience seemed to consist of many technical people at the sys admin level, the call by Jacob Appelbaum, Sarah Harrison, and Julian Assange for sys admins of the world to unite to defeat the NSA’s efforts was received with applause. And this was before the recent revelation that the NSA essentially perceives sys admins as targets to be hacked.

I cannot imagine that this latest Snowden revelation made the sys admins feel any warmer towards the NSA.


  1. Lassi Hippeläinen says

    The sys admins of the world need to unite and create lots of encrypted files that contain pictures of cats in funny poses with amusing captions. Give Caesar what Caesar wants.

  2. John Horstman says

    The project is already in underway. Fight for the Future is leading a push to rebuild network infrastructure from the ground up (mostly using existing technologies that are not deployed widely enough yet) to better protect against stuff like NSA dragnets/data taps. Expect most sites to start using SSL by default, for example.

  3. Mano Singham says


    I was not aware of this but am glad to hear it. Thanks for letting me know.

  4. lorn says

    I don’t see the problem. Pickpockets pick pockets, safe crackers crack safes, and hackers hack. The NSA hackers are in the business of gaining access. As such they have to know systems and how systems are structured. Knowing how sys admins think, both as a group/community and as individuals, gives them a leg up on hacking the systems. This isn’t a much more than what you do if you target any user. It is standard to gather as much information as possible about users. Some of this comes down to the simple fact that system administrators are not always significantly more savvy about things like passwords, security settings and software updates than your common user. Pet names and birth dates still show up as passwords and a lot of well known security holes remain unpatched. Humans are not always on the ball and a sloppy and unmaintained Facebook page with complaints about how burdensome software upgrades are may indicate an administrator whose account may be easier to hack than a administrator with a more up to date page and an ongoing dialog of how interesting it is to keep up on patches and upgrades.

    As “doublereed” @#1 points out, you hack the person. But you also select the person, and their account, as a target for hacking. So you seek out the sloppy, the lazy, the distracted, people who are burned out, people disengaged from their community with outdated skills, people about to quit, or retire.

    The job of a NSA hacker is to practice and remain proficient in gaining access to locked systems. They keep their teeth sharp by hacking. Guilt or innocence of the target has nothing to do with it.

  5. Friendly says

    The job of a NSA hacker is to practice and remain proficient in gaining access to locked systems. They keep their teeth sharp by hacking.

    So they should do that against NSA-owned systems set up to challenge them. Or they should do it against corporate systems for which consent has been given to test their security. Or they should do it against systems without the owner’s consent, but only when they have a court order to search for specific information, and should not retrieve anything from those systems except what is in the scope of that order.

    Or do you really mean to imply that no one has a right to privacy and that information is exempt from laws against unlawful search and seizure?

    Guilt or innocence of the target has nothing to do with it.

    Apparently you do.

  6. doublereed says

    The job of a NSA hacker is to practice and remain proficient in gaining access to locked systems. They keep their teeth sharp by hacking.

    There are plenty of places hackers can go to hone their skills without doing things that are illegal. The NSA probably has tons upon tons of practice networks that they constantly update and tweak to practice attacks. There is no need for them to target civilian sysadmins unless that’s their goal.

    Look up Red Teams (and on the other side, Blue Team). It’s a fairly common practice in high-end security world. But there are rules and contracts so that you don’t do illegal things. If there is no contract, then that is against the law.

    What you are claiming is essentially that the NSA is above the law. No. They are not.

Leave a Reply

Your email address will not be published. Required fields are marked *