NSA Hiring At Black Hat 139
jfruhlinger writes "It may seem strange that the US government would be recruiting tech talent at Black Hat, a security conference whose participants have a notorious ambivalence about keeping within the letter of the law. But the NSA — a shadowy organization with its own reputation for dodgy behavior — is there recruiting, and pitching itself as a haven for geeks."
Re:Are the NSA really that stupid? (Score:5, Insightful)
NSA wouldn't run a counterintelligence operation against Americans. That would be illegal and easy to beat.
If they did, how would you ever prove it?
A FOIA request? Denied - national security.
A lawsuit? Denied - national security.
Asking nicely? Denied - "we can neither confirm nor deny..."
Without proof, well then, you'd just be a tinfoil-hat-wearing conspiracy nutter (and for major events like 9/11 you'll be called such names even with lots of proof). This is a roundabout, indirect way of saying that you're foolish and something is wrong with you if you don't blindly trust the goodwill of unaccountable government agencies with nearly unlimited budgets who certainly have the capability of spying on Americans and running operations against Americans.
Not because it's true or might be true or would fit in with the long history of past abuses, mind you, but because people who are in denial want to feel comfortable about their denial and your doubts make that more difficult. When faced with such a situation, small-minded people will attack your character.
At any rate, yes it would be "illegal" but without accountability and transparency that really doesn't mean anything. How would it be easy to beat? How would you ascertain that without intimate knowledge of the actual methods used? If you somehow attained such knowledge, why wouldn't they change the methods?
Re:Are the NSA really that stupid? (Score:4, Insightful)
It may sound like a great idea on the surface, but a leopard doesn't change its spots just because you give it a paycheck.
You're suggesting here that most (if not all) Black Hat attendees who might join the NSA are destined to betray the organization at some point? Either by embarassing the agency through extra-curricular activities or outright acts of treason? The short answer to that assertion is that you are underestimating both the people already in the NSA, and also underestimating the IT security community in general. Black Hat != Bomb Throwing Anarchist, and NSA != Bush(II)-era political appointees.
So either the NSA are really fucking stupid or this is some sort of honeypot trap to target some specific (or maybe even non-specific) hackers and bust them on an espionage charge when they inevitably leak some fake secrets you give them after they become "employees."
Must. Resist. Grammar... flame. *whew* Okay so to summarize, your contention is that the only good reason for the NSA to recruit at Black Hat is as a "trap" of some sort for Black Hat attendees. Why if that weren't such a transparent, easily avoided ploy, you might have something there. Black Hat attendees who truly see themselves as enemies of the NSA aren't going to apply for jobs... unless they are foreign agents trying to infiltrate the organization. THOSE hypothetical people are going to apply for jobs at the NSA and other agencies no matter what happens at the Black Hat conference. OTOH, there is a tremendous amount of technical talent at Black Hat focused on both the offensive and defensive ends of IT security. If you want to hire the best and the brightest, you go to where the best and the brightest hang out. If they don't want to talk to you, fine, but at least you tried. In some sense it would be irresponsible for the NSA to attend and not even bother trying to recruit because they just assume nobody would be interested. Especially because there are surely Black Hat attendees who would be thrilled to work for the NSA. Don't get me wrong. If your idea of being an el33+ h@x0r is demonstrating the size of your e-peen through acts of vandalism, you probably don't want to work for the NSA. Whatever nefarious things they might encourage, you don't get to brag about it after on Twitter. Likewise if you've already been radicalized politically, then you probably don't want their job offers either. Beyond those two subsets you've got whole categories of people who would have a different outlook on an NSA job. There are the wannabees who think cloak and dagger stuff is cool but wouldn't dream of comitting criminal acts. There are aging vets of prior hacker eras who have wives, and kids, and have worked all that "you're not the boss of me" stuff out of their system already. There are members of the "loyal opposition" who have specific objections to US govt. actions but not the US govt. itself.
If it's the latter, I'm impressed. Never seen anyone go that far with a honeypot operation. But maybe Anon and LulSec are making them desperate. Hell, maybe they're hoping they can just *luck* into busting some Anon/LulSec leaders by throwing a wide net.
So I guess it really comes down here to a question of who's more stupid--the NSA for thinking they can tame hackers or the hackers for possibly falling for a honeypot. I don't know which is the more scary possibility.
Anonymous and LulzSec aren't even on the NSA's radar. NSA != LE. The NSA is interested in the next Stuxnet, whether that is authoring it or defending against it. They're interested in the cell tower intercepting UAV that was Slashdotted earlier today. They're interested in encryption algorithms, data mining algorithms, and language translation algorithms. Anon+Lulz primary weapons (SQL injections, voluntary DDOS) are as interesting to the NSA as gasoline bombs and homemade silencers.
Re:Are the NSA really that stupid? (Score:5, Insightful)
Honestly, Had I no family ties out here on the left coast I would work for NSA. There are a lot of things I can do (not that I'm a maestro by any stretch) that would help them, and since I'm really just a total nerd at heart, all they'd have to do is pay me enough to keep me in toys. Sadly, I doubt they allow working remotely, and I really can't leave where I'm at. I have a good enough gig in a multinational corp in R&D/security already. It scratches most of the itches. -nB
To be blunt, the fact that I have a conscience would prevent me from working with such an organization. I don't really care what cool toys they can hook me up with. Toys are to be enjoyed after essentials (like not dealing with the devil) are established.