Internet Anthropologist Think Tank: US Intelligence not recruiting blackhats

  • Search our BLOG


  • HOME
    Terrorist Names SEARCH:
    Loading

    Saturday, March 05, 2011

    US Intelligence not recruiting blackhats






    DHS Needs to Change Rules to Recruit Hackers into U.S. Security Agencies




    Members of the hacker community are leery of working with the government and sharing their skills, if it means navigating through outdated regulations and being viewed as potential security risks.
    Hackers and other computer experts willing to collaborate with the Department of Homeland Security to bolster the nation’s cyber-defense are unable to do so because of red tape, according to the former head of the department.



    The federal government is short “tens of thousands of cyber experts” and is aggressively hiring, according to NextGov. A former CIA official estimated that about 1,000 security experts in the nation possess the skills to safeguard U.S. cyberspace, but the country needs about 30,000, according to Government Executive.
    Napolitano said the DHS has direct authority to hire 1,000 cyber-security specialists.

    Hackers are wary of working with the government because of rules that restrict private individuals from engaging with the federal government, Ridge said. The regulations pretty much say that people in the private sector are not to be trusted because “heaven forbid, they might be financially advantaged” with a contract or information, Ridge said. That kind of thinking is outdated and policies need to be changed, he said.

    Hackers may be afraid of the government, considering that well-known security researchers such as Moxie Marlinspike, Jacob Appelbaum and David House have ended up on watchlists and have had their laptops and cellphones searched.



    FROM INSIDE THE LOOP:
    These are sources we have found reliable in the past.
    We made some inquires inside the Beltway and contacted
    hackers we know,  to get the full story. Our sources lead us
    to others on both ends of the situation. No names or agencys
    named. 

    I was amazed by what they said.

    Often there is no distinction made between a Felony and a misdemeanor.
    Excluding traffic violations. Our sources indicate
    they treat them both as felonys. 

    And a not Guilty verdict is irrelevant and immaterial, they are judged to
    be guilty regardless. The prevailing theory is they must have got off on
    a technicality, no consideration given to actual innocence. 
    Most of the Intelligence agencys in US are connected to Law Enforcement.
    And all the agencys will make assurances they have policys preventing
    these kind of reactions, but in the end they said that is how they are handled
    on a practical basis.


    And a low credit rating or collections will mark them as a security risk.


    As a stockbroker I had to have a perfect credit report, I had a dentist,
    I had with held partial payment for substandard work, and I had to pay
    him off before the regulating agency would accept my application.
    And that is the paradigm Intelligence agencys are functioning under.


    If you know a good hacker who is poor, that may be evidence he is honest.
    At least an indication he isn't stealing from the WWW.


    Many don't want to hire a Black hat because of the perceived risk.
    If they turn out to be a bad actor, the person hiring them gets the blow
    back, and may be risking their career.


    Agencys that operate in CONUS are used to the civilian paradigm.
    But the CIA is used to hiring / bribing Bad guys, and have found ways
    to handle the risk, lie detectors, surveillance, etc to manage them.
    The agencys that operate in the USA however sounds like they just 
    reject those that pose any possible risk.


    And I'm not implying that Black hats are bad guys, I'm just pointing
    out that the CIA has methods of reducing the risk to manageable proportions
    rather than not using them. Its possible to reduce the risk to where they
    can be hired.


    Black Hats Speak:
    And from the Black hats point of view I was told, dealing with Feds is like
    making a honey sandwich, can be sweet, but very sticky.




    TRUST:
    The trust issue is big on their minds.
    If I partner with the Feds, will they at
    some point come after me for past activities?
    Do they investigate my past forever?
    Is this a set up, when they are done with me,
    will they burn me?


    "YOU DON'T EVEN HAVE TO DO ANYTHING WRONG
    OR ILLEGAL TO HAVE FBI COME AFTER YOU"


    "IF YOU UNJUSTLY GET ONE OF THESE BULLDOGS
    ON YOU YOUR LIFE IS DONE"


    "ARE THE REWARDS EQUAL TO THE RISKS"


    "IF I TURN LEGAL, AND STAY LEGAL AM I STILL AT RISK?"


    The background checks could be scary, many smoke mary jane,
    or have in the past. Some hackers said they do some of 
    their best work buzzed, which is problematic.


    And once they apply to the Feds they are 'ON the Radar'
    for life. And past exploits in earning their wings may have
    involved illegal activities, making a Federal association
    uncomfortable.


    ARE BLACK HATS NEEDED?
    But do we need black hats?
    We have White hats.


    Besides the shortage problem,
    my experience has been, in general
    they are two different skill sets.
    White hat defends, and black hats attack.
    Difference between a a mechanic and 
    a race car driver, both work with autos
    but from entirely different perspectives.


    The other consideration we face is the risk.
    At no time in the past has the WWW been so
    vulnerable or has security been so bad.


    The security threats the world faces are monumental.
    Cyber Bank robberies, Stuxnet, Confliker, rampant ID theft,
    Worms, rootkits, virus, malware, SLQ, etc.
    The list just goes on and on.


    Stuxnet is a proof of concept that the infrastructure
    is at risk, Confliker is a proof of concept that the WWW
    and maybe even civilization is at risk.
    Internet Anthropologist Think Tank: CYBERWARS's Pearl Harbour


    MicroSoft does patches every tues, about 5 of them.
    Every week for at least 5 years, thats 1,250 holes patched,
    in the worlds most used Operating System.
    And there are what, 100's of security vendors
    trying to secure it also, and FAILING.
    Is MS OS ever going to be patched, secure?
    Doesn't look like it.


    China and Russia recognize the value of black hats
    and support and reward them. And that puts them
    ahead of the Game.


    Even NSA admits their network isn't secure,
    the best secured network in the world isn't safe.
    Internet Anthropologist Think Tank: I'm on your PC,know your IP


    And stuxnet has proven your not safe EVEN
    if your not connected to the WWW.
    You can't even hide.
    Internet Anthropologist Think Tank: Stuxnet 3.0 most powerful ...


    In view of what the world is facing on the WWW
    US agencys may want to consider changing the
    employment paradigm, the current paradigm
    is placing the USA at a significant disadvantage.


    But I expect nothing will happen until there is a 
    cyber 911, then there will be investigations and 
    Congressional hearings, finger pointing, and then 
    changes made.






    But its quite possible the Cyber 911 will kill
    many more than the last 911, and may not be
    so fixed quickly, and maybe untraceable.


    The question becomes one of leadership,
    the current paradigm is too concerned with
    CYA but the law of untended consequences
    looms large in the rear view mirror.
    And may bite them hard.
    Rome is burning and the Feds fiddle.


    DHS seems to be on the right path
    but so far its just all talk, no action.






    Gerald
    War Anthropologist


    .

    0 Comments:

    Post a Comment

    Subscribe to Post Comments [Atom]

    << Home