Slashdot Mirror
Defense Expert: Hire Hackers and Wage War
Phoghat writes "A top defense and cybersecurity expert says the U.S. should stop trying to take aim at expert hackers and start doing a better job of recruiting them. 'Let's just say that in some places you find guys with body piercings and nonregulation haircuts,' says U.S. Naval Postgraduate School professor John Arquilla . 'But most of these sorts of guys can't be vetted in the traditional way. We need a new institutional culture that allows us to reach out to them.'"
I am guessing that culture doesn't want to be vetted, by any means, traditional or non-traditional.
Most of these hackers inherently distrust the government, that's why they are hacking them. So what is the benefit in hiring them?
I say it's awfully childish. Do we really want the Internet to be an unstable place? Because it's going to be so easy for others to retaliate, and the losers will be those who lose their rights.
..finding what they care about and holding it ransom works well. Also I've heard that some nations don't consider waterboarding to be torture so that might be a further way to reachout. Or is 'reachout' not in the same classification as 'collateral damage' and 'illegal combatant'.
Government sanctioned hacking will lead to enemy government retaliation, and then they'll take the internet as we know it to save us from those damn terrorists.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
Buy Blizzard. Threaten to close WoW account of said hacker. Et voila, you've got yourself a hacker that you can count upon! (Give them a free flying mount once in a while and you keep them happy too!)
Some of the most talented technical people I know are also the most clean-cut and athletic. Some of the worst, show-offs who know the talk but little else, fall into your usual hacker stereotype with their appearance. I think the former is more realistic, and the latter is more romantic fantasy— brought on by people who idealize Gibson. In other words, why bother? The first group is more likely to give you a well-rounded individual who actually knows her material. The second group is a total crapshoot.
I have worked with some of these types. They for sure do not trust the government and the government could not and should not ever trust them.
Most of those guys are clueless about the outside world so they may be hard to motivate. Maybe sex will work. Hire some hookers.
Negative moral value of force outweighs the positive value of good intentions.
The problem is that vetting the ethics of a hacker needs someone who has insight in the cultural framework as much as the technical capabilities of the person under review, and that is MILES beyond your average HR setup.
I know from my own experience that the best reviewer for tech is someone who is either a former hacker him/herself, or has a personality that borders on Aspergers. You cannot understand technical people if you do not have the required mental tools, and especially the brighter hackers do not exactly conform to the standard employee model.
So, use one to know one, and forget about your average corporate HR droid doing anywhere near a sensible assessment. Oh, and forget about standard management techniques either - not only does it take one to know one, it certainly takes one to manage them.
Insert
While we're at it, could we please also *not* assume that l33t hackers come only in one visual package (piercings, ink, etc.)?
Or, instead of spending all that money on institutional reach out plans, why not kidnap their wife/son/grandma to entice them to work for you? You can lock them overnight in a room with no contact to the outside except for a 1994 style beeper and a blunt swiss pocket knife. Oh, and some chewing gum, an out of work WWE wrestler guarding the door, and a red Ferrari parked in the back parking lot. Trust me, details matter.
FUCK YOU
Take highly competent tech people who are generally speaking somewhat anti-authoritarian, give them the tools to do nasty things to the nations enemies via hacking, malware programming etc, and expect them to keep their mouths shut about it. :P
A lot of people don't trust the government - and often with very good reason - why would they want to hack for it?
How long until the complete log files of everything they and everyone they associate with are sent to Wikileaks?
Find technical people who are not anti-authoritarian and get them to do your hacking - just hire them for ability and knowledge rather than the traditional military virtues that most military organizations look for. In fact, hire them as civilian contractors and then keep them away from the rest of the military
"The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
I was in Summercon, Atlanta (1995). Chatted with many of the great hackers of the time, as well as many awesome specialists, legendary people truly. And it was already a consensus at the time. Internet, still in its infancy, wasn't understood properly by gov't forces, and they were ill-prepared, for their true assets, the hackers, weren't being used _with_ them, but instead were in a war _against_ them. That's not something you can learn at school, with the exception of some awesome teachers who are doing a great grunt work of really teaching hacking, even then, I heard of more of these teachers having to fight school administrations to keep their courses.
The idea seems to start to rub in, but it's 20 years late :) . I'm happy the article pushes the idea to the mainstream, though.
Want to reach the hacking culture? It's like hiring tribes people to help log the Amazon rainforest. Corporations should learn from the mistakes made in those senarios before even thinking of strategies such as this.
