What are red teams, you ask? They’re sort of like the special forces units of the security industry—highly skilled teams that clients pay to break into the clients’ own networks. These guys find the security flaws so they can be patched before someone with more nefarious plans sneaks in. The NSA has made plenty of news in the past few years for warrantless wiretapping and massive data-mining enterprises of questionable legality, but one of the agency’s primary functions is the protection of the military’s secure computer networks, and that’s where the red team comes in.
So what exactly does the NSA’s red team actually do? They provide “adversarial network services to the rest of the DOD,” says OWNSAVAOG. That means that “customers” from the many branches of the Pentagon invite OWNSAVAOG and his crew to act like our country’s shadowy enemies (from the living-in-his-mother’s-basement code tinkerer to a “well-funded hacker who has time and money to invest in the effort”), attempting to slip in unannounced and gain unauthorized access.
These guys must conduct their work without doing damage to or otherwise compromising the security of the networks they are tasked to analyze—that means no denial-of-service attacks, malicious Trojans or viruses. “The first rule,” says OWNSAVAOG, “is `do no harm.’?” So the majority of their work consists of probing their customers’ networks, gaining user-level access and demonstrating just how compromised the network can be. Sometimes, the red team will leave an innocuous file on a secure part of a customer’s network as a calling card, as if to say, “This is your friendly NSA red team. We danced past the comical precautionary measures you call security hours ago. This file isn’t doing anything, but if we were anywhere near as evil as the hackers we’re simulating, it might just be deleting the very government secrets you were supposed to be protecting. Have a nice day!”