Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pentagon Seeks a New Generation of Hackers

Posted by ScuttleMonkey on from the just-give-them-places-to-play dept.

Hugh Pickens writes "Forbes reports on a new military-funded program aimed at leveraging an untapped resource: the population of geeky high school and college students in the US. The Cyber Challenge will create three new national competitions for high school and college students intended to foster a young generation of cybersecurity researchers. 'The contests will test skills applicable to both government and private industry: attacking and defending digital targets, stealing data, and tracing how others have stolen it. [...] The Department of Defense's Cyber Crime Center will expand its Digital Forensics Challenge, a program it has run since 2006, to include high school and college participants, tasking them with problems like tracing digital intrusions and reconstructing incomplete data sources. In the most controversial move, the SANS Institute, an independent organization, plans to organize the Network Attack Competition, which challenges students to find and exploit vulnerabilities in software, compromise enemy systems and steal data. Talented entrants may be recruited for cyber training camps planned for summer 2010, nonprofit camps run by the military and funded in part by private companies, or internships at agencies including the National Security Agency, the Department of Energy or Carnegie Mellon's Computer Emergency Response Team.'"

23 of 134 comments (clear)

  1. Foreigners?? by rodrigoandrade · · Score: 3, Insightful

    Will they accept foreign applicants?? Because restricting this program to US citizens is madness, considering all the hacks done overseas.

    1. Re:Foreigners?? by TinBromide · · Score: 3, Insightful

      They're probably looking for people who can get a security clearance. It may be harder to do if you're a Chinese foreign national. They're not looking for hacks, but hackers.

      --
      Is it sad that I am more likely to recognize you and your posts by your sig than your name or UID?
    2. Re:Foreigners?? by Opportunist · · Score: 4, Insightful

      Probably not. There are quite a few talented people out there who spent already years to get into "it". Why bother training someone for 2-4 years if you can get someone who already has the skill?

      Part of being a hacker is being able to find the resources. So if you want to learn, just do it.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. Finally.... by BJ_Covert_Action · · Score: 4, Funny

    Angelina Jolie has a legitimate excuse to stop posturing as an actress and can pursue her true destiny...

    --
    Motorcycles, Robots, Space Gossip and More!
    1. Re:Finally.... by bencoder · · Score: 3, Insightful

      but her laptop's got a 28.8bps modem AND it runs on RISC architecture! She must be a hacker!

  3. And remember folks. by fahrbot-bot · · Score: 4, Insightful

    which challenges students to find and exploit vulnerabilities in software, compromise enemy systems and steal data.

    When they work for you, they're "freedom fighters".
    When they work for the other guys, they're "terrorists".

    --
    It must have been something you assimilated. . . .
  4. Cybersecurity by oneirophrenos · · Score: 3, Insightful

    ... a young generation of cybersecurity researchers ... attacking and defending digital targets, stealing data ...

    Isn't it funny that whenever there is talk about security it generally means the opposite?

  5. outsource it to china and russia by circletimessquare · · Score: 4, Funny

    they seem to have thousands of enthusiastic youngsters who are already hard at work in this very field

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  6. Re:Awesome! by snowraver1 · · Score: 4, Funny

    If you are asking, you don't qualify.

    --
    Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
  7. I have to say I'm a little frustrated.... by netruner · · Score: 5, Insightful

    I have been looking for formal academic training in computing security for quite some time. The best I've found is "boot camps" for CISSP and seminar courses taught by a local college on how to use tools like Metasploit, Wireshark and C&A.

    I went all the way through a MS CS looking for any opportunity to study computing security and drew nothing but shrugs from my professors when I inquired about seriously studying the subject.

    If they really want to produce cybersecurity experts, forget the competitions - you have to make training available. Forget all of the hand waving talk about academics not "having the right mindset". I have found that the kind of people who say such things just don't want to share their knowledge.

