NSA Hiring At Black Hat

← Back to Stories (view on slashdot.org)

Posted by Unknown on Tuesday August 2, 2011 @09:20AM from the basement-or-cell dept.

jfruhlinger writes "It may seem strange that the US government would be recruiting tech talent at Black Hat, a security conference whose participants have a notorious ambivalence about keeping within the letter of the law. But the NSA — a shadowy organization with its own reputation for dodgy behavior — is there recruiting, and pitching itself as a haven for geeks."

20 of 139 comments (clear)

Min score:

Reason:

Sort:

Are the NSA really that stupid? by elrous0 · 2011-08-02 09:20 · Score: 2

It may sound like a great idea on the surface, but a leopard doesn't change its spots just because you give it a paycheck.
So either the NSA are really fucking stupid or this is some sort of honeypot trap to target some specific (or maybe even non-specific) hackers and bust them on an espionage charge when they inevitably leak some fake secrets you give them after they become "employees." If it's the latter, I'm impressed. Never seen anyone go that far with a honeypot operation. But maybe Anon and LulSec are making them desperate. Hell, maybe they're hoping they can just *luck* into busting some Anon/LulSec leaders by throwing a wide net.
So I guess it really comes down here to a question of who's more stupid--the NSA for thinking they can tame hackers or the hackers for possibly falling for a honeypot. I don't know which is the more scary possibility.

--
SJW: Someone who has run out of real oppression, and has to fake it.
1. Re:Are the NSA really that stupid? by chemicaldave · 2011-08-02 09:25 · Score: 2
  
  You don't get to work at the NSA (or any infosec govt. job) with access to classified information and power without a very thorough full-scope background check including polygraph. You're quite mistaken if you think otherwise.
2. Re:Are the NSA really that stupid? by elrous0 · 2011-08-02 09:27 · Score: 2
  
  There are black hats and then there are black hats.
  
  --
  SJW: Someone who has run out of real oppression, and has to fake it.
3. Re:Are the NSA really that stupid? by nsaspook · 2011-08-02 09:38 · Score: 2
  
  No. Just try to double-cross the devil. These kids won't know that hit em if they get out of line.
  
  --
  In GOD we trust, all others we monitor.
4. Re:Are the NSA really that stupid? by Anonymous Coward · 2011-08-02 09:39 · Score: 2, Interesting
  
  There are black hats and then there are black hats.
  Put another way... there are black hats (regular) who can be a real nuisance and make the life of one corporation or a few individuals really hellish for a while...
  
  Then there are black hats (government-sponsored) who are totally fucking evil, amoral bastards who would slit their grandma's throat if their commander said it was in the interests of national security. They would of course have full immunity from any murder prosecution after having slit their grandma's throat. They don't feel evil and no one tells them they are evil because after all it's in the line of duty and that makes everything OK.
  
  If you are willing to work for a shadowy unaccountable government agency that loves to violate the rights of its own countrymen, well, you didn't have much character or moral/ethical fiber to begin with. Compared to that, Anon/Lulzsec at least wait until a corporation or person acts like a total asshole and inconveniences many people before they give them a hard time.
5. Re:Are the NSA really that stupid? by Amouth · 2011-08-02 09:40 · Score: 2
  
  and yet some of the people i know that work there - i wouldn't hire...
  
  --
  '...if only "Jumping to a Conclusion" was an event in the Olympics.'
6. Re:Are the NSA really that stupid? by causality · 2011-08-02 09:53 · Score: 2
  
  Or as they put it in TFA.
  
  There is a huge difference between hackers â" who tread the line of legality regularly and often step over, but not with the intent of doing great harm â" and criminals who happen to work online, Moss said.
  One group you can train or encourage to focus on solving problems that affect national security, and trust to the same extent you would experts in other fields.
  It seriously doesn't help that most of the legitimate private-sector jobs available to those with strong computer/networking skills are thankless, offer little job security, tend to expand in scope with no matching expansion of pay, tend to demand overtime while paying salary, are dominated by managers who don't understand technology and (worse) refuse to listen to underlings who do, often require dealing with literate adults who fail to follow the simplest of instructions then blame the IT guy when it doesn't work, and don't treat their employees with anything resembling the amount of respect that should be due to people without whom the entire operation would grind to a halt.
  
  If anything, it's a miracle that there is not more criminal activity from the numbers of people who have strong skills and few legitimate places in which to express it.
  
  In a way it's like the highly intelligent kids who are bored to death in the public schools and start becoming disruptive "behavioral problems". Well yeah, no shit, you set up a situation that amounts to a formula for producing this. Shockingly, that's the result you obtained; be sure to act surprised! If this is analogous to the talent the NSA is reaching out for, this may be a good thing, assuming they really want to work for one of the more notorious government agencies.
  
  --
  It is a miracle that curiosity survives formal education. - Einstein
7. Re:Are the NSA really that stupid? by causality · 2011-08-02 10:22 · Score: 5, Insightful
  
  NSA wouldn't run a counterintelligence operation against Americans. That would be illegal and easy to beat.
  If they did, how would you ever prove it?
  
