[ISN] U.S. officials go to hackers' convention to recruit

InfoSec News isn at c4i.org
Thu Aug 11 03:15:18 EDT 2005


http://www.computerworld.com/securitytopics/security/story/0,10801,103825,00.html

By Andy Sullivan
AUGUST 10, 2005 
REUTERS

Attention hackers: Uncle Sam wants you.

As scam artists, organized-crime rings and other miscreants find a
home on the Internet, top federal officials are trolling hacker
conferences to scout talent and talk up the glories of a career on the
front lines of the information wars.

"If you want to work on cutting-edge problems, if you want to be part
of the truly great issues of our time ... we invite you to work with
us," Assistant Secretary of Defense Linton Wells told hackers at a
recent conference in Las Vegas.

Wells and other "feds" didn't exactly blend in at Defcon, an annual
gathering of computer-security experts and teenage troublemakers that
celebrates the cutting edge of security research.

The buttoned-down world of Washington seems a continent away at
Defcon, which was named as a spoof on the Pentagon's code for military
readiness derived from "defense condition." Graffiti covers the
bathroom walls, DJs spin electronic music by the pool until dawn, and
hackers who "out" undercover government employees win free T-shirts.

At a "Meet the Feds" panel designed to bridge the cultural divide, a
young man waved a pages-long manifesto and demanded, "I would like to
know why the federal government, especially some of the law
enforcement agencies, are destroying this country."

Despite appearances, hackers and the government have long enjoyed a
symbiotic relationship. Federal research dollars funded development of
the Internet and many other cutting-edge technologies, and many
hackers first learn the ins and outs of computer security through
military service before moving on to private-sector jobs.

College students in computer-security programs can have their tuition
picked up by the government if they agree to work for it when they
graduate.

Feds have been a key part of the Defcon audience since its inception
in 1992, though they are required to stay at off-site hotels to avoid
some of the wilder goings-on.

Along with recruiting, the conference gives federal officials a chance
to develop sources and keep up with new research.

"I'm learning while I'm here, but I'm also getting the names of people
I can maybe call on later so we have a better understanding as cases
go along," said Don Blumenthal, who oversees the Internet lab for
investigators at the Federal Trade Commission.

Tensions between feds and hackers ran high in 2001, when the FBI
arrested Russian programmer Dmitri Skylarov at the conference for
writing a program that could break copy protection on electronic
books.

The relationship between the two sides has become less adversarial in
recent years, according to long-time attendees, and government
employees now account for nearly half of the audience. Some Defcon
staffers even hold down day jobs with the National Security Agency and
other government shops.

"You can't be deceived by the uniforms," said technology commentator
Richard Thieme. "I talked at the Pentagon, and one-third of the people
in the audience I already knew from Defcon."

That's not to say that Defcon has gone straight. The ability to break
into computer systems is prized above all, and conference attendees
whose computers fell prey to their colleagues' attacks are displayed
on a "wall of sheep." Some hackers spent the weekend in their hotel
rooms cooking up a new way to take control of the Cisco Systems Inc.  
routers that underpin much of the Internet.

Many defend this "black hat" approach, arguing that attacks that cause
damage in the short term raise awareness of online threats and thus
improve the security picture as a whole.

Lynn and other feds made clear that they aren't interested in working
with those who break into computer systems without permission. "We're
looking for people who haven't crossed that line yet," said Jim
Christy, director of the U.S. Department of Defense's Cyber Crime
Institute. "You've got to get folks with the right morals."

Blumenthal said that while he was impressed with the honesty of the
people he had met, he would double-check the information he receives
from them as he does with other sources. "I have to feel confident
that what I'm getting is a straight story," Blumenthal said. "I find
out if I have a curve thrown at me."





More information about the ISN mailing list