Pentagon Contractors Openly Post Job Listings For Offensive Hackers

← Back to Stories (view on slashdot.org)

Pentagon Contractors Openly Post Job Listings For Offensive Hackers

Posted by Soulskill on Friday June 15, 2012 @07:57AM from the must-have-eight-years-experience-and-good-references dept.

Sparrowvsrevolution writes "In the wake of confirmation that the U.S. government was involved in the creation of Stuxnet and likely Flame, a look over job listings on defense contractor sites shows just how explicitly the Pentagon and the firms that service it are recruiting offense-oriented hackers. Northrop Grumman, Raytheon, Lockheed Martin, SAIC, and Booz Allen have all posted job ads that require skills like 'exploit development,' have titles like 'Windows Attack Developer,' or asks them to 'plan, execute, and assess an Offensive Cyberspace Operation.'"

110 of 149 comments (clear)

Min score:

Reason:

Sort:

Who better? by jameson71 · 2012-06-15 08:01 · Score: 5, Insightful

Who would better know how to defend against these attacks than someone who knows how to develop and implement them?
1. Re:Who better? by i+kan+reed · 2012-06-15 08:11 · Score: 1
  
  Too bad the people who are going to be doing the attacks are hiring up all the possible defenders then.
2. Re:Who better? by Shagg · 2012-06-15 08:15 · Score: 4, Insightful
  
  What makes you think they're being hired for defense?
  
  --
  Unix is user friendly, it's just selective about who its friends are.
3. Re:Who better? by poetmatt · 2012-06-15 08:26 · Score: 1
  
  We're only about 10-15 years late. What's the worst that could happen, right? /sarcasm.
4. Re:Who better? by Eightbitgnosis · 2012-06-15 08:28 · Score: 4, Insightful
  
  Offense? Defense?
  
  With America's preemptive warfare policy; what's the difference?
5. Re:Who better? by cyfer2000 · 2012-06-15 08:31 · Score: 2
  
  "job listings on defense contractor sites"
  
  --
  There is a spark in every single flame bait point.
6. Re:Who better? by Anonymous Coward · 2012-06-15 08:33 · Score: 1
  
  Good point, I'm sure there was nothing on the offense contractor sites.
7. Re:Who better? by ackthpt · 2012-06-15 08:34 · Score: 2
  
  Who would better know how to defend against these attacks than someone who knows how to develop and implement them?
  How about people with enough sense to write code which sits there, unobtrusively doing nothing, until such time as it is called upon to do its dirty work? These are the people you want, not just someone who knows today's weakness, which may not be there tomorrow.
  
  --
  
  A feeling of having made the same mistake before: Deja Foobar
8. Re:Who better? by Shagg · 2012-06-15 08:51 · Score: 3, Insightful
  
  You don't think "defense contractors" means they only defend, do you?
  
  --
  Unix is user friendly, it's just selective about who its friends are.
9. Re:Who better? by bky1701 · 2012-06-15 08:57 · Score: 3, Insightful
  
  Hackers are like soldiers, though, in that defense and offense are really not that far apart (with the exception of just following good programming standards). Just like you can order the guy keeping watch to go shoot at some people, a 'friendly' hacker can still hack your enemies, in theory.
  
  The overall problem with "cyber war" is that it seems like the new excuse, now that kiddie porn has kind of fizzled out and piracy is widely accepted, to lock down the internet. The only real answer is to stop having vital systems programmed by idiots connected to the internet. When most bank and government systems are less secure than a site running PHPBB (for example, using unencrypted passwords), there is a serious problem that can't be fixed by plastering it over with censorship and playing war.
  
  --
  Great Intellect...
10. Re:Who better? by St.Creed · 2012-06-15 09:21 · Score: 1
  
  Cool - they need "Programmer-at-arms" people. Reminds me of A Fire Upon the Deep...
  
  --
  Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
11. Re:Who better? by wisnoskij · 2012-06-15 09:24 · Score: 1
  
  Well theoretically if there exists offensive and defensive security experts (like this article implies) then the defensive oriented ones would be better at defence.
  
  --
  Troll is not a replacement for I disagree.
12. Re:Who better? by Dishevel · 2012-06-15 10:10 · Score: 2
  
  To only defend is a horrible defense.
  
  --
  Why is it so hard to only have politicians for a few years, then have them go away?
13. Re:Who better? by Stiletto · 2012-06-15 10:23 · Score: 2
  
  ...or that the "Department of Defense" actually defends US soil?
14. Re:Who better? by Anonymous Coward · 2012-06-15 10:25 · Score: 1
  
  Ha. If you think we are late to the Cyber War, then you are just another sheeple. The United States has one of the most advanced and active offensive cyber operations in the world. Just because YOU never heard about it doesn't mean it never existed.
15. Re:Who better? by gweihir · 2012-06-15 10:26 · Score: 4, Insightful
  
  Who would better know how to defend against these attacks than someone who knows how to develop and implement them?
  Almost anybody. Attackers are highly specialized and do not need to cover the whole or even significant parts of the protection angle. If the attacker gets in, the goal is reached. It does not matter at all that if a lot of potential other attack venues were not even touched.
  For this reason, black-hats make terrible security experts for the defender side. The myth that a good attacker is a good defender is patently false in IT security (and likely in other areas as well). What a good defender needs first is to find all possible attack venues. That is complicated and requires understanding the whole system, the organization using it, the cultural environment, etc. The black-hat, on the other side, can experiment and does not really need to understand any of these, except for the tony fragment where the attack is to be launched. Even there, the black-hat can afford to fail frequently. This is fundamentally different for the defender.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
16. Re:Who better? by anared · 2012-06-15 10:29 · Score: 1
  
  Thats one hell of a joke
17. Re:Who better? by Starteck81 · 2012-06-15 10:34 · Score: 1
  
  You don't think "defense contractors" means they only defend, do you?
  The best defense is a good offense.
  
