NSA to Hackers: A Little Help?
"The term 'hacker' is a morally neutral term that is charged with connotation," said Randy Abrams, research director at NSS Labs. "What we are talking about is [the NSA] reaching out to people with exceptional computer skills. Some of these are decent people and some are not; some have political visions that are in line with our government's, and others don't."
Jul 30, 2012 11:37 AM PT
United States National Security Agency Director Keith Alexander has urged hackers to contribute to securing cyberspace.
Speaking at the DEFCON 2012 security conference, Alexander said the hacker community and the U.S. government cybercommunity share some core values.
"At DEFCON 20, Gen. Alexander discussed shared challenges and shared responsibilities in cyberspace," NSA spokesperson Vanee Vines told TechNewsWorld. "He also told DEFCON participants that they have the ability to help educate the nation about cybersecurity."
A summary of Alexander's speech can be viewed here.
"Hackers are often patriotic and many, particularly at DEFCON, think of themselves as the good guys," said Rob Enderle, principal analyst at the Enderle Group. "Calling on them for help both showcases the reality that the problems can't be handled by government alone and appeals to both attributes to garner assistance."
The General in His Labyrinth
Global society needs the best and brightest to help secure our most valued resources in cyberspace, Alexander said. Those resources are our intellectual property, our critical infrastructure, and our privacy.
Hackers can help educate people who don't understand cybersecurity as well as they do, he added. He also stated that the private sector and the government need to improve their information sharing.
The hacker community has built many of the tools needed to protect cyberspace, such as Metasploit, Alexander remarked. He also praised hackers, stating they figure out vulnerabilities in our systems.
Yes, but Hackers?
It's the suspicion that governments and law enforcement agencies are spying on individuals that hacktivist groups such as Anonymous cite when they attack government and law agency websites.
Law enforcement agencies around the world have responded by cracking down on hacktivists, sometimes painting them as cyberterrorists and cybercriminals.
In 2011, the U.S. Federal Bureau of Investigation and law agencies abroad cracked down on suspected members of Anonymous, a move that saw 16 suspects arrested in the U.S. alone.
In February, the international police organization Interpol arrested 25 suspected Anonymous members.
In both cases, the crackdowns triggered retaliatory attacks by hacktivists on various targets, including U.S. government websites. Interpol's website was apparently taken down after the February arrests.
In the Eye of the Beholder
"The term 'hacker' is a morally neutral term that is charged with connotation," Randy Abrams, research director at NSS Labs, told TechNewsWorld. "What we are talking about is [the NSA] reaching out to people with exceptional computer skills. Some of these are decent people and some are not; some have political visions that are in line with our government's, and others don't."
There is always a risk/reward equation in cybersecurity, "and you do not get the best rewards without taking some risks," Abrams continued. "Private industry is up against the same problems."
The U.S. government seems to be willing to tap any source of help, taking risks it apparently deems necessary. Alexander's call at DEFCON 12 was not the first time a U.S. government agency has reached out to hackers -- the Defense Advanced Research Projects Agency (DARPA) did so at a cybercolloquium in North Virginia in November.
"Virtually all governments" have been losing out to hackers," Enderle said. "Government is overmatched."
Nothing Personal - It's Just Business
The U.S. government agency's reach-out is "part of a strategic PR approach," NSS Labs' Abrams suggested. The war with hackers "is probably not winnable for the foreseeable future" and reaching out to hackers may help because "damage can be controlled with more and better resources."
However, "there is a deep distrust of government in [the hacker] community, and that will likely be the most difficult thing to overcome," Enderle pointed out. The government "is likely going to have to both give something back and address their concerns that the government itself is evil."
That distrust may not have been helped by Alexander's response to a question after his speech. He reportedly claimed that the NSA doesn't keep files on Americans, a statement that was challenged by William Binney, a former NSA technical director, during a panel discussion later.
Unless government addresses those concerns, its reaching out to hackers will fail, Enderle warned.