Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Government Security

NSA Hiring At Black Hat 139

jfruhlinger writes "It may seem strange that the US government would be recruiting tech talent at Black Hat, a security conference whose participants have a notorious ambivalence about keeping within the letter of the law. But the NSA — a shadowy organization with its own reputation for dodgy behavior — is there recruiting, and pitching itself as a haven for geeks."
This discussion has been archived. No new comments can be posted.

NSA Hiring At Black Hat

Comments Filter:
  • by elrous0 ( 869638 ) * on Tuesday August 02, 2011 @04:20PM (#36965128)

    It may sound like a great idea on the surface, but a leopard doesn't change its spots just because you give it a paycheck.

    So either the NSA are really fucking stupid or this is some sort of honeypot trap to target some specific (or maybe even non-specific) hackers and bust them on an espionage charge when they inevitably leak some fake secrets you give them after they become "employees." If it's the latter, I'm impressed. Never seen anyone go that far with a honeypot operation. But maybe Anon and LulSec are making them desperate. Hell, maybe they're hoping they can just *luck* into busting some Anon/LulSec leaders by throwing a wide net.

    So I guess it really comes down here to a question of who's more stupid--the NSA for thinking they can tame hackers or the hackers for possibly falling for a honeypot. I don't know which is the more scary possibility.

    • by Anonymous Coward

      Like attracts like. Your reply implies that you don't think the NSA is an organization of black hats. Are you that stupid?

      • by elrous0 ( 869638 ) *

        There are black hats and then there are black hats.

        • by Jeng ( 926980 )

          Or as they put it in TFA.

          There is a huge difference between hackers â" who tread the line of legality regularly and often step over, but not with the intent of doing great harm â" and criminals who happen to work online, Moss said.

          One group you can train or encourage to focus on solving problems that affect national security, and trust to the same extent you would experts in other fields.

          • Or as they put it in TFA.

            There is a huge difference between hackers â" who tread the line of legality regularly and often step over, but not with the intent of doing great harm â" and criminals who happen to work online, Moss said.

            One group you can train or encourage to focus on solving problems that affect national security, and trust to the same extent you would experts in other fields.

            It seriously doesn't help that most of the legitimate private-sector jobs available to those with strong computer/networking skills are thankless, offer little job security, tend to expand in scope with no matching expansion of pay, tend to demand overtime while paying salary, are dominated by managers who don't understand technology and (worse) refuse to listen to underlings who do, often require dealing with literate adults who fail to follow the simplest of instructions then blame the IT guy when it does

            • Honestly,
              Had I no family ties out here on the left coast I would work for NSA.
              There are a lot of things I can do (not that I'm a maestro by any stretch) that would help them, and since I'm really just a total nerd at heart, all they'd have to do is pay me enough to keep me in toys.
              Sadly, I doubt they allow working remotely, and I really can't leave where I'm at. I have a good enough gig in a multinational corp in R&D/security already. It scratches most of the itches.
              -nB

              • by causality ( 777677 ) on Tuesday August 02, 2011 @06:07PM (#36966246)

                Honestly, Had I no family ties out here on the left coast I would work for NSA. There are a lot of things I can do (not that I'm a maestro by any stretch) that would help them, and since I'm really just a total nerd at heart, all they'd have to do is pay me enough to keep me in toys. Sadly, I doubt they allow working remotely, and I really can't leave where I'm at. I have a good enough gig in a multinational corp in R&D/security already. It scratches most of the itches. -nB

                To be blunt, the fact that I have a conscience would prevent me from working with such an organization. I don't really care what cool toys they can hook me up with. Toys are to be enjoyed after essentials (like not dealing with the devil) are established.

                • by mcvos ( 645701 )

                  If they were to ask me to work for them (they won't, but let's suppose), I'd probably tell them that they don't want me, because I have a strong sense of morality. I consider doing the right thing more important than following the rules. They may be looking for people who occasionally cross the line of legality without meaning to do harm, but they don't want people who cross the line of legality meaning to do right. They'd have an army of Bradley Mannings.

