Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pentagon Contractors Openly Post Job Listings For Offensive Hackers

Posted by Soulskill on from the must-have-eight-years-experience-and-good-references dept.

Sparrowvsrevolution writes "In the wake of confirmation that the U.S. government was involved in the creation of Stuxnet and likely Flame, a look over job listings on defense contractor sites shows just how explicitly the Pentagon and the firms that service it are recruiting offense-oriented hackers. Northrop Grumman, Raytheon, Lockheed Martin, SAIC, and Booz Allen have all posted job ads that require skills like 'exploit development,' have titles like 'Windows Attack Developer,' or asks them to 'plan, execute, and assess an Offensive Cyberspace Operation.'"

37 of 149 comments (clear)

  1. Who better? by jameson71 · · Score: 5, Insightful

    Who would better know how to defend against these attacks than someone who knows how to develop and implement them?

    1. Re:Who better? by Shagg · · Score: 4, Insightful

      What makes you think they're being hired for defense?

      --
      Unix is user friendly, it's just selective about who its friends are.
    2. Re:Who better? by Eightbitgnosis · · Score: 4, Insightful

      Offense? Defense?

      With America's preemptive warfare policy; what's the difference?

    3. Re:Who better? by cyfer2000 · · Score: 2

      "job listings on defense contractor sites"

      --
      There is a spark in every single flame bait point.
    4. Re:Who better? by ackthpt · · Score: 2

      Who would better know how to defend against these attacks than someone who knows how to develop and implement them?

      How about people with enough sense to write code which sits there, unobtrusively doing nothing, until such time as it is called upon to do its dirty work? These are the people you want, not just someone who knows today's weakness, which may not be there tomorrow.

      --

      A feeling of having made the same mistake before: Deja Foobar
    5. Re:Who better? by Shagg · · Score: 3, Insightful

      You don't think "defense contractors" means they only defend, do you?

      --
      Unix is user friendly, it's just selective about who its friends are.
    6. Re:Who better? by bky1701 · · Score: 3, Insightful

      Hackers are like soldiers, though, in that defense and offense are really not that far apart (with the exception of just following good programming standards). Just like you can order the guy keeping watch to go shoot at some people, a 'friendly' hacker can still hack your enemies, in theory.

      The overall problem with "cyber war" is that it seems like the new excuse, now that kiddie porn has kind of fizzled out and piracy is widely accepted, to lock down the internet. The only real answer is to stop having vital systems programmed by idiots connected to the internet. When most bank and government systems are less secure than a site running PHPBB (for example, using unencrypted passwords), there is a serious problem that can't be fixed by plastering it over with censorship and playing war.

      --
      Great Intellect...
    7. Re:Who better? by Dishevel · · Score: 2

      To only defend is a horrible defense.

      --
      Why is it so hard to only have politicians for a few years, then have them go away?
    8. Re:Who better? by Stiletto · · Score: 2

      ...or that the "Department of Defense" actually defends US soil?

    9. Re:Who better? by gweihir · · Score: 4, Insightful

      Who would better know how to defend against these attacks than someone who knows how to develop and implement them?

      Almost anybody. Attackers are highly specialized and do not need to cover the whole or even significant parts of the protection angle. If the attacker gets in, the goal is reached. It does not matter at all that if a lot of potential other attack venues were not even touched.

      For this reason, black-hats make terrible security experts for the defender side. The myth that a good attacker is a good defender is patently false in IT security (and likely in other areas as well). What a good defender needs first is to find all possible attack venues. That is complicated and requires understanding the whole system, the organization using it, the cultural environment, etc. The black-hat, on the other side, can experiment and does not really need to understand any of these, except for the tony fragment where the attack is to be launched. Even there, the black-hat can afford to fail frequently. This is fundamentally different for the defender.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    10. Re:Who better? by WrecklessSandwich · · Score: 2

      It used to be called the Department of War up until 1949. Shame that they decided to change the name when they reorganized all of the branches under a joint command.

    11. Re:Who better? by baegucb · · Score: 2

      I was called older than dirt, on irc, back in the 90s. If you've been around long enough, you get to know people. Like on private irc servers. Anything can be cracked. Sheesh, between social engineering, knowledge of unpublished holes in various OS's you find, and a few people with skills, anything can be gotten into.

