The National Security Agency is desperate to hire new hacking talent to protect the nation's critical infrastructure, but its reputation for spying on Americans has damaged its reputation among cyber sleuths. To fix that, the cryptologic intelligence agency is waging a new charm offensive that glosses over some uncomfortable truths.
Over the weekend, NSA director Gen. Keith Alexander made an unprecedented appearance at DefCon, a grassroots gathering of hackers in Las Vegas. As CNN Money's Stacy Cowley explains, there's a reason this sort of thing hasn't happened before. "[It's a] hacker mecca with an often-uneasy relationship with the feds," she writes. "DefCon is the older, wilder and far less official sibling of BlackHat, a cybersecurity conference that wrapped up Thursday." Where as BlackHat attendees are known for swapping business cards and wearing work suits, DefCon attendees are known for showing up in T-shirts and sharing exploits in phone phreaking, distributed denial-of-service attacks and defacing websites. (The conference even boasts a "Spot the Fed," game for hacker attendees.) It was under this backdrop that Alexander approached the hackers at DefCon, as well as the fact that the NSA recently announced that the rate of cyber attacks against U.S. infrastructure has taken a 17-fold increase since 2009. "In this room, this room right here, is the talent our nation needs to secure cyberspace," Alexander said. Unfortunately, some of the respective differences between Alexander and the hackers were impossible to sweep under the rug.
That became apparent when Alexander began pandering to the crowd. "Sometimes you guys get a bad rep," Alexander reasoned with attendees. "From my perspective, what you're doing to figure out the vulnerabilities in our systems is absolutely needed." But the appeal was rebuffed in some corners, Cowley reported:
A few rows further back, a group of cynics kept up a running counterpoint to Alexander's talk ... "Then stop arresting us!" one of the hecklers called back.
Other moments of tension occurred during the Q&A, according to CNET's Elinor Mills.
Asked ... whether the NSA keeps a file on every U.S. citizen, Alexander said that notion was "absolute nonsense," partly because managing 260 million or so individual citizen files would be impossible for the department to handle. "No we don't. Absolutely not," he said. "Our job is foreign intelligence."
That's a denial that's already inviting scrutiny. According to William Binney, a former technical director at the NSA, Alexander is playing a "word game," and as a matter of fact, the NSA is " indeed collecting e-mails, Twitter writings, internet searches and other data belonging to Americans and indexing it." In remarks at the conference captured by Wired's Kim Zetter, Binney refuted Alexander's claims. “The reason I left the NSA was because they started spying on everybody in the country. That’s the reason I left,” said Binney, who left in late 2001. “Unfortunately, once the software takes in data, it will build profiles on everyone in that data,” he said. “You can simply call it up by the attributes of anyone you want and it’s in place for people to look at." Similar claims were advanced by ACLU staff attorney Alex Abdo, who also attended the conference. "A gaping loophole in the laws governing the NSA allows the agency to do dragnet surveillance of non-Americans and, in the process sweep up the data of Americans they may be communicating with, and hold onto that data even though the Americans aren’t the target," he said.
Clearly, there's a philosophical clash of opinions between the NSA and some elements of the hacking subculture. Whether or not the promise of a yearly salary and government benefits can smooth over those differences will play out on case-by-case basis. But according to Cowley's report, there are definitely some willing to make the jump. "I think it would be thrilling," one researcher said. "I mean, that's the real deal ... They're trying to protect the country and people. It would be absolutely awesome."