        • Re: (Score:2, Interesting)

          by Anonymous Coward

          There are black hats and then there are black hats.

          Put another way... there are black hats (regular) who can be a real nuisance and make the life of one corporation or a few individuals really hellish for a while...

          Then there are black hats (government-sponsored) who are totally fucking evil, amoral bastards who would slit their grandma's throat if their commander said it was in the interests of national security. They would of course have full immunity from any murder prosecution after having slit their grandma's throat. They don't feel evil and no on

          • "If you are willing to work for a shadowy unaccountable government agency that loves to violate the rights of its own countrymen, well, you didn't have much character or moral/ethical fiber to begin with."

            AC, The problem with this line of argument is that if no good people work there for that reason, it is bound to be even worse. It's a general problem with the US DOD more broadly. I feel the US military is being horribly misused by US politicans to fight wars whose main point seems to be to line the pocket

            • by elrous0 ( 869638 ) *

              The problem with this line of argument is that if no good people work there for that reason, it is bound to be even worse.

              That's the age-old "I'm better off trying to change it from the inside" argument that a lot of people use to morally justify working for an immoral organization. The problem is that this almost never works. People who start off vowing to "change it from the inside" almost always end up just becoming corrupted themselves. Once you take your first step on the road to hell, each successive step becomes easier and easier.

              • "People who start off vowing to "change it from the inside" almost always end up just becoming corrupted themselves."

                Yes, that is a big risk. You are right that institutions have their own internal dynamics. Langdon Winner talks about this, how a person not filling their role in an organization will be replaced like we might swap out a bad memory stick in a computer. So does Noam Chomsky when he talks about "What makes the mainstream media mainstream".

                There are no easy answers, though I tried to "think outs

          • Really?
            Seriously?
            You realize that currently the government is obviously over its head WRT computer security. Having a team of grey hats that can see the challenge of hardening a massive network against a Chinese attack is being heartless?
            Taking things to the extreme is never good in any argument. I'd like to think that I'm one of those black hats, but that doesn't mean I'd betray either my country or my personal morals. Where the two collide I likely would do nothing or flip a coin.
            -nB

            • I'd like to think that I'm one of those black hats, but that doesn't mean I'd betray either my country or my personal morals. Where the two collide I likely would do nothing or flip a coin.

              Doing nothing is itself a moral or immoral act in many circumstances, and flipping a coin to make moral decisions suggest that you're some sort of psycopath who has no morality at all.

          • And then if you decide to leave the fold, they take everything you earned and give you a shit deal for being "reintroduced to society".

            The abbreviated people eat their young.

            • Huh? I left the NSA 10 years ago after 13 years and there has been no acrimony. I've actually used my bosses as references for later jobs.

        • by Anonymous Coward

          There are black hats and then there are ARSE hats.

          FIFY

    • You don't get to work at the NSA (or any infosec govt. job) with access to classified information and power without a very thorough full-scope background check including polygraph. You're quite mistaken if you think otherwise.
      • by elrous0 ( 869638 ) *

        Yeah, I recall how well the CIA vetted Humam al-Balawi [wikipedia.org]. I hope the NSA is a little more thorough.

      • by vlm ( 69642 )

        You don't get to work at the NSA (or any infosec govt. job) with access to classified information and power without a very thorough full-scope background check including polygraph. You're quite mistaken if you think otherwise.

        You don't get to work at the NSA (or any infosec govt. job) with access to classified information and power without a very thorough full-scope background check including polygraph. You're quite mistaken if you think otherwise.

        Which includes credit checks. I wonder if they're running out of applicants, most of the locals bought $750K shacks and condos that have probably cratered back to normal by now. Think Vegas where the $1M condo wishing prices are now $50K foreclosure sales.

      • by Amouth ( 879122 )

        and yet some of the people i know that work there - i wouldn't hire...