  --
  "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed H
18. Re:Who better? by Hentes · 2012-06-15 10:58 · Score: 1
  
  He was just pointing out that hiring these people is not necessarily for offensive reasons.
19. Re:Who better? by cavreader · 2012-06-15 12:15 · Score: 1
  
  Nobody has produced any verifiable proof that the US built Stuxnet. People use opinions instead of actual facts to make grandiose claims. As more people accept an opinion it magically turns into a fact. The US could be responsible but so could a lot of other countries. After all It was Russian contractors who plugged in the infected USB at the Iranian facility.
20. Re:Who better? by WrecklessSandwich · 2012-06-15 13:03 · Score: 2
  
  It used to be called the Department of War up until 1949. Shame that they decided to change the name when they reorganized all of the branches under a joint command.
21. Re:Who better? by Jah-Wren+Ryel · 2012-06-15 13:26 · Score: 1
  
  The only real answer is to stop having vital systems programmed by idiots connected to the internet.
  Disconnect idiots from internet before starting critical system software development -- Check!
  
  --
  When information is power, privacy is freedom.
22. Re:Who better? by baegucb · 2012-06-15 13:33 · Score: 2
  
  I was called older than dirt, on irc, back in the 90s. If you've been around long enough, you get to know people. Like on private irc servers. Anything can be cracked. Sheesh, between social engineering, knowledge of unpublished holes in various OS's you find, and a few people with skills, anything can be gotten into.
  Now, get off my lawn. Really, get off.
23. Re:Who better? by gweihir · 2012-06-15 19:58 · Score: 1
  
  The pathetic state of practical IT security does not mean things cannot be secured a whole lot better. And yes, "not possible to break in" is achievable from a technological side, even for an Internet connected system. It will require high effort, a simple service and some special hoops, but it can definitely be done. Of course, it cannot be done by everybody. Social engineering also has its limits, depending on who you attack. For example, you will never get customer data by social engineering from a competently run bank and there are quite a few of these around.
  Still, plenty of very soft targets, both for social engineering and technological attacks. The trick the black-hats use to make people believe they can get into anything is to try often, hide their failures (of which there are many) and over-hype their successes. Quite a bit like your posturing.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
24. Re:Who better? by Xest · 2012-06-15 20:43 · Score: 1
  
  What rubbish, an attacker similarly needs to understand every possible attack vector to be able to find a point of entry. They don't just magically happen upon an attack vector and then ignore the system, it takes a lot of time and effort to approach just about all different angles. If they carry out more than one attack in their life time, it's unlikely they'll be able to exploit the exact same vector every time so they'll have to cover many different angles to find ways in.
  Unless you're talking about script kiddies who use pre-discovered exploits, but I'm pretty sure that's not what the GP was referring to - he was talking about hackers that actually find methods of entry in the first place, and you cannot do that reliably if you only understand one small part of a system.
  The attacker just does not get some big magical arrow over the company pointing to a part of it saying "attack here, this is where an exploit is".
  One of the fundamental reasons why attackers are some of the best defenders in security is because to attack, they not only have to be astoundingly competent technically, but have to be extremely good at out thinking of the things no one else has - and that's really key. To attack you genuinely have to be on the cutting edge and be able to consider issues no one else has before. you even mention yourself that the attackers can afford to fail frequently, which has the implication that they'll have to try again - here's a hint, when they fail what do you think they do? they'll have to attempt at another part of the system which they'll then need to understand. Even the script kiddies like Lulzsec had to gain an understanding of the wider system for their HBGary hack which makes a decent case study - their attack involved SQL injection, social engineering, password cracking all of which allowed them to penetrate deeper and deeper.
  Just as you've implicitly generalised all attackers as script kiddies who use single pre-discovered attack vectors and nothing more one might equally generalise about the countless "security consultants" working on the defence side of things who think securing a system is about running some pre-written pen testing software and seeing if the UI shows a bunch of ticks and a bunch of crosses, and if it shows any crosses, just installing the latest updates. The point being that that doesn't make you secure against competent attackers - it's the same flawed doctrine that anti-virus software uses, by largely only defending against known threats with a bunch of weak heuristics on top to detect similar threats it completely fails in the face of new threats. The only time I've ever seen AV software find anything in the last 10 - 20 years is when it's already infected the system and too late for the AV software to do anything about it. Much of the defensive security industry is a complete sham in this respect, it's built on a lie that it is somehow going to keep you safe, when in reality it mostly just slows your computer down with it's bloat and gets in your way with it's renewal nag screens.
25. Re:Who better? by marcello_dl · 2012-06-16 01:50 · Score: 1
  
  No no they don't defend at all, they contract.
  