The irony here is although the Govt started the Internet as an official project, it has always rested on the shoulders of academics and the talent of the hacking community, corporations come further down the list.
The problem with the Government hiring those "shady" hacker types is they have a hard time trusting them.
Ironically enough, hackers seem to have that exact same problem with "shady" Government types too.
No surprise a story like this comes out this close to Black Hat/DEFCON...again, it's not a matter of finding hackers...
So they want to hire the people that are currently at war with them. A good idea, but not very realistic.
Maybe they could try and pass some more laws like SOPA or dodge the democratic process with ACTA-like treaties and see if that drums up more recruits.
The people they will get will be the "retired," mediocre to average hackers who are now married and have too much too lose and can be bought with cool toys.
you have to realize that many of the "cyber hackers" the government is eyeballing are the very same people that love nothing more than to leak classified data and hack into defense secrets solely because they view your establishent as the problem.
speaking as one of the the aformentioned non-regulation pierced guy, i can say that each time i hear a blowhard suit at the anything-department wax prophetic upon anything prefixed with "cyber," i roll my eyes, turn up the hardcore techno, and go back to writing that python interface for the communications receiver I bought on craigslist a few months back.
no one cares about the next war you're trying to sell america except the mouthbreathing walmartians in the sticks. the people youre trying to "reach out to" explicitly do not respond because they arent stupid enough to nod when told "be all you can be." as knowledge is power they understand enough about your institution to avoid it at all costs. all its done in the past 40 years is act as an engine of misery, destruction and sorrow across the globe.
Good people go to bed earlier.
Because they fight against everything the government stands for = Oppression.
No age rules, no boot camp, no / limited medical disqualifies.
Why should some who say may be in a wheelchair not be able to do work like just because of having to go to boot camp or the same thing about age rules so you have long time pros come in that may be to old to pass boot camp.
Also there are smart IT people who don't have the mental mindset to handle a boot camp as well.
I'm serious, because to-date I haven't seen much recruitment effort of 'seniors', you know, like, 40+ types. But I do see a lot, and I mean a lot of things to disqualify anyone that might apply, (for all the G-Jobs I see), even though folks might apply for all the right reasons. Even people older than 40, perhaps because of their inherit threat, but what do I know? They might even be so old as to be on medical marajuana in another state, and fear drug tests and a permanent stain on their future I.T./data center emplyoment record; and asking themselves, 'is it worth the effort to apply?'
And in case anyone is wondering, I'm willing to compete for my job dammit. Seriously.
Posted anon, but thank goodness after much time & effort learning new and up-to-date linux/web stuff, the job outlook in my I.T. sector is ultra-rosey. But I am serious, do they want older hackers and what will they do to get the best for the jobs being offered? Disqualifying a huge lot of experience doesn't seem wise or just; while I think loyalty can be relatively expected in return for the trust and relative security being offered. Especially when it comes to TCP/IP network security experience.
Since I am already posting anon on /., does it help I don't have a spousal unit to tie me down, and is anyone here even surprised by that? Honestly, how are people like me being actively recruited and allowed to qualify, and for what exactly?
Oh yeah, I am old at 50 already, with a longer background to check then most people perhaps, but I know where I.T. is going dammit and can seriously compete because I've been on-track for awhile. Can I be recruited for such a g-job?
We need a new institutional culture that allows us to reach out to them.'
Cue MONTAGE featuring Cameron Diaz as cute "brutal" platoon sargeant yelling orders at misfis!
WARNING: Smartphones have side effects--most of them undocumented.
I wonder if Americans realize that in most of the world, there aren't people constantly trying to find a new military technology or advantage, and the press doesn't talk about these things every day.
You expect inclusiveness from the US military? Up until quite recently, their policy was to kick out anyone they determined to be gay. Their policy on women is still to confine them to desk jobs, far away from combat. Perhaps it would be better to strip the DoD from all responsibility for internet security and assign such tasks exclusively to a new agency, answerable directly to congress. They'd work with the military and intelligence services, but not be part of them. No boot camp, no ranks, and a staff of tech-experts and intelligence experts rather than generals who got up the ranks by being good at killing stuff.
Want to reach the hacking culture? It's like hiring tribes people to help log the Amazon rainforest. Corporations should learn from the mistakes made in those senarios before even thinking of strategies such as this.