      • You don't get to work at the NSA (or any infosec govt. job) with access to classified information and power without a very thorough full-scope background check including polygraph. You're quite mistaken if you think otherwise.

        However, it is a truism that every single traitor in those agencies was cleared, some very extensively.

        Meanwhile "secret" clearance is really nothing more than a credit and criminal records check, no poly required. "Top Secret" is the level at which they go around and talk to your neighbors and friends from college and that usually has only a basic poly. Plenty of SCI/SAP projects only need "secret" level clearance too.

      • by Anonymous Coward

        Yes, to demonstrate that you're willing to commit illegal behavior under orders.

        You *have* reviewed their history of criminal behavior, right?

      • by GameboyRMH ( 1153867 ) <gameboyrmh@@@gmail...com> on Tuesday August 02, 2011 @05:43PM (#36966000) Journal

        Oh noes not a polygraph!!! Are they going to check my thetan levels too?

      • polygraph?

        you had me up until then.

        in fact, I would just guess that anyone who cannot fake their own PG would NOT be good for an org who makes its whole business in deceipt and lying and betrayal. think about it! liars and psychopaths are their ideal employee type.

      • by rtb61 ( 674572 )

        Would that be the polygraph of make believe, react to the question not whether you lie or tell the truth. The test that uniform fails with psychopaths (now that's going to be really useful) or that can simply be defeated by tensing you butt cheeks. As for the background check, derp, they are blackhats by definition they have done 'bad' things with computers on computer networks.

        The best way to hire blackhats is to monitor all their activities, the employ hire them to conduct criminal activity without the

    • by Anonymous Coward

      It may sound like a great idea on the surface, but a leopard doesn't change its spots just because you give it a paycheck.

      So either the NSA are really fucking stupid or this is some sort of honeypot trap to target some specific (or maybe even non-specific) hackers and bust them on an espionage charge when they inevitably leak some fake secrets you give them after they become "employees." If it's the latter, I'm impressed. Never seen anyone go that far with a honeypot operation. But maybe Anon and LulSec are making them desperate. Hell, maybe they're hoping they can just *luck* into busting some Anon/LulSec leaders by throwing a wide net.

      So I guess it really comes down here to a question of who's more stupid--the NSA for thinking they can tame hackers or the hackers for possibly falling for a honeypot. I don't know which is the more scary possibility.

      Of course that is an excellent place to be "recruiting" there arent that many places you can find bleeding edge techs all in one spot.

    • by nsaspook ( 20301 )

      No. Just try to double-cross the devil. These kids won't know that hit em if they get out of line.

      • No. Just try to double-cross the devil. These kids won't know that hit em if they get out of line.

        No shit. These are seriously the wrong people to screw with.

        The mafia would be more likely to show mercy.

        • The mafia would be more likely to show mercy.

          I have probably been watching too many movies. I admit that. but given the rep of both of those orgs, I would probably want to take my chances with a nice italian family job. (only half kidding; and that's a sorry statement about american life right now).

    • by blair1q ( 305137 )

      NSA wouldn't run a counterintelligence operation against Americans. That would be illegal and easy to beat.

      FBI, on the other hand, could pose as NSA to do it.

      As for who can be tamed, don't kid yourself. Everybody's human. Beat us hard enough and we start hating Beethoven.

      • by Anonymous Coward

        NSA wouldn't run a counterintelligence operation against Americans. That would be illegal and easy to beat.

        What are you smoking and can I have some?

      • by causality ( 777677 ) on Tuesday August 02, 2011 @05:22PM (#36965814)

        NSA wouldn't run a counterintelligence operation against Americans. That would be illegal and easy to beat.

        If they did, how would you ever prove it?

        A FOIA request? Denied - national security.

        A lawsuit? Denied - national security.

        Asking nicely? Denied - "we can neither confirm nor deny..."

