Slashdot Mirror

← Back to Stories (view on slashdot.org)

Confessions of a Cyber Warrior

Posted by Soulskill on from the he-hacked-the-last-donut dept.

snydeq writes "InfoWorld's Roger Grimes interviews a longtime friend and cyber warrior under contract with the U.S. government, offering a fascinating glimpse of the front lines in the ever-escalating and completely clandestine cyber war. From the interview: 'They didn't seem to care that I had hacked our own government years ago or that I smoked pot. I wasn't sure I was going to take the job, but then they showed me the work environment and introduced me to a few future co-workers. I was impressed. ... We have tens of thousands of ready-to-use bugs in single applications, single operating systems. ... It's all zero-days. Literally, if you can name the software or the controller, we have ways to exploit it. There is no software that isn't easily crackable. In the last few years, every publicly known and patched bug makes almost no impact on us. They aren't scratching the surface.'"

9 of 213 comments (clear)

  1. saber rallying by ThorGod · · Score: 5, Insightful

    Does this sound like boasting to anyone else? It's like a more modern version of having the press watch an explosion of their latest bomb.

    --
    PS: I don't reply to ACs.
    1. Re:saber rallying by Crudely_Indecent · · Score: 5, Insightful

      Makes sense to me. Software/hardware vulnerabilities are worthless once patched. If this group is tasked with having a way into any system, their main focus is going to be to not-only find exploits, but also to protect those exploits for future use. I have no doubt that such a group exists, and that their collection of exploits is extensive.

      Hopefully those exploits are used against our enemies and not against us, but that's probably just a silly hope.

      --


      "Lame" - Galaxar
    2. Re:saber rallying by Dan+East · · Score: 5, Interesting

      If it's used against "us" then the likelihood of it being detected and disclosed is too high. They can't utilize these exploits carte blanche, but would have to save them only for specific targets, and still they face the risk of compromising an exploit every time it's used. Any evidence collected in this manner is not usable in court either, so it's really only useful for the spy game against high value foreign targets.

      --
      Better known as 318230.
    3. Re:saber rallying by jc42 · · Score: 5, Insightful

      Hopefully those exploits are used against our enemies and not against us, but that's probably just a silly hope.

      What enemy? China? Don't make me laugh.

      Nah; anyone who has been following security-related news stories for at least a few years understands that the primary enemy of any government is its own citizens. They're nearby, where they can vote against you, take you to court, or shoot at you. None of these threats are easily available to people in other countries.

      Just dig into the histories of the related US agencies (e.g., HUAC or the FBI or even the CIA) in the 1950s, 60s and 70s. How many external "enemies" -- or domestic "subversives" -- did they ever catch and prosecute? Pretty close to none at all. How many citizens did they attack and serious injure (either their reputation, finances, or physical well-being)? Lots and lots of them.

      This story is only news to someone who isn't familiar with the long, documented history of such activities. Fact is, your government considers you more of a threat than pretty much anyone outside its borders. This is especially true if you're involved in any activity that threatens the income (especially under-the-counter income) of anyone in your government.

      --
      Those who do study history are doomed to stand helplessly by while everyone else repeats it.
  2. Re:I have to ask... by alen · · Score: 5, Insightful

    first the knowledge of the bugs is classified. better to know something that the enemy doesn't
    and most of the government's data isn't classified so its not that big a deal

  3. If true, a profound disservice by Anonymous Coward · · Score: 5, Insightful

    So, if what's being claimed is true (I'm doubtful), by not making these flaws public and giving vendors the chance to fix the issues, they are jeopardizing the domestic infrastructure they are ostensibly tasked to protect?

    There's something profoundly inconsistent in this story, or profoundly hypocritical if it is true.

    And he plays in a "hardcore rap/EDM band"? Either this person is an idiot for revealing something so specifically identifiable (even among "5000 people on my team", how many others of them are into it that much?), or they're spinning a yarn (misdirection or the whole story is nonsense).

  4. Re:Rings of bullshit. by gl4ss · · Score: 5, Insightful

    If a hacker could hack into a megabank, airline, hotel chain, etc, how could you possibly pay them enough to ensure that not one of them makes a nice life for themselves?

    well... by keeping them in a surveillance hell I suppose. he could still do it but he couldn't use any of it.

    but the article smells like bullshit. tens of thousands of exploits ready to go to any controller(I suppose that means industrial controllers and such, fucking vcr's etc) and cracking any sw ever anywhere. fuck, there's some sw's that don't have enough of an attack vector at all. practically the only way it could be remotely true would be if they counted exploits they didn't even try and they counted platform exploits as exploits for sw on the platform(so, say java applet sandboxing has a hole in it = thousand exploits even if they're all the same). he's even claiming that no patched exploit used by malware authors affected their exploits in any way.

    of course, it's infoworld - the bullshit heaven. the weakest defence the magazine had was the journalist. the fucking article starts with 15 year old as head of IT, then 16-17 year old having 100k worth of equipment for "hacking the airwaves" and just leaving it in a shed, it then downgrades to "I was writing buffer overflows and doing fuzzing" and watercooled computers in trucks.

    Mr Grimes, go fuck yourself. either the facts are fabricated or the guy outed himself by the few details(15y head of it at federal hospital, spent time abroad with his mom) and the rest are just.. bullshit you could have made up. so where the fuck is the story?

    --
    world was created 5 seconds before this post as it is.
  5. Re:Scary thought by meta-monkey · · Score: 5, Funny

    Voting machines?

    Dude could save the country and be a national hero. I can see CNN on election night 2016 now...

    Wolf Blitzer: "In a shocking turn of events, not a single Republican or Democrat, or anyone on the ballot for that matter, won a single national election today. The entirety of the Senate is now made up of 20 random engineers, 15 doctors, 10 accountants, 10 school teachers, 10 construction workers, 5 disabled veterans, the 5 honest cops, and the rest are mexican day laborers. There's not a single lawyer or millionaire among them, and the new President is comedian Doug Stanhope."

    --
    We don't have a state-run media we have a media-run state.
  6. Re:Sounds like complete bullshit... by Flere+Imsaho · · Score: 5, Informative

    Yeah, a lot of it sounds far-fetched to me as well.

    " Most of the software written in the world has a bug every three to five lines of code. " Sure, buddy.

    "It's all zero-days. Literally, if you can name the software or the controller, we have ways to exploit it. There is no software that isn't easily crackable. In the last few years, every publicly known and patched bug makes almost no impact on us. They aren't scratching the surface." Oookaaay, that sounds legit.

    "My loft was up near the rafters, so I scooted over into the next storage area, climbed down" No lock-up facility I've been in has access through the roof space to the roof space into other units. Would you keep "$100,000 worth of computers, radio equipment, and oscilloscopes" in such a facility?

    This reeks strongly of male bovine excrement.

    --
    It gripped her hand gently. 'Regret is for humans,' it said.