What the corporate MBAs would immediately deduce is that the tribespeople had been improperly incentivized, and should have been offered different shiny stuff. Numerous case studies would then be performed to find the optimum lowest-cost shiny stuff to offer to induce tribespeople to wreck their environment. Devastation of the rainforest would not be abated, while corporate profits and MBA bonuses would increase grotesquely for a few quarters.
Similar dysfunctional thinking would be applied to recruiting hackers.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
... when they recommend the US government move desktops off Windows.
Until they do that, they're not taking it seriously either. It's just a boondoggle to transfer money from the taxpayer to the military-industrial complex.
http://rocknerd.co.uk
Problem with backdoors is, the insecurity points both ways - you can't have it secure just for you and insecure for others. Once you put the backdoors into everything, they are there, ready to be misused against everyone, including you, whatever noble puropse you thought they were to initially serve. Thinking nobody will find out is delusional. This will not end well :(
They seem to be having success in China, North Korea, and Russia.
now we need to go OSS in diesel cars
Just don't hire them as members of the military in the usual sense.
now we need to go OSS in diesel cars
This presupposes that the cultural clash between the military and the hackers is about their fashion choices instead of being about devoting your life to the more efficient killing of other people in the pursuit of enriching the already rich and powerful.
He might want to think beyond allowing non-regulation haircuts and piercings.
- For the complete works of Shakespeare: cat
Like the opportunity to destroy AmeriCIA from within!
"Flyin' in just a sweet place,
Never been known to fail..."
But climate is now demonstrated by data to have been HOTTER in Roman and Medieval times, than now.
This is in the journal, Nature. If you pardon the pun, this isn't a hotbed of "deniers".
http://www.nature.com/nclimate/journal/vaop/ncurrent/full/nclimate1589.html
"Flyin' in just a sweet place,
Never been known to fail..."
older pros are needed as just having JR's is missing out on people with experience know that the book says this but in the real IT systems doing it this way works better in the good IT classes aka ones at community colleges and tech schools teach like that as well as a lot of them are IT pros and know what it is right.
Last I checked I'd have a hard time considering most of the people arrested by the FBI "world class" hackers. The majority of Black Hat hackers are generally scriptkiddies. Most of the best (the ones who do it to see if they can) are either Grey or White already work for a security firm which pays FAR better then the government would. If the gov wants to hire the best hackers then they need to start offering better pay then giving the excuse âoeyou get the warm fuzzy feeling that your protecting your country, isn't that worth at least 20% or more?â
From what I see, if the US government has to reach to the hacking culture, they need to "atone" for Operation Sun Devil. Right now, at best, they can get contractors because of this. Unlike China where their citizens will happily go to a computer room and start doing their work.
The pogrom against Steve Jackson Games and other sites forever made any person with non-tivial skillz not interested in any way to work for the US, just for fear that they will be labeled a "terrorist" should something happened, and burned at the stake.
The US government needs to view blackhats and whitehats as the same as soldiers, and give them the same respect. No, a guy doing fake VoIP calls in order to get a network topology so he can scout it with nmap is not as awe-inspiring as a Navy SEAL who racks up body counts. But the guy at the keyboard is as important if not more to an operation.
Did anyone see "Catch Me If You Can"? True story. The FBI hired a master conterfeiter and con-man. Trust? Both the CIA and the FBI have vetted guys and moved them to high posts while they were working for the KGB. With a hacker you know what you're getting. They have to decide whether they want to protect their country from enemies, foreign and domestic. Don't expect them to jump on board with massive personal intrusion, expect them to go after bad guys. They have to accept that they are going to watched, tapped, bugged, whatever, as part of the job.
By the way, polygraph tests are a joke. Aldrich Ames had to take a ploygraph test. His KGB handlers told him not to worry, get a good night's sleep and be friendly with the testers. He passed of course. Anyone can beat it and with some mild drugs they might as well be giving the test to a corpse. Read "Telling Lies" and "Lie Spotting" and you'll be able to do a better job.
IT / Software folks arent that special, offensive network operations aren't magic, get over yourselves. Everyone in the military learns to function as an infantry man at least at a rudimentary level for a reason.
"[Arquilla] was also a consultant on the 1995 cyber thriller The Net, starring Sandra Bullock"
I don't know his other achievements, but I certainly wouldn't list this one.
The vetting has already occurred ... but not quite in the intended direction.
The native experts of the net have vetted The Man and noted that he is the enemy.
People in the US government have clearly failed to realise it's futile to recruit hackers to fight the enemy because THEY, the US govt., are the enemy.
