Slashdot Mirror

← Back to Stories (view on slashdot.org)

Former NSA Chief Warned Against Selling NSA Secrets

Posted by Unknown on from the alan-grayson-hates-freedom-and-puppies dept.

An anonymous reader writes Former NSA Chief General Keith Alexander has apparently started his own cybersecurity consulting firm, IronNet Cybersecurity, and approached the banking industry pitching his company's suite of services. Word from Wired indicates that his services cost $1 million per month with a special discount asking price of $600,000 per month. Congressman Alan Grayson (D-FL) expressed concern about General Alexander's activities to the banking industry, stating, "I question how Mr. Alexander can provide any of the services he is offering unless he discloses or misuses classified information, including extremely sensitive sources and methods....Without the classified information he acquired in his former position, he literally would have nothing to offer to you." (PDF) The congressman from the House of Representatives reminds the bankers (and General Alexander, should he be listening) that selling top secret information is a federal offense.

28 of 138 comments (clear)

  1. bridge for sale by mindcandy · · Score: 4, Insightful

    I don't know if I'd brag about my tenure there in the context of selling security consulting.

    The whole Snowden affair demonstrated that they still managed some epic fails.

    But sure .. 600k? .. I'll take two, because that's how we roll with government spending.

    1. Re:bridge for sale by pla · · Score: 4, Insightful

      I don't know if I'd brag about my tenure there in the context of selling security consulting.

      This.

      Detecting and stopping an insider from downloading a library of proprietary/classified info outside their job description? Fail.
      Capable of searching emails to fulfill a court order for information? Fail.
      Bringing a basic (if high-end) new datacenter online? Fail (for not securing a reliable source of electricity).
      Obeying the rules that govern their core mission? Fail. Performing their core mission? Fail.

      No doubt, the NSA remains every bit as scary as ever, but in more of a "CIA goon" sense than their traditional so-flawlessly-smooth-you-won't-even-know-what-happened reputational sense.

    2. Re:bridge for sale by Anonymous Coward · · Score: 5, Interesting

      Actually I'm going to disagree with you there. Yes, Snowden was a loss for the NSA, but not a fatal loss.

      Gen. Alexander presided over and participated in an epic expansion of the NSA budget, mandate, and importance. They achieved the nirvana of government existence: To become a mover and shaker. The NSA now overshadows the CIA and FBI in importance.

      The Snowden disclosures threaten that status, but notice that none of the limitations on the NSA have actually happened yet. Lots of talk but little action. The government likes it's pervy magic database of secrets and private communications. Sure it's constitutionally infringing but hey, terr'ists!!

      And even if the golden age of spying winds up being curbed, Gen. Alexander can always find a way to blame someone else, or say "it' was one unfortunate mistake, lessons were learned, I wasn't properly informed, etc."

    3. Re:bridge for sale by gl4ss · · Score: 2

      You'd have to be a fool to think the NSA would keep dumping money and resources into programs that weren't yielding good intel.

      I think you're the fool if you really think that. think about it. nobody, really nobody(is supposed to), is going to find out about the quality of the intel. people involved with the decisions are gettin money from the money dumping. so you really think they wouldn't keep dumping money and resources into programs that weren't producing good intel? they could always even argue to themselves that whatever bullshit program they're in charge of _might_ yield some intel some day maybe and thus it's worth dumping 40 million into it every year (along with 1 million to the pocket whoever is directing it and aware of it in the first place).

      I mean, fuck, you would get better intel for making global strategy decisions from watching fucking BBC apparently.

      by the way its entirely possible that Alexander doesn't even know too much that's classified, for being too stupid to understand it. if it's just crap that's been on the Snowden files he can sell it all day long.. if he finds someone stupid enough to pay him 600 000 bucks a month for it... and he really needs only to find one or two. and what the fuck is up with the discount? intro discounts are not discounts, that's the ONLY FUCKING PRICE the service has been available for, gear up your consumer protection laws too!

      --
      world was created 5 seconds before this post as it is.
    4. Re:bridge for sale by Oswald · · Score: 2

      I was going to write a reply saying the banking industry comprises private--not government--money. But hilarity ensued as I struggled to word my post carefully enough to defeat trolls telling me I was overlooking the bank bailouts of half a decade ago. After a while I realized I couldn't make my case and decided you're right--it is government spending.

      So congrats on being even more cynical than I am. Care for an ennui contest?

  2. Not a good sales pitch: by king+neckbeard · · Score: 4, Insightful

    THe banking industry is probably wanting a step up in security, while the NSA under Alexander had horrible internal security. Alexander's forte seems to be using brute force to break the security of others, not actually keeping an organization secure.

    --
    This is my signature. There are many like it, but this one is mine.
    1. Re:Not a good sales pitch: by fuzzyfuzzyfungus · · Score: 5, Insightful

      Alexander's forte seems to be using brute force to break the security of others, not actually keeping an organization secure.

