08-14-2012 01:25 PM
So at the latest DEFCON20 in Las Vegas, Gen. Alexander gave a talk on Cyber Security and as part of that, he appealed to the broard hacker community for assistance in helping to protect the Internet. What do you think about this?
08-14-2012 01:46 PM - edited 08-14-2012 01:48 PM
Money talks **bleep** walks.
He appealed to the hacker community for help? How inappropriate.
He ought to be talking to the infrastructure community about making a securable network.
08-14-2012 02:08 PM
My experience with 'security' -- they advertise for an 'expert', but then they end up hiring someone for cheap, who has more of an accounting or law enforcement background, rather than an actual engineering/technical background.
There's a local outfit that does a lot of 'security' consulting in the IT realm. Its almost entirely ex-RCMP officers who barely even know how to use computers. Somehow this is supposed to be 'security'.
I even know of one employer around here (now defunct) who used to put a person with mere OH&S training in charge of computer 'security'. It was a giant joke. Poor lady probably didn't know the difference between a firewall, and a boot rack (the latter being used for muddy shoes), yet she was in charge of such a crucial role.
08-14-2012 04:09 PM - edited 08-14-2012 04:43 PM
So in case you think we are pulling your leg, here is what Gen. Alexander looked like at the DEFCON20 talk and here is a story about what he talked about: NSA wants to hire hackers
Don't let him wearing a T-shirt and jeans fool you...
08-14-2012 04:21 PM - edited 08-14-2012 04:23 PM
"We don't pay as high as everybody else,"
Pretty much says everything you need to know. This individual wants something for nothing. Government hiring practices are notoriously bad for people who tend to be either self-taught, or really experienced -- and good hackers tend to fit that mold since there's really no set training course to be a hacker.
Working in the government environment should also carry a substantial premium salary-wise for the effort involved in dealing with the general intransigence of the organization, as well as the typical requirement of a security clearance. A lot of the 'good' hackers really don't want to go through probing questions like whether they smoked a few smishers in their youth, or heaven forbid, stole a little bit of long distance phone calling 25 years ago with some 2600Hz device they soldered together as a teenager from parts bought at Radio Shack.
Especially when they work for an organization that tends to be headed by various Perjurers-in-Chief and admitted drug users (ie: at least 2 of the most recent Presidents, and probably more).
08-14-2012 05:03 PM
Well, it's complicated. At first glance, it's an embarrassment. Better if the NSA came in and hacked the hacker's conference, THAT's how you recruit hackers.
But I'm sure the NSA would hire a few hackers just to get them off the street and see what they really know, and NOT to really depend on them.
NEVER trust anything from the NSA at face value.
Security is a serious business and relatively well understood in theoretical terms, it's something to be engineered, not something you go to a bunch of scruffy nerds for.
There was an article the other day about how Israel is recruiting security system developers like they would other technical workers, and lo and behold, it works better than recruiting antisocial hackers. I'm amazed that anyone would be amazed. I'll wager dollars to donuts that the Stuxnet virus was not developed by anyone with an illegal hacker background.
08-15-2012 12:30 PM - edited 08-15-2012 12:35 PM
I do not think folks at DEFCON needed to worry about the USG hacking them. As I recall, last year there were about half a dozen USG types who ended up on the "Wall of Sheep".
I do think that some of the hecklers (at Gen. Alexander's speech) did have a point. "If you want us (the hacker community) to help, do not try to create laws that criminalize our activity and go after us."
I do believe that the USG has finally realized that they DO NOT have what it takes to protect the U.S.'s Internet infrastrure from cyber attacks. And, IMHO, a lot of that is due to misunderstanding and downright laziness in allowing sensitive systems and networks to be accessible on the 'Net.
I believe that the appeal from Gen. Alexander is sincere; however, the devil is always in the details. The approach, the laws attempted to be passed, etc., do not send a message of "come help us." It's really about actions and not words.
Anyway, we appreciate your thoughts.
09-25-2012 04:03 PM
Something else to help put this in perspective, three of the talks at BsidesLV this year were from folks working with money from DARPA's Cyber fasttrack program... A program specificly designed for small teams or individuals that usualy work alone to recive a 'micro' grant to design something really cool. So US gov as a whole is reaching out, some are doing it better than others.
Some further info on the DARPA program: http://blog.strategiccyber.com/2011/11/09/darpas-c