  A FOIA request? Denied - national security.
  
  A lawsuit? Denied - national security.
  
  Asking nicely? Denied - "we can neither confirm nor deny..."
  
  Without proof, well then, you'd just be a tinfoil-hat-wearing conspiracy nutter (and for major events like 9/11 you'll be called such names even with lots of proof). This is a roundabout, indirect way of saying that you're foolish and something is wrong with you if you don't blindly trust the goodwill of unaccountable government agencies with nearly unlimited budgets who certainly have the capability of spying on Americans and running operations against Americans.
  
  Not because it's true or might be true or would fit in with the long history of past abuses, mind you, but because people who are in denial want to feel comfortable about their denial and your doubts make that more difficult. When faced with such a situation, small-minded people will attack your character.
  
  At any rate, yes it would be "illegal" but without accountability and transparency that really doesn't mean anything. How would it be easy to beat? How would you ascertain that without intimate knowledge of the actual methods used? If you somehow attained such knowledge, why wouldn't they change the methods?
  
  --
  It is a miracle that curiosity survives formal education. - Einstein
8. Re:Are the NSA really that stupid? by conspirator23 · 2011-08-02 10:35 · Score: 4, Insightful
  
  It may sound like a great idea on the surface, but a leopard doesn't change its spots just because you give it a paycheck.
  You're suggesting here that most (if not all) Black Hat attendees who might join the NSA are destined to betray the organization at some point? Either by embarassing the agency through extra-curricular activities or outright acts of treason? The short answer to that assertion is that you are underestimating both the people already in the NSA, and also underestimating the IT security community in general. Black Hat != Bomb Throwing Anarchist, and NSA != Bush(II)-era political appointees.
  
  So either the NSA are really fucking stupid or this is some sort of honeypot trap to target some specific (or maybe even non-specific) hackers and bust them on an espionage charge when they inevitably leak some fake secrets you give them after they become "employees."
  Must. Resist. Grammar... flame. *whew* Okay so to summarize, your contention is that the only good reason for the NSA to recruit at Black Hat is as a "trap" of some sort for Black Hat attendees. Why if that weren't such a transparent, easily avoided ploy, you might have something there. Black Hat attendees who truly see themselves as enemies of the NSA aren't going to apply for jobs... unless they are foreign agents trying to infiltrate the organization. THOSE hypothetical people are going to apply for jobs at the NSA and other agencies no matter what happens at the Black Hat conference. OTOH, there is a tremendous amount of technical talent at Black Hat focused on both the offensive and defensive ends of IT security. If you want to hire the best and the brightest, you go to where the best and the brightest hang out. If they don't want to talk to you, fine, but at least you tried. In some sense it would be irresponsible for the NSA to attend and not even bother trying to recruit because they just assume nobody would be interested. Especially because there are surely Black Hat attendees who would be thrilled to work for the NSA. Don't get me wrong. If your idea of being an el33+ h@x0r is demonstrating the size of your e-peen through acts of vandalism, you probably don't want to work for the NSA. Whatever nefarious things they might encourage, you don't get to brag about it after on Twitter. Likewise if you've already been radicalized politically, then you probably don't want their job offers either. Beyond those two subsets you've got whole categories of people who would have a different outlook on an NSA job. There are the wannabees who think cloak and dagger stuff is cool but wouldn't dream of comitting criminal acts. There are aging vets of prior hacker eras who have wives, and kids, and have worked all that "you're not the boss of me" stuff out of their system already. There are members of the "loyal opposition" who have specific objections to US govt. actions but not the US govt. itself.
  
  If it's the latter, I'm impressed. Never seen anyone go that far with a honeypot operation. But maybe Anon and LulSec are making them desperate. Hell, maybe they're hoping they can just *luck* into busting some Anon/LulSec leaders by throwing a wide net.
  So I guess it really comes down here to a question of who's more stupid--the NSA for thinking they can tame hackers or the hackers for possibly falling for a honeypot. I don't know which is the more scary possibility.
  Anonymous and LulzSec aren't even on the NSA's radar. NSA != LE. The NSA is interested in the next Stuxnet, whether that is authoring it or defending against it. They're interested in the cell tower intercepting UAV that was Slashdotted earlier today. They're interested in encryption algorithms, data mining algorithms, and language translation algorithms. Anon+Lulz primary weapons (SQL injections, voluntary DDOS) are as interesting to the NSA as gasoline bombs and homemade silencers.
9. Re:Are the NSA really that stupid? by networkBoy · 2011-08-02 10:40 · Score: 2
  
  Really?
  Seriously?
  You realize that currently the government is obviously over its head WRT computer security. Having a team of grey hats that can see the challenge of hardening a massive network against a Chinese attack is being heartless?
  Taking things to the extreme is never good in any argument. I'd like to think that I'm one of those black hats, but that doesn't mean I'd betray either my country or my personal morals. Where the two collide I likely would do nothing or flip a coin.
  -nB
  