  --
  ---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
26. Re:Who better? by gweihir · 2012-06-16 03:23 · Score: 1
  
  The problem is that attackers do not need do be complete at all. There is absolutely no need (or typically skills and resources) to look at all possible attack vectors. Attackers will generally look at more than one possible vector, but once they have found one they can exploit with the specific attack techniques they have mastered, they are done. And with the sad state practical IT security is in, finding one vector that works is usually done relatively fast and with relatively limited skills.
  The defender needs to identify _all_ vectors and needs to consider all possible attack techniques, even "unknown" ones. That is quite different. Defenders also do not need skill at programming exploits beyond a basic understanding. Defenders do need to understand things like architecture and design, data-flows, data formats, etc. An attacker can just explore these things and look for information once he/she has the data. The defender needs to know and the knowledge needs to be as complete as possible. Defenders also need to really understand the system and software design process. The whole skill- and mind-set of attackers and defenders does not overlap very much.
  You are quite right that this does is not true for "script-kiddie" defender types, of which there are many. There are reasons practical IT security is to pathetic, and one is low-competence defenders. They can only defend against script-kiddies, as they basically have the same skills, namely running scripts made by others. Competent defenders know how limited that is. This is also the only reason why attackers as defenders is sometimes perceived as a good idea: They at least have a general idea what they are defending against. They can do penetration-tests. Nobody competent in IT security sees penetration tests as very important. They are not difficult to do. What matters is what you conclude from a pen-test. And even then, there are quite a few problems you cannot find with a pen-test because of resource limitations.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
27. Re:Who better? by Anonymous Coward · 2012-06-16 04:25 · Score: 1
  
  Seriously. How is this not an act of war against the entire world?
28. Re:Who better? by Xest · 2012-06-16 06:02 · Score: 1
  
  I think the problem is that you're still conflating low brow script kiddies against extremely talented defenders, it's just not a fair comparison.
  The fact is, to perform a highly skilled attack against a system that is well defended you do need to understand everything the defender does, because the system will be locked down so tight you'll need to be able to consider every possibility, and look so deep into every aspect of a system to find a way in.
  Attacking a well protected system ultimately relies on attacking areas of that system where there is a lapse in security, or an unpatched exploit. The problem is you can't guarantee that will be the same from target to target, and it's highly unlikely that every security expert is going to be making the exact same lapse on the exact same type of system on every target you attack. Effectively you're having to develop a completely bespoke route of entry that could be so incredibly different from target to target that the chance of you finding one that will work everywhere against well secured systems is negligible. You cannot look high and low for that point of entry on each well secured system you attack unless you have at least as good an understanding of the complete set of attack vectors that someone defending a system will have.
  The idea of having one method of entry that you use for everything only works for script kiddies who are just throwing mud at everything and seeing where it sticks. To defend against the kind of attacker who is willing to go the extra mile and craft a bespoke method of entry for your systems then it absolutely is a massive advantage having someone on your team with the talent to do that themselves. This is also the precise type of attacker the likes of the Pentagon will face.
29. Re:Who better? by gweihir · 2012-06-16 07:55 · Score: 1
  
  What I see is that in each sector of competence, the skills are different for attacker and defender. While some black-hats may actually be good defenders, there is no reason to believe they are, besides a general understanding of the area. And no, you do not look at every possible attack vector even on the very top of attacker competence. There you look for a vector that fits your requirements. For example: How important is it that you remain undetected after the fact? For how long? How much time do you have? What must be compromised, what is nice to have? How much budget and what skills? Is there intelligence support available or maybe even somebody undercover? Can a hardware shipment be compromised? Can somebody be bribed? And so on.
  All these border conditions narrow the attacker focus considerably and select a small part of the possible vectors. From that you select the attack experts you need. While defenders do a similar kind of triage, it is far less effective at reducing the possible vectors. It really boils down to the attackers just having to find one working attack vector, while the defenders have to secure all of them.
  So, if you want to be secure, your defenders need to be at least one competence class above compared to the attackers. That is one more reason why attackers are limited as defenders. And while I do not compare script-kiddie attackers against highly competent expert defenders, there is some asymmetry in this conflict area.
  However, you have one thing right: Having competent attackers as consultants to be used by the team of defenders, in particular to estimate attack efforts and the like and as intelligence on current attacker capabilities can be beneficial. But they can only ever be part of such a team, not defenders in their own right, unless they acquire a lot of additional skills and insights. So if you only hire attackers as defenders, you are screwed. If you hire some attackers to augment the skill-pool available to the defenders that may be good idea, depending on the circumstances.
  Of course, all very good defenders can also attack. They usually find it not hard conceptually, just tedious, boring and requiring a lot of time.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
30. Re:Who better? by peawormsworth · 2012-06-16 11:46 · Score: 1
  
  The word defense is a euphemism. The "department of Defense" is equivelent to "military". Wikipedia says: "The Department – headed by the Secretary of Defense – has three subordinate military departments: the Department of the Army, the Department of the Navy, and the Department of the Air Force."
  "one mans terrorist is another mans freedom fighter." To some the people who u would call "insurgent" is some elses "hero".
  In regard to "defensive" vs "offensive" technology, there is no difference. The same knowledge that can protect ur technology from attack is the same knowledge which can be exploited in order to attack an enemy who does not protect against this threat.
31. Re:Who better? by Xest · 2012-06-16 20:14 · Score: 1
  
