NSA hacking chief's mission impossible: Advising White House on cybersecurity

Rob Joyce is heading to US National Security Council


NSA hacking crew bossman Rob Joyce is set to join US President Donald Trump's National Security Council as a cybersecurity adviser.

Joyce headed up the NSA's Tailored Access Operations division, the spy agency's elite computer exploitation squad.

Whispers have been sloshing around since the weekend that Joyce was tapped to shape cybersecurity policy for the Trump administration. On Wednesday morning, at the Cyber Disrupt 2017 conference in Washington DC, White House aide Thomas Bossert went on stage and confirmed the rumors are true.

"I’d like you to welcome Rob Joyce as he joins the White House National Security Council team ... We will welcome Rob as soon as the process works its way through," said Bossert, who advisers the President on homeland security and counterterrorism. You can watch the conference unfold live here, by the way.

The US National Security Council is supposed to brief the president on foreign affairs and, well, national security issues. It's chaired by the prez, has the secretaries of state, defense and energy on board, plus military and intelligence advisers. The council is at the center of ongoing political drama: the Chairman of the Joint Chiefs of Staff and the Director of National Intelligence were relegated from the council's Principals Committee, and White House Chief Strategist Steve Bannon was controversially installed by Trump. Now Donald has overruled a move to sideline an intelligence operative from the council – an operative backed by Bannon and Jared Kushner, Trump's real-estate investor son-in-law.

All in all, Joyce joins a group that should be strictly business but instead finds itself snagged again and again in political chess games. It's still not clear where ex-New York City major Rudy Giuliani fits in all of this: he was supposed to be a cybersecurity tsar to the president.

"It's a big responsibility," said Fleming Shi, SVP of advanced technology engineering at Barracuda, of Joyce's appointment, "but critical to our national security to create a true partnership between private industry and the government. Not just consulting and regulating, but real collaboration."

Meanwhile, former Senator Dan Coats (R-IA) today got the green light from the US Senate to take up the role of Director of National Intelligence. He was handpicked by Trump for the position. ®

Broader topics


Other stories you might like

  • IBM buys Randori to address multicloud security messes
    Big Blue joins the hot market for infosec investment

    RSA Conference IBM has expanded its extensive cybersecurity portfolio by acquiring Randori – a four-year-old startup that specializes in helping enterprises manage their attack surface by identifying and prioritizing their external-facing on-premises and cloud assets.

    Big Blue announced the Randori buy on the first day of the 2022 RSA Conference on Monday. Its plan is to give the computing behemoth's customers a tool to manage their security posture by looking at their infrastructure from a threat actor's point-of-view – a position IBM hopes will allow users to identify unseen weaknesses.

    IBM intends to integrate Randori's software with its QRadar extended detection and response (XDR) capabilities to provide real-time attack surface insights for tasks including threat hunting and incident response. That approach will reduce the quantity of manual work needed for monitoring new applications and to quickly address emerging threats, according to IBM.

    Continue reading
  • OMIGOD: Cloud providers still using secret middleware
    All the news you may have missed from RSA this week

    RSA Conference in brief Researchers from Wiz, who previously found a series of four serious flaws in Azure's Open Management Infrastructure (OMI) agent dubbed "OMIGOD," presented some related news at RSA: Pretty much every cloud provider is installing similar software "without customer's awareness or explicit consent."

    In a blog post accompanying the presentation, Wiz's Nir Ohfeld and Shir Tamari say that the agents are middleware that bridge customer VMs and the provider's other managed services. The agents are necessary to enable advanced VM features like log collection, automatic updating and configuration syncing, but they also add new potential attack surfaces that, because customers don't know about them, can't be defended against.

    In the case of OMIGOD, that included a bug with a 9.8/10 CVSS score that would let an attacker escalate to root and remotely execute code. Microsoft patched the vulnerabilities, but most had to be applied manually.

    Continue reading
  • Quad nations pledge deeper collaboration on infosec, data-sharing, and more
    But think tank says its past attempts at working together haven't gone well

    Leaders of the Quad alliance – Australia, India, Japan, and the USA – met on Tuesday and revealed initiatives to strengthen collaboration on emerging technologies and cybersecurity, with an unspoken subtext of neutralizing China.

    "Today, we – prime minister Anthony Albanese of Australia, prime minister Narendra Modi of India, prime minister Fumio Kishida of Japan, and president Joe Biden of the United States – convene in Tokyo to renew our steadfast commitment to a free and open Indo-Pacific that is inclusive and resilient," declared the Quad in a very formal statement.

    The nations also stated they "strongly oppose any coercive, provocative or unilateral actions that seek to change the status quo and increase tensions in the area."

    Continue reading
  • There are 24.6 billion pairs of credentials for sale on dark web
    Plus: Citrix ASM has some really bad bugs, and more

    In brief More than half of the 24.6 billion stolen credential pairs available for sale on the dark web were exposed in the past year, the Digital Shadows Research Team has found.

    Data recorded from last year reflected a 64 percent increase over 2020's total (Digital Shadows publishes the data every two years), which is a significant slowdown compared to the two years preceding 2020. Between 2018 and the year the pandemic broke out, the number of credentials for sale shot up by 300 percent, the report said. 