  --
  whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
10. Re:Are the NSA really that stupid? by GameboyRMH · 2011-08-02 10:43 · Score: 3, Funny
  
  Oh noes not a polygraph!!! Are they going to check my thetan levels too?
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
11. Re:Are the NSA really that stupid? by causality · 2011-08-02 11:07 · Score: 5, Insightful
  
  Honestly, Had I no family ties out here on the left coast I would work for NSA. There are a lot of things I can do (not that I'm a maestro by any stretch) that would help them, and since I'm really just a total nerd at heart, all they'd have to do is pay me enough to keep me in toys. Sadly, I doubt they allow working remotely, and I really can't leave where I'm at. I have a good enough gig in a multinational corp in R&D/security already. It scratches most of the itches. -nB
  To be blunt, the fact that I have a conscience would prevent me from working with such an organization. I don't really care what cool toys they can hook me up with. Toys are to be enjoyed after essentials (like not dealing with the devil) are established.
  
  --
  It is a miracle that curiosity survives formal education. - Einstein
12. Re:Are the NSA really that stupid? by stewbacca · 2011-08-03 00:21 · Score: 2
  
  Huh? I left the NSA 10 years ago after 13 years and there has been no acrimony. I've actually used my bosses as references for later jobs.
It doesn't seem strange at all by lordandmaker · 2011-08-02 09:26 · Score: 4, Interesting

That's exactly the sort of place I'd expect them to be recruiting.
1. Re:It doesn't seem strange at all by vlm · 2011-08-02 09:33 · Score: 2
  
  That's exactly the sort of place I'd expect them to be recruiting.
  Really? I thought they had an absolute fixation on mathematics, physics, and CS PHDs. Also computer engineer / electrical engineer types. Like, don't both applying unless you've got those diplomas.
  Basically the same group the financial companies used to love.
  Also I heard horrible things about their recruitment, like they jerk you around for months, if not years, multiple interviews, etc.
  They had a rep for having the absolute highest ratio in the world of cool toys vs dilbertian bosses. Dinosaur pens measured in acres, paperwork to requisition a package of bic pens measured in inches, that kind of place.
  
  --
  "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
2. Re:It doesn't seem strange at all by gknoy · 2011-08-02 10:12 · Score: 2
  
  God help you if you want a metric pen, too.
3. Re:It doesn't seem strange at all by Tom · 2011-08-02 11:11 · Score: 2
  
  Blackhat is the name of the conference. The people who are there are much closer to the industry than the Defcon people. If you're looking for people to hire, Blackhat is the better choice.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
Re:NSA Joke by Gunfighter · 2011-08-02 10:22 · Score: 2

Thanks for the feedback, but it is spelled both ways.
http://dictionary.reference.com/browse/extrovert
http://dictionary.reference.com/browse/extravert
"The spelling extrovert is common in general use (Merriam-Webster has extravert as a variant of extrovert), but extravert is more typical in psychology (The Penguin Dictionary of Psychology and Corsini's Encyclopedia of Psychology use the term "extravert")." http://bit.ly/p0wLlK
Don't forget these gems of confusion:
* your vs. you're
* their vs. there vs. they're
Cheers!

--
-- Stu

/. ID under 2,000. I feel old now.
Re:It's not wrong. by causality · 2011-08-02 10:36 · Score: 2

Most of these people are frustrated authoritarians.
It's how they can justify imposing their view of the legality of their actions on their victims.
I am curious about what makes you see it this way.

Almost all of the targets of Anonymous and Lulzsec have been large corproations who not only are never going to be seriously punished by the law, but in fact have the power to buy whatever laws they want to have on the books It is the corporations themselves who work to destroy the whole notion of "rule of law" and undermine the legitimacy of law. We are not all equal under the law if a few of us can remake the laws at will at the expense of the majority, all without ever running for election or holding a political office.

You may not like the vigilante actions. I find them distasteful myself. However, I see them as effects. Whenever I want a situation to change, I don't bother looking at effects. I examine causes. Sony and others thought they could be asshats with impunity. The punity finally caught up to them, it just didn't happen in the more legitimate form of government law enforcement.

But if your concern is "imposing their view of the legality of their actions on their victims", to whom does that more strongly apply? The corporations with politicians in their pockets who buy whatever laws they find convenient that never get repealed that everyone else has to live under for generations afterward? Or a couple of online groups who produced a handful of high-profile incidents in retaliation? At least Anonymous hasn't rewritten the law to make their tactics legal. That would place them on equal footing with the real authoritarians.

--
It is a miracle that curiosity survives formal education. - Einstein
Re:Are you really that stupid? by stewbacca · 2011-08-03 00:31 · Score: 2

Sorry, but there's no reality in your fantasy land scenario. Working for the NSA is quite banal and very typically office-like. Part of the allure of the NSA is that it's all this cool super secret stuff, when in reality, its just a bunch of UNIX and Windows boxes and a pool of laborers with clearances run by PHBs.