  "What I see is that in each sector of competence, the skills are different for attacker and defender. While some black-hats may actually be good defenders, there is no reason to believe they are, besides a general understanding of the area. And no, you do not look at every possible attack vector even on the very top of attacker competence. There you look for a vector that fits your requirements. For example: How important is it that you remain undetected after the fact? For how long? How much time do you have? What must be compromised, what is nice to have? How much budget and what skills? Is there intelligence support available or maybe even somebody undercover?"
  You don't have that luxury that's the point, you can't pick and choose your point of entry on a well secured system, you have to find one.
  "Can a hardware shipment be compromised? Can somebody be bribed? And so on." ...which proves the point? It's about checking every possible point of entry until you find one, which requires knowledge of all possible points of entry to find one that works.
  "It really boils down to the attackers just having to find one working attack vector, while the defenders have to secure all of them."
  Yes and again, HOW do you think they find it? As I said before, there isn't just some magical red arrow that says "Point of entry, here".
  The problem with defenders is that they're generally bought into the field based entirely on only a theoretical basis. They do not have the understanding that a former blackhat might, because the theoretical field is always one step behind what is actually happening in the real world. Textbooks can't tell you everything - nothing beats practical experience, and you can't get practical experience defending against an attack that hasn't been publicised or happened yet, when it actually happens it's too late.
  Throughout the history of the internet those who have attacked systems have shown an impressive level of knowledge they attack - most often more so than the system admins administering those systems. It was the same when kids were attacking AT&T's cellphone network, it's the same when hackers sponsored by organised crime are breaking into steal credit cards, and and it's the same now that groups protesting against the world or whatever do serious hacks. If you don't think talented attackers have at least as good an understanding of the systems they break into as those defending them then you've missed decades of news on the subject.
  Like I said, even the Lulzsec crew, who were relatively low brow had to understand a lot about the system they were entering to penetrate so deep, from software versions, to the topology of the network such that they could pinpoint the weakest target to start with, to password hashing algorithms, to the people and their jobs at the company to pull off a social engineering stunt.
32. Re:Who better? by FishOuttaWater · 2012-06-17 10:05 · Score: 1
  
  Developing weapons is a diplomacy tool. Using them is an act of war.
33. Re:Who better? by stewbacca · 2012-06-17 11:39 · Score: 1
  
  ...or that the "Department of Defense" actually defends US soil?
  Yes, it actually DOES defend US oil...oh wait...
34. Re:Who better? by ananthap · 2012-06-17 13:33 · Score: 1
  
  "Defense contractors" probably comes from persons contracted by the department of defense. They could play defensive, offensive, clean the toilets, anything.
Great for non-bathers by busyqth · 2012-06-15 08:01 · Score: 3, Funny

For that exquisitely offensive hacker smell...
Offensive by Concerned+Onlooker · 2012-06-15 08:01 · Score: 2, Insightful

Aren't all hackers offensive?

--
http://www.rootstrikers.org/
1. Re:Offensive by Anubis+IV · 2012-06-15 08:12 · Score: 2
  
  Aren't all hackers offensive?
  Only to certain senses.
2. Re:Offensive by mcgrew · 2012-06-15 08:33 · Score: 4, Informative
  
  What is so offensive about repurposing hardware? What is so offensive about writing quick and dirty single-use code? What is so offensive about pen testing your own network?
  Son, if you think hackers are offensive, you're on the wrong site, and so is the idiot who modded you "insightful." Not knowing there are white, gray, and black hat hackers shows a complete and utter lack of insight.
  
  --
  Free Martian Whores!
3. Re:Offensive by St.Creed · 2012-06-15 09:15 · Score: 1
  
  Too bad. Since they're hiring "offensive hackers" and hackers aren't offensive, I guess they won't be able to find anyone then :)
  
  --
  Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
4. Re:Offensive by wisnoskij · 2012-06-15 09:26 · Score: 1
  
  In this sense I think they said offensive hacker instead of defence oriented security expert.
  
  --
  Troll is not a replacement for I disagree.
5. Re:Offensive by Anonymous Coward · 2012-06-15 10:39 · Score: 1
  
  What makes the white/gray/black concept so hard to understand?
6. Re:Offensive by i286NiNJA · 2012-06-15 16:12 · Score: 1
  
  No they want hackers to break into computers, they also want hackers to help them secure their own systems because they're awful at it. This is hardly news either you have no idea what you're talking about.
Microsoft must be so pleased.... by ip_freely_2000 · 2012-06-15 08:08 · Score: 3, Funny

the government is hiring people to hack my software with the intention of doing harm. If I was Apple or Google I'd be looking at this closely. Even if you hate Microsoft, this seems pretty ambiguous. I wonder if there's something in the Windows EULA that Microsoft should sue the government for violating.
1. Re:Microsoft must be so pleased.... by idontgno · 2012-06-15 08:21 · Score: 3, Interesting
  
  ...the government is hiring people to exploit the weakensses I allow in my software with the intention of doing harm
  FTFY. If Microsoft doesn't want Windows hacked, they only have to fix the damn thing.
  I wonder if there's something in the Windows EULA that Microsoft should sue the government for violating.
  There's this little EULA that says Microsoft can just suck it.
  
  --
  Welcome to the Panopticon. Used to be a prison, now it's your home.
2. Re:Microsoft must be so pleased.... by ackthpt · 2012-06-15 08:24 · Score: 1
  
  What makes you think they only hack Windows boxes?
  Because Windows is easier to pirate, which is why Iran was running so many copies of it on .. I love this part .. Nuclear Centrifuges!!!
  It's like feeding your army at McDonalds
  
  --
  
  A feeling of having made the same mistake before: Deja Foobar
3. Re:Microsoft must be so pleased.... by Mindcontrolled · 2012-06-15 08:25 · Score: 1, Insightful
  
  And if the Linux community wants Linux to be used, they only have to make it usable.
  Waiting for more than a decade...
  
