http://www.time.com/time/nation/article/0,8599,1972896,00.html By Mark Thompson Washington Time March 18, 2010 After years of building firewalls and other defenses against relentless hacker attacks, the Pentagon is going over to the dark side of computer warfare. But ethically, of course. The Defense Department, like most other large organizations, has recognized that no wall is high enough to keep out skilled and determined hackers for keeps. Instead, it has decided that in order to anticipate and thwart attacks, it needs to know what the hackers know. "More than 100 foreign intelligence organizations are trying to hack into U.S. systems," Deputy Defense Secretary William Lynn warned last month. "Some governments already have the capacity to disrupt elements of the U.S. information infrastructure." So the Pentagon recently modified its regulations to allow military computer experts to be trained in computer hacking, gaining the designation "certified ethical hackers." They'll join more than 20,000 other such good-guy hackers around the world who have earned that recognition since 2003 from the private International Council of E-Commerce Consultants (also known as the EC-Council). "We are creating cyber-bodyguards," says Sanjay Bavisi, president of the council. "We're not creating combat people." But as the world becomes increasingly interconnected via the Internet, the stakes have become too high to rely on static defenses alone to protect the immense flows of vital information that operate the world's financial, medical, governmental and infrastructure systems. "The bad guys already have the hacking technologies," Bavisi says. "We can say, 'Tough luck. The bad guys play by different rules, and you can't do anything about it, so just go lock your doors.' Or we can tell the good guys, 'We will arm you with the same knowledge as the bad guys, because to defeat the hacker you need to be able to think like one.'" Bavisi and the Pentagon are sensitive to the possibility that the tactics taught could be used for other purposes. "We're not training Department of Defense guys to become hackers and start hacking into China or any other countries," he says. Weeklong courses will train them in 150 hacking techniques and technologies, ranging from viruses, worms, sniffers and phishing to cyberwarfare. The cost of the course ranges from $450 to $2,500, depending on the training involved. [...] ___________________________________________________________ Register now for HITBSecConf2010 - Dubai, the premier deep-knowledge network security event in the GCC, featuring keynote speakers John Viega and Matt Watchinski! http://conference.hitb.org/hitbsecconf2010dxb/Received on Thu Mar 18 2010 - 23:14:55 PDT
This archive was generated by hypermail 2.2.0 : Thu Mar 18 2010 - 23:26:10 PDT