        Without proof, well then, you'd just be a tinfoil-hat-wearing conspiracy nutter (and for major events like 9/11 you'll be called such names even with lots of proof). This is a roundabout, indirect way of saying that you're foolish and something is wrong with you if you don't blindly trust the goodwill of unaccountable government agencies with nearly unlimited budgets who certainly have the capability of spying on Americans and running operations against Americans.

        Not because it's true or might be true or would fit in with the long history of past abuses, mind you, but because people who are in denial want to feel comfortable about their denial and your doubts make that more difficult. When faced with such a situation, small-minded people will attack your character.

        At any rate, yes it would be "illegal" but without accountability and transparency that really doesn't mean anything. How would it be easy to beat? How would you ascertain that without intimate knowledge of the actual methods used? If you somehow attained such knowledge, why wouldn't they change the methods?

        • by blair1q ( 305137 )

          If they did, how would you ever prove it?

          At some point, they have to admit it into evidence. At that point you show the judge the law against NSA conducting operations against Americans, and they go to jail instead of you.

          • the government was able to convince the judge to use an obscure 1959 NSA law to redact UNCLASSIFIED information from the defense exhibits, so that they would not be publically shown at trial.

            there is a lot more to the Drake case regarding evidence, the CIPA, and the Silent Witness Rule.

            • by blair1q ( 305137 )

              The judge saw that evidence and allowed it.

              The judge would see how this evidence was gathered and order the gatherers arrested.

          • by elrous0 ( 869638 ) *

            At some point, they have to admit it into evidence. At that point you show the judge the law against NSA conducting operations against Americans, and they go to jail instead of you.

            How old are you?

          • by Agripa ( 139780 )

            At some point, they have to admit it into evidence. At that point you show the judge the law against NSA conducting operations against Americans, and they go to jail instead of you.

            The State Secrets Privileged would prevent court review.

            Now if you submit the dead home invader who inexplicably has Federal credentials . . .

        • by Agripa ( 139780 )

          NSA wouldn't run a counterintelligence operation against Americans. That would be illegal and easy to beat.

          If they did, how would you ever prove it?

          Bait them with a canary trap.

          If you succeed, there will be plenty of evidence although the State Secrets Privilege makes it moot unless your evidence includes a captured or dead agent and maybe not even then.

      • Why would they bother. That would be the English or Australian equivalents job.

        One hand washes the other. Constitutions don't restrain your allies from spying on you citizens for you.

      • NSA wouldn't run a counterintelligence operation against Americans. That would be illegal and easy to beat.

        Especially considering "counterintelligence" is not one of the missions of the NSA.

      • by elrous0 ( 869638 ) *

        NSA wouldn't run a counterintelligence operation against Americans. That would be illegal

        I can't believe that didn't get modded funny.

    • by conspirator23 ( 207097 ) on Tuesday August 02, 2011 @05:35PM (#36965916)

      It may sound like a great idea on the surface, but a leopard doesn't change its spots just because you give it a paycheck.

      You're suggesting here that most (if not all) Black Hat attendees who might join the NSA are destined to betray the organization at some point? Either by embarassing the agency through extra-curricular activities or outright acts of treason? The short answer to that assertion is that you are underestimating both the people already in the NSA, and also underestimating the IT security community in general. Black Hat != Bomb Throwing Anarchist, and NSA != Bush(II)-era political appointees.

      So either the NSA are really fucking stupid or this is some sort of honeypot trap to target some specific (or maybe even non-specific) hackers and bust them on an espionage charge when they inevitably leak some fake secrets you give them after they become "employees."