If not us, who? If not now, when?
so a IT / Software person in a wheelchair can't be part of this due to them not being able to be a infantry man???
Look at the AMERICANS WITH DISABILITIES ACT.
We imprison our talent while other governments have already learned to embrace them...
The military-industrial complex wants to scare people into giving them money to protect them against "cyber" whatever.
The government wants to build out the CYBERPANOPTICON (a word I just coined!) to monitor everyone. They're doing it in the name of the Unholy Trinity, protecting people from copyright infringement, child porn, and terrorism. Later, once the cyberpanopticon is in place, they can use it for anything else they want.
Where do hackers fit into this!?
They are doing just fine.
Oh wow, really dude? They're going to do like all the dozens of movies that have portrayed this kind of stuff already? Cool dude!!! What a joke the propaganda BS media has become. Very very insulting to our intelligence indeed.
So it's a heinous act of war if it's done to the US (which it has been countless times already unknowingly to the public), but it's business as usual if we do it to other countries? Gotcha.
You can sign up for SPAWAR as a civilian... many SPAWAR employees end up becoming navy reserve officers and show up in uniform once a month so they can get extra money.
They're actively recruiting hacking events.
"all its done in the past 40 years is act as an engine of misery, destruction and sorrow across the globe."
Because it is ironic? http://www.pdfernhout.net/recognizing-irony-is-a-key-to-transcending-militarism.html ... There is a fundamental mismatch between 21st century reality and 20th century security thinking. Those "security" agencies are using those tools of abundance, cooperation, and sharing mainly from a mindset of scarcity, competition, and secrecy. Given the power of 21st century technology as an amplifier (including as weapons of mass destruction), a scarcity-based approach to using such technology ultimately is just making us all insecure. Such powerful technologies of abundance, designed, organized, and used from a mindset of scarcity could well ironically doom us all whether through military robots, nukes, plagues, propaganda, or whatever else... Or alternatively, as Bucky Fuller and others have suggested, we could use such technologies to build a world that is abundant and secure for all."
"Likewise, even United States three-letter agencies like the NSA and the CIA, as well as their foreign counterparts, are becoming ironic institutions in many ways. Despite probably having more computing power per square foot than any other place in the world, they seem not to have thought much about the implications of all that computer power and organized information to transform the world into a place of abundance for all. Cheap computing makes possible just about cheap everything else, as does the ability to make better designs through shared computing.
See also: http://www.pdfernhout.net/on-dealing-with-social-hurricanes.html ..."
"This approximately 60 page document is a ramble about ways to ensure the CIA (as well as other big organizations) remains (or becomes) accountable to human needs and the needs of healthy, prosperous, joyful, secure, educated communities. The primarily suggestion is to encourage a paradigm shift away from scarcity thinking & competition thinking towards abundance thinking & cooperation thinking within the CIA and other organizations. I suggest that shift could be encouraged in part by providing publicly accessible free "intelligence" tools and other publicly accessible free information that all people (including in the CIA and elsewhere) can, if they want, use to better connect the dots about global issues and see those issues from multiple perspectives, to provide a better context for providing broad policy advice. It links that effort to bigger efforts to transform our global society into a place that works well for (almost) everyone that millions of people are engaged in. A central Haudenosaunee story-related theme is the transformation of Tadodaho through the efforts of the Peacemaker from someone who was evil and hurtful to someone who was good and helpful.
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
Like that really worked for Brittain when they failed to properly vette a generation of intelligence officers in the 1930's and 1940's. And ended up having to do it all post-haste in the 1960's and 1970's. And when the United States cheerfully trained and armed a large number of irregular soldiers in Latin America and Asia in the 1980's. And are still fighting their remnants in the Wars on Drugs and Terror.
...they are already doing that. For example the guys who wrote Stuxnet.
John Arquilla makes his living by delivering instruction to US military officers. I am frankly disgusted to know that a person in that position is willing and eager to apply the terminology of war to the task of securing civilian computer networks.
War, really? Let's see what Dr. Arquilla's distinguished predecessors have to say on the subject:
From the Judgment of the International Military Tribunal for the Trial of German Major War Criminals at Nuremburg, 1946.
Pretty brutal, yes? I would certainly hope that Dr. Aquilla had the sense to consider this before he started spouting off about "cyberwar" to people whose decisions directly shape the military policy of the United States. Not everyone is going to possess the same appreciation for metaphor that he would appear to have.
If your security depends on "vetting" you've already lost.