    --



    DISCLAIMER: This post was not checked for speling and grammar- if you complain- you're a whiner
    1. Re:I have to say I'm a little frustrated.... by NES+HQ · · Score: 3, Informative

      Not sure how long ago you tried to do this, but there are a number of colleges (Bachelors and post-grad) that offer solid Infosec programs now (disclaimer, there are just as many that offer crappy Infosec programs). In-depth training and certification is available for most major/widely-deployed Infosec products, such as Snort (http://www.sourcefire.com/services/education). Also, there are professional training organizations (e.g. SANS) that offer excellent [mostly] vendor-neutral Infosec training. Infosec as an actual field is fairly young, so it's not surprising that there isn't an Infosec program at every college in the country, but there are numerous high-quality training options available.

    2. Re:I have to say I'm a little frustrated.... by Opportunist · · Score: 4, Interesting

      It's pointless to "study" computer security. By the time you're through, you get told "forget everything, it's outdated".

      You're looking at a field here that reinvents itself every other month. What you knew 2 years ago is outdated and very near worthless today. 2 years ago, the big craze in security were bogus browser plugins and runtime packers. Nobody does it anymore, all security tools can easily identify and depack them. The thing now is the transition to true P2P updatable malware with digital signatures. Once this is achived, conficker will look like a toy.

      Personally, I give it 3-6 months.

      So it's not a matter of mindset. It's a matter of being outdated by the time you learned it.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  8. A recruiting aid for unclearable personnel by bzzfzz · · Score: 3, Insightful

    When you consider that only a lily-white goody twoshoes can pass the lifestyle polygraph it's no wonder they can't find enough people. They figure if you've ever tried to access any system without the Proper Authority, ever, you're a bad risk. So if you've ever held down two buttons at once on a vending machine to see what happens, you need not apply.

    That makes about as much sense as refusing to recruit people into the army because they were in a fight, once.

    There is no shortage of people with black hat skills. The problem is that the government does not want all but a handful of those few who are willing to work a job where a routine fuckup can be prosecuted as a felony.

    1. Re:A recruiting aid for unclearable personnel by Opportunist · · Score: 3, Interesting

      They don't want black hats. They're unreliable. Above skill comes the problem that they will deal with sensitive data which must not fall into the wrong hands. Their worst fear is to make the fox guard the chicken pen.

      I hear you, though. It's an old joke in the biz, there's good people, there's clean people and there's available people. You may pick two of the list.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:A recruiting aid for unclearable personnel by Aragorn+DeLunar · · Score: 3, Informative

      The purpose of the polygraph isn't to find out if you are lily-white. It is largely to determine if you can be blackmailed. If you are truthful about your "indiscretions", you can't be blackmailed. On the other hand, someone who is willing to lie on a polygraph clearly has some shame issues that could be exploited by a hostile agent. Obviously, admitting to a felony or intent to subvert the government isn't going to get you anywhere.

      --
      Cynicism, like dogmatism, can be an excuse for intellectual laziness. - Susan Shirk
  9. Game time by speciesonly · · Score: 3, Funny

    Finally, all those years of watching "War Games" might pay off.

    --
    "Don't Panic"
  10. Culture vs Goals by tacokill · · Score: 4, Insightful

    I would think the very culture of the DoD would be adversarial towards the very people they are trying to recruit.

    What's the hook? What I mean is: why would some high schooler join this program vs the alternatives? -which by the way....are way more fun. Would you really want to hack for some PHB who has TPS Cover Sheets to fill out? I can't imagine a less rewarding situation

    This seems like wishful thinking to me. How many "hacker recruiting" programs have we seen/heard about now? I can count 3 or 4 off the top of my head. Methinks they are not having much success finding good hackers.

  11. good identifier of both sides by Vspirit · · Score: 4, Insightful

    Quite an ingenious move.

    While the initiative may seem to foster and legalize what previously have been considered acts of malevolence, it also helps the government to identify and build a register of possible future trouble makers with skills.

    This will get them both a great recruitment program, but it will also give them a a great monitoring tool.

    I'm not pro nor con, just saying. Nice Database of profiles. Do you bite?

    1. Re:good identifier of both sides by Opportunist · · Score: 3, Funny

      I'm not pro nor con, just saying. Nice Database of profiles. Do you bite?

      Bite? You nuts? I'll hack it, that info is juicy!

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  12. Re:Awesome! by mikeee · · Score: 5, Funny

    >If you are asking, you don't qualify.