      Now, get off my lawn. Really, get off.

  2. Great for non-bathers by busyqth · · Score: 3, Funny

    For that exquisitely offensive hacker smell...

  3. Offensive by Concerned+Onlooker · · Score: 2, Insightful

    Aren't all hackers offensive?

    --
    http://www.rootstrikers.org/
    1. Re:Offensive by Anubis+IV · · Score: 2

      Aren't all hackers offensive?

      Only to certain senses.

    2. Re:Offensive by mcgrew · · Score: 4, Informative

      What is so offensive about repurposing hardware? What is so offensive about writing quick and dirty single-use code? What is so offensive about pen testing your own network?

      Son, if you think hackers are offensive, you're on the wrong site, and so is the idiot who modded you "insightful." Not knowing there are white, gray, and black hat hackers shows a complete and utter lack of insight.

      --
      Free Martian Whores!
  4. Microsoft must be so pleased.... by ip_freely_2000 · · Score: 3, Funny

    the government is hiring people to hack my software with the intention of doing harm. If I was Apple or Google I'd be looking at this closely. Even if you hate Microsoft, this seems pretty ambiguous. I wonder if there's something in the Windows EULA that Microsoft should sue the government for violating.

    1. Re:Microsoft must be so pleased.... by idontgno · · Score: 3, Interesting

      ...the government is hiring people to exploit the weakensses I allow in my software with the intention of doing harm

      FTFY. If Microsoft doesn't want Windows hacked, they only have to fix the damn thing.

      I wonder if there's something in the Windows EULA that Microsoft should sue the government for violating.

      There's this little EULA that says Microsoft can just suck it.

      --
      Welcome to the Panopticon. Used to be a prison, now it's your home.
    2. Re:Microsoft must be so pleased.... by mjwalshe · · Score: 2

      Um i think you will find that Governments reserve the right for their security services do do naughty things

    3. Re:Microsoft must be so pleased.... by Anonymous Coward · · Score: 2, Insightful

      After all this time, you still seem ignorant of the fact that the Siemens controllers for the centrifuges are supported only on Windows.
      The choice of Windows was pushed by the contractors and the hardware selection, not Iran.

  5. Department of Redundancy Department by Tablizer · · Score: 4, Interesting

    So then, why don't we have a Department of Offense instead of just a Department of Defense? If the lie, I mean creative labeling works for DOD, why not use it for hacking titles also?

    Also, I wonder if the inadvertent Stuxnet admission had anything to do with the change. Why mention such in job ads anyhow?

    --
    Table-ized A.I.
    1. Re:Department of Redundancy Department by busyqth · · Score: 2

      The original name was the Department of War, which sounds way cooler.

    2. Re:Department of Redundancy Department by ackthpt · · Score: 3, Funny

      The original name was the Department of War, which sounds way cooler.

      Yeah, and it was called Eastern War Time, before this Daylight Savings Time malarky.

      --

      A feeling of having made the same mistake before: Deja Foobar
    3. Re:Department of Redundancy Department by bky1701 · · Score: 4, Interesting

      Well, they can always claim they are good at defense, since we haven't been invaded in a long time. If you put war back in the name, people might start asking questions about why a department with "war" in the name utterly failed the last several we were in.

      --
      Great Intellect...
  6. Windows Attack Developer - Wanted by ackthpt · · Score: 4, Funny

    Best advertising you could ask -- for Linux or Mac.

    --

    A feeling of having made the same mistake before: Deja Foobar
    1. Re:Windows Attack Developer - Wanted by sqrt(2) · · Score: 3, Informative

      The Stuxnet infected computers were "air gapped" meaning they had no connection to the outside internet. Many probably weren't even part of a network at all. They were infected by USB thumbdrives, and maybe a double agent who deliberately delivered the payload to the target machine.

      --
      If you build it, nerds will come. Soylentnews.org
  7. Openly Post Listings? by busyqth · · Score: 5, Funny

    Well I'm glad that they're posting the job listings openly.
    Secretly posted listings don't usually have a great response rate.