      It sure is a good thing that the banking industry is a bunch of totally upstanding, honest, guys, steeped in a culture of prudent moderation, who definitely wouldn't have any interest in the potential applications of NSA-tested 'tailored access operations' for shareholder value, enhanced lobbying, and other exciting things; or the colossal hubris necessary to not even think twice about doing so.

    2. Re:Not a good sales pitch: by fuzzyfuzzyfungus · · Score: 4, Funny

      You'll probably have some trouble collecting; but if you securitize the coffee obligation and just sell the top tranche or two no harm could come of it...

    3. Re:Not a good sales pitch: by philip.paradis · · Score: 2

      The sort of services being offered are easily worth USD $1M/month when you consider who the clients are, the scale of their operations, the degree to which their systems are interconnected with those of other institutions (large and small), and the complexities involved with regulatory/legal/reputation compliance and management. Risk management and threat analysis are not simple subjects.

      To put it simply, these aren't your sort of client engagements.

      --
      Write failed: Broken pipe
  3. Poor guy... by jasno · · Score: 4, Insightful

    So the poor general can't participate in the usual dance of former Washington insiders who use cronyism and connections to enrich themselves after 'serving' in government?

    There should be a name for that... like 401(c)... where c stands for crony capitalism.

    --

    http://www.masturbateforpeace.com/
  4. Try him and not Snowden then by Rosco+P.+Coltrane · · Score: 4, Insightful

    Snowden didn't reveal NSA secrets for his personal profit.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    1. Re:Try him and not Snowden then by Opportunist · · Score: 4, Interesting

      It's very un-American to do something without the plan to profit from it!

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:Try him and not Snowden then by arklite · · Score: 2

      If profit is personal advantage, and Snowden is advancing an agenda based on ideals, then yes, he is advantaged and therefore profited. Not all people are motivated by money; for some, power, fame, or influence suffice. I'd say he did it for wholly selfish reasons: "He knew better than the State"

  5. Smacks of Carmack by Raystonn · · Score: 2

    This smacks of the same crap Id is trying to pull off on Carmack (http://popcultureblog.dallasnews.com/2014/05/zenimax-and-id-software-have-filed-a-lawsuit-against-oculus-vr-and-dallas-based-john-carmack-is-in-the-middle.html/). Apparently employers think they own any knowledge an employee gains while on the job. Sure, secrets are secrets. But is *everything* they learned on the job is a secret?

    1. Re:Smacks of Carmack by Anonymous Coward · · Score: 2, Insightful

      Sure, secrets are secrets. But is *everything* they learned on the job is a secret?

      No, not everything.

      But if it's something you're trying to sell it for a million dollars a month, those parts are probably secret.

    2. Re:Smacks of Carmack by DRJlaw · · Score: 4, Insightful

      But is *everything* they learned on the job is a secret?

      1. When you've worked at a very high level the NSA;
      2. When you are selling security information/services; and
      3. When your asking price is far higher than competitive services by people who've worked at it far longer than you outside of the NSA,

      What do you imagine lies in between publicly known and classified that justifies the price premium? Was he developing security procedures on his own time or at his second job?

  6. He doesn't need to reveal secrets by Registered+Coward+v2 · · Score: 2

    He needs to hire people who have the skills and experience addressing specific vulnerabilities. Ideally those people got that outside of TS work. He is the rainmaker that opens doors.

    --
    I'm a consultant - I convert gibberish into cash-flow.
    1. Re:He doesn't need to reveal secrets by WaffleMonster · · Score: 2

      He needs to hire people who have the skills and experience addressing specific vulnerabilities. Ideally those people got that outside of TS work. He is the rainmaker that opens doors.

      Judging by his cozy reception at last Defcon this shouldn't be a problem at all.

  7. remind me by sribe · · Score: 3, Interesting

    Am I confused, or is this the same amoral sack of shit who lied to Congress with a straight face about NSA activities???

    1. Re:remind me by dcollins117 · · Score: 4, Interesting

      Am I confused, or is this the same amoral sack of shit who lied to Congress with a straight face about NSA activities???

      Yep. Circumventing the law, lying to Congress, sounds like a perfect match for the banking industry.

    2. Re:remind me by TapeCutter · · Score: 4, Interesting

      Yes, I think it's the same sack of shit that was involved in directing funds to the IRA in the 80's.

      --
      And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
  8. Re:Laugh-worthy by Opportunist · · Score: 4, Interesting

    It is? Odd that someone as insignificant as me has it in his contract that any kind of "internal knowledge" he gains (and, bluntly, if an exploit isn't considered internal knowledge in a TLA, what is?) must not be used outside of very well defined areas of work for at the very least 2 years, while someone as the NSA head honcho gets a free pass to use such knowledge as he pleases.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  9. Re: Snowden is cheaper by Opportunist · · Score: 4, Insightful

    No, it merely means that for selling it you get to go on a trial where in the end you get to make some kind of deal with the state where you can keep half the profit and the other half disappears in some war purses for deals that you don't want to explain why you need funding for them.

