Slashdot Mirror
NSA Worried About Recruitment, Post-Snowden
An anonymous reader writes: The NSA employs tens of thousands of people, and they're constantly recruiting more. They're looking for 1,600 new workers this year alone. Now that their reputation has taken a major hit with the revelations of whistleblower Edward Snowden, they aren't sure they'll be able to meet that goal. Not only that, but the NSA has to compete with other companies, and they Snowden leaks made many of them more competitive: "Ever since the Snowden leaks, cybersecurity has been hot in Silicon Valley. In part that's because the industry no longer trusts the government as much as it once did. Companies want to develop their own security, and they're willing to pay top dollar to get the same people the NSA is trying to recruit." If academia's relationship with the NSA continues to cool, the agency could find itself struggling within a few years.
Working on wall street puts you at very high risk of being stolen from, and crushed by the other thieves.
Working for the NSA puts you at very high risk of being spied on (which is no change, apparently), but otherwise doesn't put you at higher risk of financial ruin.
Being a traitor, it seems, is the safer route to financial security.
Technically I didn't work for the NSA, but I worked for a government contractor that did a lot of classified work for the NSA. If you can name a clearance level, I probably had it.
Contrary to popular belief, the vast majority of the work the NSA does is concerned with foreign intelligence and surveillance. The part of the NSA that does domestic surveillance is relatively small and not nearly as intrusive as the tinfoil hatters want to believe.
Still, all of the controversy recently made me think a lot about it and realize I'm not really comfortable being involved even in foreign surveillance. I don't want to be responsible for creating technology that will be used to track down and kill people, even if those people are enemies of the USA. Yes, I know foreign countries are spying on us just as much, but that isn't an excuse.
So I quit that job, and I'll never again work on classified material. I've been much happier with my work lately.
Different levels of Hell, at least according to Dante, but I suspect we're pretty much in agreement :)
Good call. The eigth circle was for fraudsters (Wall Street), but the ninth circle was for traitors (NSA, CIA, Congress, POTUS).
I tried to apply for an NSA job after I graduated, just a basic entry-level programming position. They had outsourced recruitment to some group that was totally uninterested in recruiting, did not seem to know how to recruit, would not return emails, etc. Finally, after weeks of cajoling, they invited me in for an interview. This seemed quite forward at this point in the process, so I pulled more information out of them. It turns out they were inviting me to a scheduled *career fair*, the in-person equivalent of a website listing what careers are available. They wanted me to take the trouble of flying across the country to see some bored recruiters pitch a table and hand out flyers with information I could get off the internet. The event would be run solely by the recruiters and no hiring personnel would be present. They had told me it was an interview for that programming position I had been seeking, before admitting that they made that up to try to get me to go. I decided not to waste any more of my time with them.
That was about five years ago. It's possible that things have changed.
TAO is what you would expect to see given a sufficiently large budget spent exclusively on hacking everything possible. The hacks are impressive in the sense that they take a lot of resources and time to develop and it wasn't previously obvious to what extent governments were committing resources to infrastructure subversion. They are not especially impressive from a technical perspective: it's basically a more professional and larger scale version of the types of malware produced by Russian banking fraudsters. Working from that down into BIOS hacks and the like is the inevitable result of spending billions on hackers year after year - they need to keep finding new things to exploit. Interesting, but only because it reinforces the idea that everything seems to be hackable.
But, what kind of people find this work interesting? I can imagine it would be interesting for a few years, especially if you're young and trapped inside a heavily propaganda controlled environment where you're told daily you're the Forces of Good in an epochal struggle against the Axis of Evil. But the amount of technical design work involved is minimal. The level of new technology is minimal. The "research" is simply finding ordinary bugs and flaws in other people's code. People oooh and aaah about the fact that these state malware platforms use a plugin architecture, whilst simultaneously finding the same thing in Photoshop entirely mundane.
Even the data analytics stuff is essentially just an A-B-C application of big data tech originally developed elsewhere, like at Google.
And the advanced maths the NSA is supposed to be famous for hardly shows up in the Snowden documents. It's pretty clear that their success against even crappy crypto is fragile at best (RC4), probably non-existent at worst (AES/strong RSA or anything past it). Their botched attempt to back door Dual-EC DRBG smells of desperation. They wouldn't build huge infrastructures for storing and obtaining stolen private keys if they had the mathematical tools to undo modern ciphers. So I suspect there are a lot of mathematicians at the NSA feeling kind of obsolete these days and wondering what they can contribute.
I'd say the only genuinely technically interesting work the FVEY guys are doing is the way they've been combining passive intercept with active, automated exploitation. QUANTUM is a pretty interesting thing and I'm not aware of anyone discussing anything like it before Snowden's leaks. However, it's also now a done deal. Beyond incremental improvements, there don't seem to be any obvious further directions for that project.
So as a programmer, developing hacks and malware can be entertaining for some years, but eventually I think most skilled people will want to flex their muscles in other ways. They will want to build something instead of break something. The best people will have a broad span of interests. In an organisation like Google or Facebook that's OK - you can work security for a few years, do some exploit research, then go on and transfer to some other project. Or leave but keep your work on your resume. At the NSA? There it's more limited. You can't easily leave the classified world because your work experience is a gaping void. They don't do product development. You will never make something that your family uses. You will never even develop the skills needed to do that.
Stories like this give me some hope that despite it's apparently bottomless budget, the NSA can still be beaten technically. They discard most of the qualified people because they aren't US citizens and the ones that are left would be well advised to take a career at a Silicon Valley firm where they can do very similar sorts of work, but for things that are unquestionably useful. If you go do big data analytics or security work in order to fight spam on Gmail (like I did), you don't have to worry about the moral impac