  8. Not official by cpu6502 · · Score: 4, Interesting

    Quoting another slashdotter: "This is just a reporter's opinion sourced from conversations with people whose names he won't reveal at times he won't reveal..... he details the exact contents of a meeting that consisted of president Obama, vice president Biden, and CIA director Leon Panetta. For him to have this conversation, it means he has interviewed either the president, the vice president, or Panetta on this. Fat fucking chance. It's probably true, but no it's no way in hell close to "offical"."

    --
    My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
  9. Cool by Offensive+Hacker · · Score: 5, Funny

    This is right up my alley.

  10. Re:day in the life of a govt hacker by ackthpt · · Score: 2, Insightful

    the only downside... can't smoke weed at work

    http://www.youtube.com/watch?v=BBMtl79atFs

    Problem with that stuff is it doesn't make you smarter or more creative, it just makes you think you are.

    --

    A feeling of having made the same mistake before: Deja Foobar
  11. Re:Do I detect a bit of dot-com in the mix? by ackthpt · · Score: 2, Funny

    But rocketing demand and a lagging supply of skilled hackers is boosting salaries and driving the defense industry’s war for talent into the open, says Alan Paller, the director of research at the cybersecurity education-focused SANS Institute. He cites SANS’ statistics that highly skilled cybersecurity staffers were paid as much as $175,000 in 2011, up 25 to 30 percent from two years before, and points to comments from the Booz Allen Hamilton executive Patrick Gorman to Bloomberg last year that the company tries to hire 1,000 cybersecurity experts a year, and struggles to find them.

    Gentlemen, the next new fad. Here's a trick question: how many script kiddies does it take to develop an exploit?

    Depends .. how many bug writers does Microsoft employ? 10,000? 20,000?

    meanwhile, Jawa seen at Euro 2012

    --

    A feeling of having made the same mistake before: Deja Foobar
  12. Me me me! by evilviper · · Score: 2

    Pentagon Contractors Openly Post Job Listings For Offensive Hackers

    People always say that I'm highly offensive...

    --
    Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
  13. Clearance Interview by dloolb · · Score: 3, Interesting

    I bet the clearance interviews are interesting and probably resemble a job interview. Have fun with the EQIP form!

    --
    The electric yellow has got me by the brain banana
  14. Afghanistan mujahideen by jjohn · · Score: 5, Insightful

    I don't need to explain why training terrorists might not be the best idea for our long term interest, right?

  15. Of course by Sparticus789 · · Score: 3, Informative

    Leave it to the government to use outside contractors which demand a ridiculously high salary for this, when they could just develop more offensive capabilities with the people they already have. There are hundreds of military people who could perform this task with a little training and education, but the Pentagon, in their infinite wisdom, would rather those people sit on mountain tops playing Guitar Hero.

    Even in my short 8 years in the Army, I saw a complete brain dump of technical jobs. The people who replaced me keep getting more incapable, because all the capable ones get out and take contracting jobs. Then the Army can't fulfill their mission, so the contractors hire back the same former military people to fill their previous slots, with 3x the salary and benefits.

    --
    sudo make me a sandwich
  16. Re:day in the life of a govt hacker by History's+Coming+To · · Score: 4, Insightful

    It can snap you out of an infinite brain loop though. I've lost count of the number of times I've been stuck on a problem, but solved it pretty quickly after having a smoke. Ditto alcohol, adrenalin and caffeine, anything to get your brain out of the rut it's in. I've also had some insights while using the strongest hallucinogen known, dreaming. Agreed, being perpetually stoned isn't going to help in the long run, but many people working on logic based problems will admit to moderate drug use when they hit a mental block.

    --
    Please consider this account deleted, I just can't be bothered with the spam anymore.
  17. Re:go to jail by TaoPhoenix · · Score: 2

    Good, you're the first one to point out part of this problem.

    A lot of people learn hands on... so where are you supposed to learn this stuff legally? It kinda makes me laugh in the summary "a drying up supply of hackers". Okay, so we have 100 articles calling hackers terrorists, then you're complaining why people stop hacking?

    --
    My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine