http://www.computerworld.com/securitytopics/security/story/0,10801,103825,00.html By Andy Sullivan AUGUST 10, 2005 REUTERS Attention hackers: Uncle Sam wants you. As scam artists, organized-crime rings and other miscreants find a home on the Internet, top federal officials are trolling hacker conferences to scout talent and talk up the glories of a career on the front lines of the information wars. "If you want to work on cutting-edge problems, if you want to be part of the truly great issues of our time ... we invite you to work with us," Assistant Secretary of Defense Linton Wells told hackers at a recent conference in Las Vegas. Wells and other "feds" didn't exactly blend in at Defcon, an annual gathering of computer-security experts and teenage troublemakers that celebrates the cutting edge of security research. The buttoned-down world of Washington seems a continent away at Defcon, which was named as a spoof on the Pentagon's code for military readiness derived from "defense condition." Graffiti covers the bathroom walls, DJs spin electronic music by the pool until dawn, and hackers who "out" undercover government employees win free T-shirts. At a "Meet the Feds" panel designed to bridge the cultural divide, a young man waved a pages-long manifesto and demanded, "I would like to know why the federal government, especially some of the law enforcement agencies, are destroying this country." Despite appearances, hackers and the government have long enjoyed a symbiotic relationship. Federal research dollars funded development of the Internet and many other cutting-edge technologies, and many hackers first learn the ins and outs of computer security through military service before moving on to private-sector jobs. College students in computer-security programs can have their tuition picked up by the government if they agree to work for it when they graduate. Feds have been a key part of the Defcon audience since its inception in 1992, though they are required to stay at off-site hotels to avoid some of the wilder goings-on. Along with recruiting, the conference gives federal officials a chance to develop sources and keep up with new research. "I'm learning while I'm here, but I'm also getting the names of people I can maybe call on later so we have a better understanding as cases go along," said Don Blumenthal, who oversees the Internet lab for investigators at the Federal Trade Commission. Tensions between feds and hackers ran high in 2001, when the FBI arrested Russian programmer Dmitri Skylarov at the conference for writing a program that could break copy protection on electronic books. The relationship between the two sides has become less adversarial in recent years, according to long-time attendees, and government employees now account for nearly half of the audience. Some Defcon staffers even hold down day jobs with the National Security Agency and other government shops. "You can't be deceived by the uniforms," said technology commentator Richard Thieme. "I talked at the Pentagon, and one-third of the people in the audience I already knew from Defcon." That's not to say that Defcon has gone straight. The ability to break into computer systems is prized above all, and conference attendees whose computers fell prey to their colleagues' attacks are displayed on a "wall of sheep." Some hackers spent the weekend in their hotel rooms cooking up a new way to take control of the Cisco Systems Inc. routers that underpin much of the Internet. Many defend this "black hat" approach, arguing that attacks that cause damage in the short term raise awareness of online threats and thus improve the security picture as a whole. Lynn and other feds made clear that they aren't interested in working with those who break into computer systems without permission. "We're looking for people who haven't crossed that line yet," said Jim Christy, director of the U.S. Department of Defense's Cyber Crime Institute. "You've got to get folks with the right morals." Blumenthal said that while he was impressed with the honesty of the people he had met, he would double-check the information he receives from them as he does with other sources. "I have to feel confident that what I'm getting is a straight story," Blumenthal said. "I find out if I have a curve thrown at me." _________________________________________ Attend ToorCon Sept 16-18th, 2005 Convention Center San Diego, California www.toorcon.org
This archive was generated by hypermail 2.1.3 : Thu Aug 11 2005 - 00:24:53 PDT