Indeed. Any "hacker" worth his / her salt is already being actively scouted by various interested parties offering may more money and morally-casual environments than the Defense industry.
I am John Hurt.
What happened in the 1980s may have been a culture, but hacking is a skill, like programming, or spying, or forensics.
You can teach it, if you find the intelligent and dedicated people.
The problem is that government alienates such people. First, it's heavy on rules and regulations (a/k/a "conservative"); second, it's designed to reward participation instead of excellence (egalitarianism, a liberal trait).
If you want to know why hackers, artists and philosophers end up alone in vans down by the river, it's because they can't stand your stultifying society. Don't try to bring them into it and crush what's great about them; instead, fix your society so that it nurtures such traits.
Futurist Traditionalism
maybe if they stopped arresting all of them, some of them might like the idea of working for their country, but as long as their country is out to get them you won't find many employees. also you would have to open up your restrictions (drugs, petty crime, image) just for anyone to pass the process and get high level security passes. Now if it was more like china they might stand a chance. I see adds for asio and defence signals here on Slashdot all the time, but i know anyone that could actually pass the selection process would be some stupid goody two shoes who's never gotten there hands dirty, and wouldn't be any use to them any way.
There are of course exceptions, but the best hackers in the world aren't the counter culture idiots and traditional stereotyipcal "cool hacker" people.
For the most part, like anything else, it's giong to be experience, highly educated professionals of the pocket protector variety. They may try to blend in a little bit more these days, but they're still nerds and not hipsters.
It was far more likely to be the pocket protector MIT/Caltech brigade than the idiotic stereotypical "hacker" with his tattoos and piercings.
The anti-government "Anonymous" type hackers are little children compared to the people the government has access to, I doub't they're looking to slum and are too worried about being unable to hire the anti-establishment set.
http://www.groklaw.net/comment.php?mode=display&sid=20120714134405734&title=us+issues+with+hackers&type=article&order=&hideanonymous=0&pid=991219#c991349
perfectly explains why they won't hire anyone but the worst greedy money grubbing evil humans that can't be trusted , and yea that will come back to haunt them.....
ill die first and rather live the rest of my days on disability being poor.....YET HAPPY they cannot use my knowledge for evil.
hi there back in late 90's me and a lad form the us military worked on a a whole suite a stuff , it was not a pay job just exchanges of knowledge....i got all his work and he mine , i broke that tie a long time ago and it will never happen again.
I will tell you things like the sony rootkit , and filesharing stuff and virii were all made very very automated and made to hide and do a ton of real world crazy stuff.
hacking is not a skill. its a lifestyle.....and a mindset....you can't have me work for you cause i do not fit the droned out , stiff lifestyle of a 9-5 job....my ideal of freedom and democracy are far more people orientated while yours are consumer and control driven...i break controls.....i live beyond them and that you cant change.....
anyone that claims its a skill doesn't have the skills or brainbpower to realize all this and that all the net and all we are and see is but the patterns of the programming....if i change the pattern the program changes just like how i change your programming i change you.
this level of control over people can never be allowed to happen to be in only one persons hands. IT IS TRULY FORBIDDEN.
it would be the atomic bomb of bombs....
you dummies remember that hole in pentagon before that was had for 7 years that YOU DIDNT realize and then one idiot got caught in the usa and hired for 6 figures?
you hire the people that get caught and thats your failing....
when you want to talk you and your govt know where i am...i do not hide....
feel free to send one of the 280 + fbi agents over you have stashed away in my nation that our own govt lies about....
CHRoNoSS
main reaosn so few hackers will ever consider workign fo rhtem is this:
you offered two peeps came they got there and you promptly arrested them
GOOD JOB you ruined any chance for yourselves for direct work form any legit hacker.
you want to deal come find me you can compensate our org with large sums a cash we might do some work for you. ...odd no?
A) WE dont get involved in petty stupid wars
B) We knew about lolsec almost right after his arrest....think how suddenly other anon's also are or went down too, and its focus has shifted to asia
C) We will reserve the right to say screw you at any time we feel any action in not in the people's best interest.
D) read C)
Doubt we can be of much help...OH and one more demand
drop all IP related issues from TPP , ACTA, and tell that puppet in canada to drop IP stuff in CETA that resembles ACTA
DO this and you are starting to get good faith. Ask yourselves what is more import a 30 billion industry or a 6 trillion one ( the rest of the economy ) and start looking like your representing your people and stop taking all the god damn bribes....looks like nixon would have loved to live in this time.