National Security Agency (NSA) Director Keith Alexander appealed to the best and brightest among America’s hackers to join U.S. security forces in defense against mounting cyber-attacks on Friday. Coming to this year’s Las Vegas DefCon hacker gathering, the Director marked a first in recruiting for the nation’s security surveillance apparatus.
Speaking at this year’s elite DefCon gathering at the Rio casino conference center in Las Vegas, an unprecedented appearance, Alexander remarked to a standing room only audience, “In this room, this room right here, is the talent our nation needs to secure cyberspace.” Wearing a t-shirt and jeans, Alexander told the gathering “We need great talent. We don’t pay as high as everybody else, but we’re fun to be around.” Alexander’s appearance is considered a milestone for the DefCon event, which is expected to draw a record 16,000 attendees this year.
DefCon is a hacking showcase considered both technically elite and culturally grassroots. It boasts a spotted history with the Federal government. Alexander’s DefCon appearance on Friday followed a wrap-up of sibling BlackHat conference activities on Thursday. BlackHat pulls the corporate IT crowd to its conference activities in business attire. DefCon is the more significant after-party that everybody’s really gaming for after all – it’s older, less formal, and resembling “the Net as wild west.” DefCon is the dress-down event where players mingle with “cryptographers, script kiddies, security researchers and a liberal smattering of military and law enforcement agents “both in and out of uniform,” comments Stacy Cowley of CNN Money.
Hacker group Ninja Networks actually set up a private cellular network during the DefCon program, which actually won “admiring praise” from the Director in his comments. Alexander ran through an extensive list of IT achievers who have worked with Federal agencies on security matters, including Vint Cerf and Dave Aitel, known for pioneering work on the federal payroll.
“We’re the ones who built this Internet,” Alexander said, citing the key role agencies like Defense Advanced Research Projects Agency (DARPA) played in the network’s early days. “Now we’re the ones who have to keep it secure, and I think you folks can help do that.” In addition to his role as NSA Director, four star general Alexander also serves as head of the U.S. Cyber Command.
Conference founder Jeff Moss, a.k.a. The Dark Tangent, told attendees that DefCon had invited Alexander in part so that they could learn more about one of the world’s “spookiest, least known” organizations. Alexander rarely speaks publicly to any group, much less a group specialized in technical areas whose discoveries of IT vulnerabilities get used by all sides in cyber war.
NSA sponsored a booth at the gathering – also another first – which organizers wryly placed right next to the Electronic Freedom Foundation (EFF) booth. The EFF has sued the government for illegally tapping conversations of Americans. Alexander actually spoke with staff at the EFF booth, stating that he believes the U.S. government can secure the nation and also protect civil liberties. (They did not discuss pending litigation.)
NSA set up a special recruiting site for the show—clearly not your grandfather’s federal career pitch:
“If you’re up on your game, you already know the National Security Agency and what we do. … At NSA, we don’t crack codes and develop new encryption algorithms just for the fun of it (but don’t tell our tech teams that). … here, it’s all about the endgame: keeping you and your family safe and secure … without the threat of harm from foreign adversaries. … relocating to the front lines of cyber operations. … Now, for those of you who think you’ll never make it through security, … If you have a few, shall we say, indiscretions in your past, don’t be alarmed. You shouldn’t automatically assume you won’t be hired. If you’re really interested, you owe it to yourself to give it a shot.”
Attendees engaged in DefCon’s “Capture the Flag” (CTF) battle (a geek Olympic event of sorts) are among the most wanted candidate types for NSA. DefCon CTF teams are famous for fighting virtual showdowns to break into each other’s servers and steal key information while holding or repelling rival attackers. Coders worldwide battle through a whole series of qualifying rounds to make it to CTF. These are the top hackers of the world by many observers’ standards.
Reception for NSA’s presence was mixed, but reportedly positive on balance. Hundreds were turned away from the program as attendance already was at capacity for the conference hall. Alexander also spoke on civil liberties concerns that are a major issue for many researchers devoted to the Internet, taking questions screened by Moss. Alexander strongly denied NSA’s having dossiers on millions of Americans, as insinuated by some former employees. “The people who would say we are doing that should know better,” he said. “That is absolute nonsense.”
Alexander stressed common ground between U.S. officials and hackers, telling them privacy must be preserved and that they could help by developing new tools. “Sometimes you guys get a bad rep,” Alexander said. “From my perspective, what you’re doing to figure out the vulnerabilities in our systems is absolutely needed.”
“Then stop arresting us!” one heckler called back, according to CNN’s Heather Kelly.
Strictly speaking, NSA’s mission concerns foreign, not domestic threats. However, the agency does share its findings with the Federal Bureau of Investigation (FBI) in connection with criminal cases, and with the Department of Homeland Security (DHS) to warn specific U.S. industries of new threats. U.S. companies which have been hacked easily number in the thousands, and according to Alexander only the most competent even know when they have been hacked.
Alexander used his podium to voice support for a cyber security bill now in the Senate which would make it easier for companies under cyber-attack to share information with the government and to offer critical infrastructure owners incentives for adhering to future security standards, according to Reuters reports. According to Joseph Menn and Jim Finkle, “Both parties see this as a significant problem,” said Alexander, adding that the experts like those at Def Con should help in the process. “What are the standards that we should jointly set that critical networks should have?”
Even given warnings of a potentially crippling cyber attack, Senator John McCain led a group of lawmakers successfully to weaken bipartisan legislation tagged by the Obama administration as crucial to protecting computer systems essential to the operation of critical national infrastructure. Opponents led by McCain forced Democratic and Republican supporters of the legislation to drop provisions that would have broadened federal powers to enforce minimum standards on systems that run power plants, air traffic control systems, dams and similar facilities.
Not all of the over ten thousand hackers at DefCon seemed overly interested in NSA. When Alexander approached one hacker preparing for a computer-takeover contest, the hacker waved casually and quickly returned to his laptop. A teammate explained later, “We were just too busy to chat.” American hackers may love what they do, but they’re no less serious about their craft than official cyber-security warriors and lawmakers. Perhaps more-so.