  --
  Ubi solitudinem faciunt, pacem appellant.
4. Re:Microsoft must be so pleased.... by tchdab1 · 2012-06-15 08:51 · Score: 1
  
  I think these guys have all the source code and back doors they need from domestic developers. It's new features that they need to develop. Foggy Bottom/Langley needs to be able to say "I have an app for that!".
5. Re:Microsoft must be so pleased.... by mjwalshe · 2012-06-15 09:19 · Score: 2
  
  Um i think you will find that Governments reserve the right for their security services do do naughty things
6. Re:Microsoft must be so pleased.... by the+eric+conspiracy · 2012-06-15 13:10 · Score: 1
  
  Soon Windows Update will distribute these attacks.
7. Re:Microsoft must be so pleased.... by Anonymous Coward · 2012-06-15 13:51 · Score: 2, Insightful
  
  After all this time, you still seem ignorant of the fact that the Siemens controllers for the centrifuges are supported only on Windows.
  The choice of Windows was pushed by the contractors and the hardware selection, not Iran.
8. Re:Microsoft must be so pleased.... by donscarletti · 2012-06-15 16:05 · Score: 1
  
  Linux has been usable for 90% windows can do for over a decade. And today is used by an awful lot of people for a lot of things.
  Windows is targeted for home and office PC users and it fills that niche quite well. I just willingly paid for a Win7 professional OEM edition that was not forced on me, because I want my home desktop to run Windows. But like hell I'm going to install that thing on the server cluster that needs to stay up around the clock, unhacked for me to make money.
  Linux is already "pretty usable" on the desktop, the question is whether it is as good as Win7 and OSX. Probably not, but why do I care whether Linux can out-compete these operating systems in their own niches?
  
  --
  When Argumentum ad Hominem falls short, try Argumentum ad Matrem
9. Re:Microsoft must be so pleased.... by Mindcontrolled · 2012-06-15 19:35 · Score: 1
  
  It's the 90% thing that doesn't do it for me. Sure, I consider myself a nerd. I do run a fileserver and a thin mediaplayer client on linux. My main desktop, however, is Win7 and will stay Win7 for a considerable time, because Linux just does not do what I need when it comes to gaming and sound editing/digital music production. That's not the main point, though - the main point is that even my fileserver/media client setup is not something you can sell to your average Joe Blow. There IS a usability issue.
  
  --
  Ubi solitudinem faciunt, pacem appellant.
Department of Redundancy Department by Tablizer · 2012-06-15 08:10 · Score: 4, Interesting

So then, why don't we have a Department of Offense instead of just a Department of Defense? If the lie, I mean creative labeling works for DOD, why not use it for hacking titles also?
Also, I wonder if the inadvertent Stuxnet admission had anything to do with the change. Why mention such in job ads anyhow?

--
Table-ized A.I.
1. Re:Department of Redundancy Department by busyqth · 2012-06-15 08:13 · Score: 2
  
  The original name was the Department of War, which sounds way cooler.
2. Re:Department of Redundancy Department by ackthpt · 2012-06-15 08:18 · Score: 3, Funny
  
  The original name was the Department of War, which sounds way cooler.
  Yeah, and it was called Eastern War Time, before this Daylight Savings Time malarky.
  
  --
  
  A feeling of having made the same mistake before: Deja Foobar
3. Re:Department of Redundancy Department by gl4ss · 2012-06-15 08:53 · Score: 1
  
  Department of International Freedom Struggles.
  anyhow, sounds like easy money. apply for the job, if they ask you for references say that you can't tell them because that would land you in jail.
  
  --
  world was created 5 seconds before this post as it is.
4. Re:Department of Redundancy Department by bky1701 · 2012-06-15 09:01 · Score: 4, Interesting
  
  Well, they can always claim they are good at defense, since we haven't been invaded in a long time. If you put war back in the name, people might start asking questions about why a department with "war" in the name utterly failed the last several we were in.
  
  --
  Great Intellect...
5. Re:Department of Redundancy Department by ibneko · 2012-06-15 09:16 · Score: 1
  
  Because "DOO"
6. Re:Department of Redundancy Department by St.Creed · 2012-06-15 09:16 · Score: 1
  
  Oooh good one. Hadn't thought of it that way.
  
  --
  Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
7. Re:Department of Redundancy Department by man_of_mr_e · 2012-06-15 09:18 · Score: 1
  
  Because the best defense is a good offence.
  Or so my coach used to tell me.
  
  --
  If you need web hosting, you could do worse than here
8. Re:Department of Redundancy Department by ffflala · 2012-06-15 15:06 · Score: 1
  
  So then, why don't we have a Department of Offense instead of just a Department of Defense? If the lie, I mean creative labeling works for DOD, why not use it for hacking titles also?
  DoD covers both: because the best defense is a good offense. This same kind of sports-based reasoning is also why we have "three strikes" laws, btw. Because nothing quite as accurate as a good sports analogy to explain how to kill a bunch of people and/or imprison them for life.
Nooooooooo by thewils · 2012-06-15 08:11 · Score: 1

Don't respond!!! It's a trap!!

--
Once I was a four stone apology. Now I am two separate gorillas.
1. Re:Nooooooooo by ackthpt · 2012-06-15 08:16 · Score: 1
  
  Don't respond!!! It's a trap!!
  *cough* *wheeze*You were right.. The imperial forces were arrayed against us*cough*
  
  --
  
  A feeling of having made the same mistake before: Deja Foobar
2. Re:Nooooooooo by synapse7 · 2012-06-15 08:23 · Score: 1
  
  Don't people usually go to jail for using such skills?
3. Re:Nooooooooo by History's+Coming+To · 2012-06-15 08:36 · Score: 1
  
  People go to jail for "unauthorised" use of such skills. There's nothing wrong with using them on systems where you have permission to, such as penetration testing, and I'm willing to bet MS employ a good few people to do just that. And, of course, when you hand your perfectly legal research over to the government or military then it's up to them to use it responsibly. Which, of course, they will.
  