      Must. Resist. Grammar... flame. *whew* Okay so to summarize, your contention is that the only good reason for the NSA to recruit at Black Hat is as a "trap" of some sort for Black Hat attendees. Why if that weren't such a transparent, easily avoided ploy, you might have something there. Black Hat attendees who truly see themselves as enemies of the NSA aren't going to apply for jobs... unless they are foreign agents trying to infiltrate the organization. THOSE hypothetical people are going to apply for jobs at the NSA and other agencies no matter what happens at the Black Hat conference. OTOH, there is a tremendous amount of technical talent at Black Hat focused on both the offensive and defensive ends of IT security. If you want to hire the best and the brightest, you go to where the best and the brightest hang out. If they don't want to talk to you, fine, but at least you tried. In some sense it would be irresponsible for the NSA to attend and not even bother trying to recruit because they just assume nobody would be interested. Especially because there are surely Black Hat attendees who would be thrilled to work for the NSA. Don't get me wrong. If your idea of being an el33+ h@x0r is demonstrating the size of your e-peen through acts of vandalism, you probably don't want to work for the NSA. Whatever nefarious things they might encourage, you don't get to brag about it after on Twitter. Likewise if you've already been radicalized politically, then you probably don't want their job offers either. Beyond those two subsets you've got whole categories of people who would have a different outlook on an NSA job. There are the wannabees who think cloak and dagger stuff is cool but wouldn't dream of comitting criminal acts. There are aging vets of prior hacker eras who have wives, and kids, and have worked all that "you're not the boss of me" stuff out of their system already. There are members of the "loyal opposition" who have specific objections to US govt. actions but not the US govt. itself.

      If it's the latter, I'm impressed. Never seen anyone go that far with a honeypot operation. But maybe Anon and LulSec are making them desperate. Hell, maybe they're hoping they can just *luck* into busting some Anon/LulSec leaders by throwing a wide net.

      So I guess it really comes down here to a question of who's more stupid--the NSA for thinking they can tame hackers or the hackers for possibly falling for a honeypot. I don't know which is the more scary possibility.

      Anonymous and LulzSec aren't even on the NSA's radar. NSA != LE. The NSA is interested in the next Stuxnet, whether that is authoring it or defending against it. They're interested in the cell tower intercepting UAV that was Slashdotted earlier today. They're interested in encryption algorithms, data mining algorithms, and language translation algorithms. Anon+Lulz primary weapons (SQL injections, voluntary DDOS) are as interesting to the NSA as gasoline bombs and homemade silencers.

    • by Ihmhi ( 1206036 )

      Will: Why shouldn't I work for the N.S.A.? That's a tough one, but I'll take a shot. Say I'm working at N.S.A. Somebody puts a code on my desk, something nobody else can break. Maybe I take a shot at it and maybe I break it. And I'm real happy with myself, 'cause I did my job well. But maybe that code was the location of some rebel army in North Africa or the Middle East. Once they have that location, they bomb the village where the rebels were hiding and fifteen hundred people I never met, never had no pr

    • by xclr8r ( 658786 )
      Keep your friends close and your enemies closer. It may be easier and cost effective to employ these guys/gals than to actually build up defenses against them. Even better if they can actually learn something from the black hats and build a more robust system
  • by lordandmaker ( 960504 ) on Tuesday August 02, 2011 @04:26PM (#36965202) Homepage

    That's exactly the sort of place I'd expect them to be recruiting.

    • by vlm ( 69642 )

      That's exactly the sort of place I'd expect them to be recruiting.

      Really? I thought they had an absolute fixation on mathematics, physics, and CS PHDs. Also computer engineer / electrical engineer types. Like, don't both applying unless you've got those diplomas.

      Basically the same group the financial companies used to love.

      Also I heard horrible things about their recruitment, like they jerk you around for months, if not years, multiple interviews, etc.

      They had a rep for having the absolute highest ratio in the world of cool toys vs dilbertian bosses. Dinosaur pens mea

    • I'd think defcon as a more logical place, IE a mix of grey hats etc... Black hats are good and all, but if you want an organization, you want people who know to play by YOUR rules at least.
      • by Tom ( 822 )

        Blackhat is the name of the conference. The people who are there are much closer to the industry than the Defcon people. If you're looking for people to hire, Blackhat is the better choice.

  • Not that I know anyone working at the NSA, but it isn't exactly a geek paradise.