    Of the 24.6 billion credentials for sale, 6.7 billion of the pairs are unique, an increase of 1.7 billion over two years. This represents a 34 percent increase from 2020.

    Continue reading
  • Big Tech begs Congress to pass $52bn chip subsidies bill
    This silicon business ain't cheap, you know, say execs at Alphabet, Amazon, Microsoft, Nvidia etc

    Big Tech in America has had enough of Congress' inability to pass pending legislation that includes tens of billions of dollars in subsidies to boost semiconductor manufacturing and R&D in the country.

    In a letter [PDF] sent to Senate and House leaders Wednesday, the CEOs of Alphabet, Amazon, Dell, IBM, Microsoft, Salesforce, VMware, and dozens of other tech and tech-adjacent companies urged the two chambers of Congress to reach consensus on a long-stalled bill they believe will make the US more competitive against China and other countries.

    "The rest of the world is not waiting for the US to act. Our global competitors are investing in their industry, their workers, and their economies, and it is imperative that Congress act to enhance US competitiveness," said the letter.

    Continue reading
  • Costa Rican government held up by ransomware … again
    Also US warns of voting machine flaws and Google pays out $100 million to Illinois

    In brief Last month the notorious Russian ransomware gang Conti threatened to overthrow Costa Rica's government if a ransom wasn't paid. This month, another band of extortionists has attacked the nation.

    Fresh off an intrusion by Conti last month, Costa Rica has been attacked by the Hive ransomware gang. According to the AP, Hive hit Costa Rica's Social Security system, and also struck the country's public health agency, which had to shut down its computers on Tuesday to prevent the spread of a malware outbreak.

    The Costa Rican government said at least 30 of the agency's servers were infected, and its attempt at shutting down systems to limit damage appears to have been unsuccessful. Hive is now asking for $5 million in Bitcoin to unlock infected systems.

    Continue reading
  • Symbiote Linux malware spotted – and infections are 'very hard to detect'
    Performing live forensics on hijacked machine may not turn anything up, warn researchers

    Intezer security researcher Joakim Kennedy and the BlackBerry Threat Research and Intelligence Team have analyzed an unusual piece of Linux malware they say is unlike most seen before - it isn't a standalone executable file.

    Dubbed Symbiote, the badware instead hijacks the environment variable (LD_PRELOAD) the dynamic linker uses to load a shared object library and soon infects every single running process.

    The Intezer/BlackBerry team discovered Symbiote in November 2021, and said it appeared to have been written to target financial institutions in Latin America. Analysis of the Symbiote malware and its behavior suggest it may have been developed in Brazil. 

    Continue reading
  • Russia, China warn US its cyber support of Ukraine has consequences
    Countries that accept US infosec help told they could pay a price too

    Russia and China have each warned the United States that the offensive cyber-ops it ran to support Ukraine were acts of aggression that invite reprisal.

    The US has acknowledged it assisted Ukraine to shore up its cyber defences, conducted information operations, and took offensive actions during Russia's illegal invasion.

    While many nations occasionally mention they possess offensive cyber-weapons and won't be afraid to use them, admissions they've been used are rare. US Cyber Command chief General Paul Nakasone's public remarks to that effect were therefore unusual.

    Continue reading
  • Facebook phishing campaign nets millions in IDs and cash
    Hundreds of millions of stolen credentials and a cool $59 million

    An ongoing phishing campaign targeting Facebook users may have already netted hundreds of millions of credentials and a claimed $59 million, and it's only getting bigger.

    Identified by security researchers at phishing prevention company Pixm in late 2021, the campaign has only been running since the final quarter of last year, but has already proven incredibly successful. Just one landing page - out of around 400 Pixm found - got 2.7 million visitors in 2021, and has already tricked 8.5 million viewers into visiting it in 2022. 

    The flow of this phishing campaign isn't unique: Like many others targeting users on social media, the attack comes as a link sent via DM from a compromised account. That link performs a series of redirects, often through malvertising pages to rack up views and clicks, ultimately landing on a fake Facebook login page. That page, in turn, takes the victim to advert landing pages that generate additional revenue for the campaign's organizers. 

    Continue reading
  • Google has more reasons why it doesn't like antitrust law that affects Google
    It'll ruin Gmail, claims web ads giant

    Google has a fresh list of reasons why it opposes tech antitrust legislation making its way through Congress but, like others who've expressed discontent, the ad giant's complaints leave out mention of portions of the proposed law that address said gripes.

    The law bill in question is S.2992, the Senate version of the American Innovation and Choice Online Act (AICOA), which is closer than ever to getting votes in the House and Senate, which could see it advanced to President Biden's desk.

    AICOA prohibits tech companies above a certain size from favoring their own products and services over their competitors. It applies to businesses considered "critical trading partners," meaning the company controls access to a platform through which business users reach their customers. Google, Apple, Amazon, and Meta in one way or another seemingly fall under the scope of this US legislation. 

    Continue reading

Biting the hand that feeds IT © 1998–2022