  --
  Please consider this account deleted, I just can't be bothered with the spam anymore.
4. Re:Nooooooooo by mjwalshe · 2012-06-15 09:25 · Score: 1
  
  Yes and for British Telecom I broke into a customers system when we took over a contract and the previous people had left under a cloud and not left the password - that was authorized by my boss the customer and a checked with a Very senior manager.
  
  ironically one of my coworkers i got help from was a reformed phreak and had been done for hacking :-)
5. Re:Nooooooooo by the+eric+conspiracy · 2012-06-15 13:08 · Score: 1
  
  Not if they are good at it.
day in the life of a govt hacker by Eponymous+Hero · 2012-06-15 08:14 · Score: 1

the only downside... can't smoke weed at work

http://www.youtube.com/watch?v=BBMtl79atFs

--
insensitive clod overlords obligatory xkcd car analogy russian reversals whoosh pedant fanbois ftfy in 3...2...1..PROFIT
1. Re:day in the life of a govt hacker by ackthpt · 2012-06-15 08:19 · Score: 2, Insightful
  
  the only downside... can't smoke weed at work
  http://www.youtube.com/watch?v=BBMtl79atFs
  
  Problem with that stuff is it doesn't make you smarter or more creative, it just makes you think you are.
  
  --
  
  A feeling of having made the same mistake before: Deja Foobar
2. Re:day in the life of a govt hacker by Eponymous+Hero · 2012-06-15 08:25 · Score: 1
  
  yeah, hackers!!! you hear that? booyah, bitches!!! sup now??
  
  --
  insensitive clod overlords obligatory xkcd car analogy russian reversals whoosh pedant fanbois ftfy in 3...2...1..PROFIT
3. Re:day in the life of a govt hacker by History's+Coming+To · 2012-06-15 08:41 · Score: 4, Insightful
  
  It can snap you out of an infinite brain loop though. I've lost count of the number of times I've been stuck on a problem, but solved it pretty quickly after having a smoke. Ditto alcohol, adrenalin and caffeine, anything to get your brain out of the rut it's in. I've also had some insights while using the strongest hallucinogen known, dreaming. Agreed, being perpetually stoned isn't going to help in the long run, but many people working on logic based problems will admit to moderate drug use when they hit a mental block.
  
  --
  Please consider this account deleted, I just can't be bothered with the spam anymore.
4. Re:day in the life of a govt hacker by ackthpt · 2012-06-15 08:49 · Score: 1
  
  It can snap you out of an infinite brain loop though. I've lost count of the number of times I've been stuck on a problem, but solved it pretty quickly after having a smoke. Ditto alcohol, adrenalin and caffeine, anything to get your brain out of the rut it's in. I've also had some insights while using the strongest hallucinogen known, dreaming. Agreed, being perpetually stoned isn't going to help in the long run, but many people working on logic based problems will admit to moderate drug use when they hit a mental block.
  And here I was just going out for a walk...
  
  --
  
  A feeling of having made the same mistake before: Deja Foobar
5. Re:day in the life of a govt hacker by History's+Coming+To · 2012-06-15 08:59 · Score: 1
  
  TL;DR - it gets you out of the Deja Foobar ;)
  
  --
  Please consider this account deleted, I just can't be bothered with the spam anymore.
6. Re:day in the life of a govt hacker by CanHasDIY · 2012-06-15 09:14 · Score: 1
  
  the only downside... can't smoke weed at work
  http://www.youtube.com/watch?v=BBMtl79atFs
  Problem with that stuff is it doesn't make you smarter or more creative, it just makes you think you are.
  Sayeth the Prophet -
  
  They lie about marijuana. Tell you pot-smoking makes you unmotivated. Lie! When you're high, you can do everything you normally do just as well – you just realize that it's not worth the fucking effort. There is a difference.
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
7. Re:day in the life of a govt hacker by Phyrexia · 2012-06-15 09:52 · Score: 1
  
  I think there are studies which refute your assertion.
Windows Attack Developer - Wanted by ackthpt · 2012-06-15 08:14 · Score: 4, Funny

Best advertising you could ask -- for Linux or Mac.

--

A feeling of having made the same mistake before: Deja Foobar
1. Re:Windows Attack Developer - Wanted by Reschekle · 2012-06-15 08:27 · Score: 1
  
  Not really. The spooks want to attack the platform the enemy is using and will have high value in comprimising.
  Linux and Mac computers don't manage the SCADA system in Iran's enrichment plants, nor do their military commanders, bureaucrats, and etc. use Linux or Mac computers on a day to day basis.
  Both Linux and Mac OS have had their share of embarrassing exploits.
2. Re:Windows Attack Developer - Wanted by ackthpt · 2012-06-15 08:46 · Score: 1, Interesting
  
  Not really. The spooks want to attack the platform the enemy is using and will have high value in comprimising.
  Linux and Mac computers don't manage the SCADA system in Iran's enrichment plants, nor do their military commanders, bureaucrats, and etc. use Linux or Mac computers on a day to day basis.
  Both Linux and Mac OS have had their share of embarrassing exploits.
  That's the point. If all these developers are going to hack for $$$, without risk of going to the pokey, that's that many less who will be sitting around hacking Mac or Linux. Besides, Stuxnet succeeded because idiotic Iran bought a load of commodity PCs all loaded up with Windows and didn't have a lick of sense to isolate them from the outside world. If they had any competency they'd stay away from commodity garbage and be using dedicated hardware with specifically coded firmware, for the job, not a load of boxes which can run office, games, web browsers, play music or video, etc, on something as critical as a Nuclear Centrifuge .. geez, that's just amazing they did that. Probably coded all their controling software in VB, too.
  