    If you hand it out for free you get to Gitmo. There's no profit in making a deal with you, you have no money you could offer.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  10. Re:The NSA need a proper auditing and tracking dat by CaptnZilog · · Score: 2

    protocals. They need to adhere to the Federal Enterprise Architecture Data Reference Model.

    That is obviously misnamed, Data and Reference need to be reversed, so it's the "Federal Enterprise Architecture Reference Data Model", or to shorten it the "FEAR Data Model".

  11. Re:Laugh-worthy by rockmuelle · · Score: 2

    Nope. I've talked about this with many lawyers. It varies by state. In CA, non-compete clauses are basically unenforceable. In TX, where I live, they're the law of the land.

    -Chris

  12. NSA = No Sensible Administration ? by Futurepower(R) · · Score: 4, Insightful

    It seems to me that the entire purpose of any secret government agency is to benefit the secret government agency.

    Michael Moore is a self-taught movie maker. His movie about U.S. government corruption in secret agencies, Fahrenheit 9/11, made $222,446,882. It's not like extreme U.S. government corruption is unknown.

    There is a HUGE conflict of interest, and the U.S. government seems to have no influential methods of dealing with conflicts of interest. If there is security, people who work for the NSA are less likely to be promoted, and may lose their jobs. That is a powerful reason for NSA employees and management, and other secret U.S. government agencies, to create more insecurity. Since they work entirely in secret, no one can stop them.

    U.S. government policies allow many secret agencies. I find it odd that news stories assume that, other than doing things that almost no citizens want, the secret agencies are otherwise well-managed. Numerous examples show that they aren't. For example, Edward Snowden, an employee of an NSA sub-contractor, was able to walk away with all the data.

    To me, it is also odd that news stories assume that the NSA works to improve security of the U.S. and U.S. citizens. For example, the book House of Bush, House of Saud explains that the Bush and Cheney families worked for the Saudis, who paid them billions for their help. The U.S. taxpayer paid for the arms, military presence, and violence that supposedly was free security for the Saudi government, but actually was, as Saudi acquaintances I met in a gym said long before the 9/11 attack, Saudi government oppression of the Saudi people.

    Why does the NSA record phone calls? Is it because learning about some of those calls makes money for someone in control? Investment information, perhaps?

    The U.S. government's war in Iraq is now being called a "mistake". For example, Hans Blix: Iraq War was a terrible mistake and violation of U.N. charter. It wasn't a "mistake", other articles say, it was deliberate deception. For example, Stop Calling the Iraq War a 'Mistake'.

    NSA = No Sales for America. The NSA is a powerful advertisement that anything complicated made by a U.S. manufacturer may have intentional defects or surveillance methods.

  13. What perjury? I don't remember him doing that... by bussdriver · · Score: 2

    Where did he conduct perjury? I don't think he did. He LIED plenty but that is not a crime. Contempt of Congress etc? Well, something they seem to love to do is to NOT swear in these officials "out of respect" so while you may testify to congress under oath and they may require you to do so, these people are allowed to skip the disrespectful procedure. (Besides they feel there are legitimate public lies these officials have to make from time to time... which they could simply decline or put it off for the private session... which again, they probably don't do under oath.)

    --
    Democracy Now! - uncensored, anti-establishment news
  14. Re:Laugh-worthy by jeffmeden · · Score: 3, Insightful

    My point was merely that Alexander's CV has very little on it that isn't either irrelevant to his potential customers (at least I hope our financial sector isn't looking for armored warfare expertise...) or closely connected to a series of fed jobs that just keep getting more heavily classified as time goes on.

    Hmm let's see if you can pick out the spot where he would be versed only in armored warfare expertise or looking at secret documents all day (this is his CV for the past 15 years):
    Director of the National Security Agency (DIRNSA)
    Chief of the Central Security Service (CHCSS)
    Commander of the United States Cyber Command
    Commanding General of the U.S. Army Intelligence and Security Command
    Director of Intelligence (J-2), United States Central Command
    Deputy Director for Intelligence (J-2) for the Joint Chiefs of Staff
    Head of the Army Intelligence and Security Command

    Do you think it's possible, after working (ostensibly successfully) as the head of so many organizations, that he knows nothing about management, leadership, best practices, and nonclassified security methodologies (of which there are many)? Do you honestly think he spent 10 years, as the head of these orgs, pushing top secret papers across his desk instead of having his underlings take care of all of that? Come on. Furthermore, I think a lot of commentators on this thread have a complete misunderstanding of what a high-level consulting firm does. Hint, it has nothing to do with configuring firewalls and antivirus apps. Big multinationals will gladly pay $1M for advice as simple as "choose off the shelf security package A, instead of B" as long as it comes from someone whose credentials are beyond repute. He doesn't have to say anything about top secret operations, techniques, or sources, he just has to put his name behind something.