    Exactly. In fact, if you're any damn good, just break into the HR system, insert yourself, and tell the front desk you forgot your badge when you show up for work the tomorrow morning.

    This now concludes your interview.

  13. Re:This is hilarious! by Propaganda13 · · Score: 3, Informative

    Things like this can be taught by books or professors.

    You start off with ground work on information security, networking, and penetration testing. You learn how things are being protected, how known flaws were exploited in the past, and what traces were left behind.

    It's the same steps as being a programmer. The great ones love it, understand it, and spend their free time doing it. The average ones just tread where the great ones have gone before.

  14. Agree to disagree by tacokill · · Score: 4, Insightful

    The very idea that you could create any kind of meaningful "hacking curriculum" is laughable. Books and Professors? Are you really serious with your reply? Are they really the best source of hacking info? No...no they are not. They never have been. Sure, they can teach you the basics and get you in the game but in reality, that's where their capability ends. Last I checked, professors had nothing to do with 2600, Phrack, LoD, Code Red, Sasser, or any other hacking effort in the last 25+ years. Have you ever seen some of the pure genius that has come from true hackers? Some of it makes you step back in awe of how they "figured that out". Go back and read some of the ezines from the late 80's and 90's. They are quite dated by now but they covered topics that NO BOOK or class could ever touch.

    I mean, think about it....many hackers know more about the equipment than the people who actually designed and built it. And you think books are going to teach them to hack it? C'mon....

    Methinks you are confusing "security professional" with "hacker". Sometimes they overlap, but not always. I know plenty of INFOSEC guys who don't know a damn thing about hacking. If you were to put them into a room with a real hacker, you would quickly see the hacker run circles around the pro. Now, why would that be?

    Riddle me this: IF what you say is true, then why aren't we swimming in hackers all around us? Why is the govt having such a hard time finding qualified applicants? Why aren't there more uber hackers "out there"? After all, if I want to be 1337, all I have to do is go to the right classes and have an active interest. So what is stopping millions of wannabe kids from doing just that?

    1. Re:Agree to disagree by Vancorps · · Score: 3, Interesting

      Sounds like someone is in love with mythical hackers that don't truly exist or are an extreme rarity.

      The idea that the coding and all the underlying skills necessary to "hack" into any system is not teachable is what is laughable. You clearly weren't involved in 2600 if you think there weren't any professors involved. It's mostly academia where all of these people came from. They learned the computing skills in school and took the material above and beyond to try different tasks with the same tools.

      My 2600 chapter was full of people from varying backgrounds and professions with a common interest in learning how to do things that others didn't know how to do.

      If you know an infosec guy that doesn't know about hacking techniques then I pray for anyone that hires them as they will not be affective at all in their job. How are you supposed to guard against something you know nothing about? The term hacker existed before security researcher because hacker became stigmatized for the few like Kevin Mitnick who caused a lot of havoc and exposed a lot of utter stupidity.

      The government is having a hard time finding hackers because most hackers are performing tasks which the government has deemed illegal. This does not a good relationship make. Combine this with the secret nature of a lot of hackers work and they simply don't want to be around authority unless they have just started out. Competitions like this are a way to attempt to change that image but unfortunately with the state of laws nothing will change especially with hackers that try to do the right thing by informing private parties of security vulnerabilities ending up in jail.

      Millions of wannabe kids have other interests than computers. The people with the necessary OCD to take it to a level of interest is a very small number of people who tend to be withdrawn from the mainstream making them hard to find and more importantly volunteer to have your background checked.

      I was part of Infragard in college until 9/11 happened it was mostly free to all who wanted to learn about infosec from a private infrastructure security standpoint and it was very eye opening. That is until the FBI did a background check after 9/11 and apparently I failed as they asked me not to come back until I had a job in the field even though I had contributed heavily with designing secure networks.

      There are tons of books that "hackers" read to learn what they know and the rest is left up to creativity. Make no mistake, the vast majority of skills can and often are taught. My college degree back in 2004 had a network security major along with network engineer and both required a certain amount of programming so you understand what you're trying to manage. Many of those classes were very enlightening even though the real world was dramatically different it still gave me the tools to understand what was happening in real time.