  --
  
  A feeling of having made the same mistake before: Deja Foobar
3. Re:Windows Attack Developer - Wanted by sqrt(2) · 2012-06-15 09:45 · Score: 3, Informative
  
  The Stuxnet infected computers were "air gapped" meaning they had no connection to the outside internet. Many probably weren't even part of a network at all. They were infected by USB thumbdrives, and maybe a double agent who deliberately delivered the payload to the target machine.
  
  --
  If you build it, nerds will come. Soylentnews.org
Openly Post Listings? by busyqth · 2012-06-15 08:15 · Score: 5, Funny

Well I'm glad that they're posting the job listings openly.
Secretly posted listings don't usually have a great response rate.
1. Re:Openly Post Listings? by Anonymous Coward · 2012-06-15 09:10 · Score: 1
  
  In soviet russia, job finds you!
2. Re:Openly Post Listings? by firewrought · 2012-06-15 09:17 · Score: 1
  
  Well I'm glad that they're posting the job listings openly. Secretly posted listings don't usually have a great response rate.
  Yes, but posting it secretly--to your honeypot network--makes it a a whole lot easier to ferret out people with actual skill. ;-O
  
  --
  -1, Too Many Layers Of Abstraction
Not official by cpu6502 · 2012-06-15 08:15 · Score: 4, Interesting

Quoting another slashdotter: "This is just a reporter's opinion sourced from conversations with people whose names he won't reveal at times he won't reveal..... he details the exact contents of a meeting that consisted of president Obama, vice president Biden, and CIA director Leon Panetta. For him to have this conversation, it means he has interviewed either the president, the vice president, or Panetta on this. Fat fucking chance. It's probably true, but no it's no way in hell close to "offical"."

--
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
1. Re:Not official by TubeSteak · 2012-06-15 09:07 · Score: 1
  
  Quoting another slashdotter: "I know what happened in a lot of meetings I never personally attended. Participants talk, transcripts are shared, etc. I suspect this info came second or third-hand from the people under Panetta."
  
  --
  [Fuck Beta]
  o0t!
2. Re:Not official by KhabaLox · 2012-06-15 09:09 · Score: 1
  
  Quoting another slashdotter: "This is just a reporter's opinion sourced from conversations with people whose names he won't reveal at times he won't reveal..... he details the exact contents of a meeting that consisted of president Obama, vice president Biden, and CIA director Leon Panetta. For him to have this conversation, it means he has interviewed either the president, the vice president, or Panetta on this. Fat fucking chance. It's probably true, but no it's no way in hell close to "offical"."
  You could say the same thing, more or less, about Woodward and Bernstein and Deep Throat. It could be Biden or Panetta instructed an aide to leak the story at (or not) the President's direction.
  
  --
  Ceci n'est pas un sig.
Cool by Offensive+Hacker · 2012-06-15 08:19 · Score: 5, Funny

This is right up my alley.
Re:Do I detect a bit of dot-com in the mix? by ackthpt · 2012-06-15 08:22 · Score: 2, Funny

But rocketing demand and a lagging supply of skilled hackers is boosting salaries and driving the defense industry’s war for talent into the open, says Alan Paller, the director of research at the cybersecurity education-focused SANS Institute. He cites SANS’ statistics that highly skilled cybersecurity staffers were paid as much as $175,000 in 2011, up 25 to 30 percent from two years before, and points to comments from the Booz Allen Hamilton executive Patrick Gorman to Bloomberg last year that the company tries to hire 1,000 cybersecurity experts a year, and struggles to find them.
Gentlemen, the next new fad. Here's a trick question: how many script kiddies does it take to develop an exploit?
Depends .. how many bug writers does Microsoft employ? 10,000? 20,000?
meanwhile, Jawa seen at Euro 2012

--

A feeling of having made the same mistake before: Deja Foobar
Me me me! by evilviper · 2012-06-15 08:22 · Score: 2

Pentagon Contractors Openly Post Job Listings For Offensive Hackers
People always say that I'm highly offensive...

--
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Clearance Interview by dloolb · 2012-06-15 08:23 · Score: 3, Interesting

I bet the clearance interviews are interesting and probably resemble a job interview. Have fun with the EQIP form!

--
The electric yellow has got me by the brain banana
1. Re:Clearance Interview by ackthpt · 2012-06-15 10:09 · Score: 1
  
  I bet the clearance interviews are interesting and probably resemble a job interview. Have fun with the EQIP form!
  RESUME
  IMA HACKER
  221 C BREAKER ST
  LONDON, OH
  Hai! I hakked vidio gamez, mobile fones, ipadz, and, can crack most browzers easly with some scriptz. Hire me or mi botnet will dsetroy you're company!
  MEMO: Ms. Swanson, hire this one, let's see what she can really do. Starting salary $90,000.
  
  --
  
  A feeling of having made the same mistake before: Deja Foobar
Could be just the "in" Annonymous has been ... by gatesstillborg · 2012-06-15 08:25 · Score: 1

...looking for! :)
not to mention that 5 sided building in DC by RobertLTux · 2012-06-15 08:29 · Score: 1

what would be the nearest "bird farm" to Redmond?? or maybe the nearest Jam Factory??

