Slashdot Mirror
Pentagon Seeks a New Generation of Hackers
Hugh Pickens writes "Forbes reports on a new military-funded program aimed at leveraging an untapped resource: the population of geeky high school and college students in the US. The Cyber Challenge will create three new national competitions for high school and college students intended to foster a young generation of cybersecurity researchers. 'The contests will test skills applicable to both government and private industry: attacking and defending digital targets, stealing data, and tracing how others have stolen it. [...] The Department of Defense's Cyber Crime Center will expand its Digital Forensics Challenge, a program it has run since 2006, to include high school and college participants, tasking them with problems like tracing digital intrusions and reconstructing incomplete data sources. In the most controversial move, the SANS Institute, an independent organization, plans to organize the Network Attack Competition, which challenges students to find and exploit vulnerabilities in software, compromise enemy systems and steal data. Talented entrants may be recruited for cyber training camps planned for summer 2010, nonprofit camps run by the military and funded in part by private companies, or internships at agencies including the National Security Agency, the Department of Energy or Carnegie Mellon's Computer Emergency Response Team.'"
Literally any governmental or military job that involves dealing with classified information, requires you to be a US citizen. I imagine this would be no different.
Isn't it funny that whenever there is talk about security it generally means the opposite?
Well, it makes sense. In order to defend a secure system/network, you must first know multiple ways to break into that secure system/network. Posers doing "IT security" jobs that don't know what they're doing are for sure going to drop the ball and get pwned.
My blog
To work on these systems you'd need to hold a security clearance. It is not prima facie absurd to say that some restrictions could be lifted for Secret-classified networks, but you'd never get them to do Top Secret and Top Secret/SCI because of how incredibly sensitive the data is on those networks.
Not sure how long ago you tried to do this, but there are a number of colleges (Bachelors and post-grad) that offer solid Infosec programs now (disclaimer, there are just as many that offer crappy Infosec programs). In-depth training and certification is available for most major/widely-deployed Infosec products, such as Snort (http://www.sourcefire.com/services/education). Also, there are professional training organizations (e.g. SANS) that offer excellent [mostly] vendor-neutral Infosec training. Infosec as an actual field is fairly young, so it's not surprising that there isn't an Infosec program at every college in the country, but there are numerous high-quality training options available.
It could be computers...or it could be stereo speakers.
You're a moron. No offense. We're not talking about the bullshit hacking that lifehackers do. The kind of hacking we're talking about is specifically breaking computer security. This involves exploits, buffer overflows, timing attacks, DNS poisoning, spoofing, shell code, etc, etc... All those things can most certainly be taught though mastering these topics, or any topic, requires practice and experience. There's nothing abstract about that.
Things like this can be taught by books or professors.
You start off with ground work on information security, networking, and penetration testing. You learn how things are being protected, how known flaws were exploited in the past, and what traces were left behind.
It's the same steps as being a programmer. The great ones love it, understand it, and spend their free time doing it. The average ones just tread where the great ones have gone before.
SANS.org offers a whole lot of courses regarding InfoSec. Start with SANS 401 unless you feel you really need the into 301. Sadly, they get pretty pricey if you don't have a company reimbursing you.
The purpose of the polygraph isn't to find out if you are lily-white. It is largely to determine if you can be blackmailed. If you are truthful about your "indiscretions", you can't be blackmailed. On the other hand, someone who is willing to lie on a polygraph clearly has some shame issues that could be exploited by a hostile agent. Obviously, admitting to a felony or intent to subvert the government isn't going to get you anywhere.
Cynicism, like dogmatism, can be an excuse for intellectual laziness. - Susan Shirk
You're forgetting a few details:
First, there's military contractors to work for, which have a more 'pleasant' attitude. On top of that, the DoD folks in this area aren't exactly your normal "grunt".
Second, the level of challenges are going to be extremely high. You're not trying to break in to some web server set up by a marginally-competent IT guy. You're working against (and with) the best on the planet.
Third, you put a few years in at the DoD, and you come out with a security clearance and very attractive resume. If you decide you don't want to keep working for the DoD, you can make a lot more money than if you only did your hacking 'on the side' while writing database apps.
Fourth, no jail time. "Pwn" servers all day, and if they somehow trace it back to you, you don't spend a few years being Bubba's special friend.
Lastly, you're seeing so many "hacker recruiting" programs because there's metric craploads of money being thrown at anything "Cyberwarfare".
Hoglund / Butler - Rootkits
Aitel / Eren (Hi Sinan!) / et al - The Shellcoder's Handbook
McClur - Hacking Exposed
Dowd / et al - The Art of Software Security Assessment
Szor - The Art of Computer Virus Research and Defense
Oh, and the vast majority of exploits target one form of buffer overflow or another. Stack based, heap based... learn your buffer overflows and you're in the door.