How the U.S. NSA secures its Macs from snoopers

“The NSA (the National Security Agency, or, as some people prefer, No Such Agency) has found itself in the spotlight lately, owing in large part to leaks from former contractor Edward Snowden,” Rich Mogull reports for Macworld. “But although the agency has been in hot water because of who it has been spying on, snooping isn’t the agency’s only job. The NSA also plays an important role in helping the rest of the government secure its computers from outside attackers.”

“Back in 2010 the NSA published ‘Hardening Tips for Mac OS X 10.6 ‘Snow Leopard,” a terse, two-page pamphlet recommending a series of security precautions. The agency hasn’t updated that pamphlet for more recent versions of OS X — so I thought I’d do so in the agency’s stead,” Mogull reports. “I was updating the NSA’s advice for OS X 10.8, I decided to add a little guidance as to how much pain some of these tips might cause you.”

Read more in the full article here.


  1. If you want to NSA-proof your Mac disconnect all interfaces with the outside world and plug all Ethernet LAN, Ethernet WAN, USB, FireWire, and ThunderBolt ports with epoxy. Better now.

    1. This is brilliant. The Feds can charge citizens and foreign nationals a fee to access deleted files thus providing a necessary service and reducing the federal debt. Unfortunately, the popularity of this service may result in NSA purposefully hijacking you machine and holding all your files hostage just to earn a few bucks.

  2. Here you have the complete document…
    First, don’t write down your password in a sticky and put it in front of the computer or no where.
    Don’t ever let your computer alone with out a password.
    Don’t give your password to anyone at least it is the head of the NSA 🙂
    The other 366 pages are left intentionally in blank because OS X doesn’t need much security.

    For windows computers, the first rule is very simple:
    If you do, please read all of the 366 books each one of 1244 pages for Windows security.

  3. I reviewed the NSA Mac security pamphlet back in 2009. I pointed out that the federal government, at the time, was being repeatedly cracked, month after month, but the Chinese. Therefore, the NSA apparently wasn’t doing too good a job protecting THEIR OWN computers.

    Since that time, a lot has happened in Apple’s improvements of Mac and iOS security, well beyond any lame NSA recommendations. And, considering the NSA’s interest in hacking into ALL DATA EVERYWHERE, why would anyone settle for NSA’s security recommendations about ANYTHING?! You know they don’t want us to be secure. Just the opposite, the treasonous dickheads.

    For review, the 4th Amendment to the US Constitution:

    The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

    1. BTW: Rich Mogull is one of my Mac security mentors and a terrifically friendly guy. He’s been writing for TidBITS and MacWorld for many years.

      The only thing I’d add to his recommendations is to go out and get what I call a ‘reverse firewall’ to block outgoing calls to the Internet. If, by chance, your Mac has been PWNed, this will STOP the malware from calling home, from further infecting your Mac, from joining a botnet, from sending SPAM, etc.

      I own, use and love LittleSnitch. There is also a useful reverse firewall in Intego’s Net Barrier software, which I also own (but I prefer Little Snitch).

      Reverse firewalls inflict annoyance when they warn you that something unexpected is going on. If you’re the sort that just clicks buttons without reading the warnings, it’s going to be useless to you. I got used to the warnings, pay attention to them, and make quick judgements as to what is the best action. Often the processes trying to reach the Internet are stuff you’ve never heard of. So you do a search about them and learn. Any serious security buff will find reverse firewalls to be extremely useful.

        1. … And NetShade and VNC and Tor and on and on.

          I suspect there are tools to checkout what ports open on the way out of the computer, but I’m not familiar with them. There are plenty of tools to test what ports are open coming into the computer. Here’s one free test site I know about. ShieldsUP! from Steve Gibson. It’s been bashed upon by the best and is considered reliable:

          To hide outgoing data port opening would be fairly elaborate. It’s an interesting challenge for hackers to find a way around ‘reverse firewalls’. I personally do NOT have great faith in the NSA regarding anything. I expect them to be bumblers like the rest of #MyStupidGovernment, with the usual rare geniuses working with them who roll their eyes every few minutes at the average people with whom they get to work. 🙄 IOW: If there are backdoors, expect they’ll be discovered, if they are there.

          The brave and scary new world of tech.

  4. Burn your credit cards, passport, and SSN card. Use no bank accounts. Throw your comp, cell phone in the street under a bulldozer. Ride a bike instead of a car, live in a cave. Dye your hair, dress like a bum. Then your secure.

  5. NSA – Nazi Spying Apparatus

    Obozo’s favorite toy to spy on his political opponents.

    Now Obozo the clown wants to bomb Dyria to help out his Al Qaeda buddies.

    Thanks all you assholes for voting for this asshole twice.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.