--
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Afghanistan mujahideen by jjohn · 2012-06-15 08:33 · Score: 5, Insightful

I don't need to explain why training terrorists might not be the best idea for our long term interest, right?
1. Re:Afghanistan mujahideen by rgbrenner · 2012-06-15 11:00 · Score: 1
  
  I don't need to explain why training terrorists might not be the best idea for our long term interest, right?
  Yes! Why didn't the pentagon think of this? Training hackers is a terrible idea.
  Oh no.. it's worse than that. It looks like they are also training people how to use guns, fly airplanes, and use armed ships
2. Re:Afghanistan mujahideen by ThatsMyNick · 2012-06-15 11:49 · Score: 1
  
  And yeah we should stop training our military too. Training them in offense would turn them into terrorist too right?
3. Re:Afghanistan mujahideen by rgbrenner · 2012-06-15 22:08 · Score: 1
  
  true.. but I think the real difference between soldiers (computer techs or otherwise) and the mujaheddin is that they are US citizens. It would be very difficult for the mujaheddin to operate if the US gov knew their names, SS #s, etc, and could raid their homes right now and toss them in prison for the rest of their lives. The US gov has that ability with US citizens.. it doesn't with the mujaheddin.
Of course by Sparticus789 · 2012-06-15 08:35 · Score: 3, Informative

Leave it to the government to use outside contractors which demand a ridiculously high salary for this, when they could just develop more offensive capabilities with the people they already have. There are hundreds of military people who could perform this task with a little training and education, but the Pentagon, in their infinite wisdom, would rather those people sit on mountain tops playing Guitar Hero.
Even in my short 8 years in the Army, I saw a complete brain dump of technical jobs. The people who replaced me keep getting more incapable, because all the capable ones get out and take contracting jobs. Then the Army can't fulfill their mission, so the contractors hire back the same former military people to fill their previous slots, with 3x the salary and benefits.

--
sudo make me a sandwich
What are principal the technical skill sets? by PerlPunk · 2012-06-15 08:43 · Score: 1

Now that there is an economic "boom" in offensive hacking in the US (and probably elsewhere, too), what are the core skill sets that one should have? Computer languages, networking, social engineering? Any non-IT skills, like physics, EE, etc.?
1. Re:What are principal the technical skill sets? by Fnord666 · 2012-06-15 12:41 · Score: 1
  
  Now that there is an economic "boom" in offensive hacking in the US (and probably elsewhere, too), what are the core skill sets that one should have? Computer languages, networking, social engineering? Any non-IT skills, like physics, EE, etc.?
  Arabic?
  
  --
  'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
2. Re:What are principal the technical skill sets? by gatkinso · 2012-06-15 23:59 · Score: 1
  
  Embedded developers I would think would be a great starting point: they are comfortable at the kernel level and may already have training on the very control systems being targeted.
  
  --
  I am very small, utmostly microscopic.
Re:Give up... by busyqth · 2012-06-15 08:47 · Score: 1

Well there are a few bonobos...
Sauce for the New York Times... by Lew+Perin · 2012-06-15 08:57 · Score: 1

Recently US senators and members of Congress have been demanding punishment for anyone responsible for the recent media accounts of US involvement in Stuxnet and Flame. Can we assume that there's going to be a thorough investigation of what is in effect confirmation of those media stories? Starting with the HR departments of those giant defense (or offense) contractors and going as far as the evidence leads? Are we holding our breath?

--
Sorry, I forgot there are ads on the Web; I use Lynx.
Easy Fix by wisnoskij · 2012-06-15 09:29 · Score: 1

Call it the Department of Offensive Matters and it can be shortened to DOOM, which would be awesome.

--
Troll is not a replacement for I disagree.
Re:Do I detect a bit of dot-com in the mix? by gweihir · 2012-06-15 10:29 · Score: 1

Gentlemen, the next new fad. Here's a trick question: how many script kiddies does it take to develop an exploit?
Hehe, right on the mark!

--
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
No thanks by codepunk · 2012-06-15 10:51 · Score: 1

I had one gig with a dod contractor, you could not pay me enough to do it again. Ok, I am lying but the rate would be near insanity.

--

Got Code?
Re:go to jail by TaoPhoenix · 2012-06-15 11:30 · Score: 2

Good, you're the first one to point out part of this problem.
A lot of people learn hands on... so where are you supposed to learn this stuff legally? It kinda makes me laugh in the summary "a drying up supply of hackers". Okay, so we have 100 articles calling hackers terrorists, then you're complaining why people stop hacking?

--
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Hire Mitnick. by detritus. · 2012-06-15 16:52 · Score: 1

Hire Kevin Mitnick. He's the most dangerous hacker in the world. All he has to do is call up Iran and whistle into the phone, and they nuke themselves!
Hacker ethics by in10d · 2012-06-15 19:03 · Score: 1

The time of hacker ethics comes to an end. So now - aside from White Hats and Black Hats, you will have Navy Hats stating "we do this just for greater good of America".
Re:no can do by Sparticus789 · 2012-06-16 15:37 · Score: 1

OMG no. Some extremely bright people can manage to do the job with less than a Computer Science degree... for example, 3 years of MIT or Stanford. Normally it takes people with a BS degree and a decade of low-level experience, or an MS degree and a half dozen years of low-level experience.
First, if you had any guts you wouldn't post AC. Second, you obviously do not know any military folks who are in an IT job. That's what military folks in the IT field already have! I don't know a former military person who worked in IT that had less than 60 college credits and knew how to program at least one language. Add in the 6-10 years experience (which is harder than anything encountered in the civilian sector, so probably the equivalent to 8-12 years in the civilian world). We aren't dumb grunts, we know what we are doing. It's the Generals, politicians, and contractors that have no idea what they are doing.

--
sudo make me a sandwich