    Most geeks that I know are none too fond of rules. This is exactly the opposite of what the NSA is about. There are many rules stemming from security. Of course, all rules get extended beyond their original purpose. This makes it difficult to get any work done, which of course is the antithesis of geek.

    • Not that I know anyone working at the NSA.

      There is No Such Agency... but trust me its more than a "haven" for geeks, specially the Lab at the Rock... There are far more notorious "hackers" working for HS and NSA than you could imagine... then again, there is a reason most people don't know about them or it... ;)

  • Q: How do you know who the extroverts are at the NSA?

    A: They look at other peoples' shoes.

    All kidding aside, the NSA does have quite a powerhouse team of mathematical geniuses, computer scientists, etc. and from everyone I talked to who worked there (I'm no longer in the intel game, so it has been a while), it is a great place to work with a lot of flexibility and innovation.

  • by nilbog ( 732352 )

    Nope, that's not surprising at all. I'd be surprised if they weren't using it as a recruiting pool.

  • Send a copy of your resume to your grandmother...

    • by Anonymous Coward

      ... Or speak it into any telephone in the country...

  • real tech guy or HR doing hiring? auto screening / key words based resume screening?

    It seems that in many big corporations and GOV it's who know and or who can best game the HR system to get the job or who can be the best suck up to the boss.

    And I am not talking about dress codes and behaviors. I am taking about hiring base on degrees over real would work or based on TOP school as in overall VS top tech schools VS a non tech college CS degree. More then 4-6+ years degrees VS 2-4 year degrees.

    TECH / IT so bi

  • Most of these people are frustrated authoritarians.

    It's how they can justify imposing their view of the legality of their actions on their victims.

    • Most of these people are frustrated authoritarians.

      It's how they can justify imposing their view of the legality of their actions on their victims.

      I am curious about what makes you see it this way.

      Almost all of the targets of Anonymous and Lulzsec have been large corproations who not only are never going to be seriously punished by the law, but in fact have the power to buy whatever laws they want to have on the books It is the corporations themselves who work to destroy the whole notion of "rule of law" and undermine the legitimacy of law. We are not all equal under the law if a few of us can remake the laws at will at the expense of the majorit

      • by blair1q ( 305137 )

        The corportations may be wrong, but instead of pointing that out to the authorities repeatedly until something gets done, the black-hats decide they're the ones who are above the law.

        If they ever actually accomplish anything, it just emboldens them, and they grab for more.

        They may use the "but we're doing it for freedom" argument, but they're really just fucking up someone's business for their own gain, whether monetary or egotistical.

        And ask the people whose accounts they've published how they feel about t

        • when the system breaks down, you find ways to make things works.

          you are complaining about the people trying to make things work; but you should actually be mad at the fact that this is the ONLY way they can try to make things work.

          the 'right way' is broken and so its not valid so tell people to go that route. that route is expensive and common man has no say in things of law anymore. because common people are excluded (their will, at least) - vigilantism rises.

          in fact, blame the system. if the system act

        • If they ever actually accomplish anything, it just emboldens them, and they grab for more.

          This point is inseparable from the next I shall make.

          They may use the "but we're doing it for freedom" argument, but they're really just fucking up someone's business for their own gain, whether monetary or egotistical.

          If by "their own gain" you mean "no discernable profit of any kind that you could inventory or itemize or sum up", except of course sending a message to people who think they have perfect impunity that

    • by gmhowell ( 26755 )

      Most of these people are frustrated authoritarians.

      It's how they can justify imposing their view of the legality of their actions on their victims.

      Are you talking about the NSA or Anonymous?

  • by Anonymous Coward

    Black Hat is a security conference that, over the last decade or so, has become predominantly attended by security executives, government employees, etc. E.g. very few "black hats" and it never really was about that. DefCon has been more the open casting call for all color of hats. Black Hat is a professional conference that costs thousands of dollars to attend. So... why wouldn't you go to the one place that has top CISO/CSO and security researchers in it?

    If the article was "NSA to open recruiting boot

  • They will fit right into NSA, the organization that is wire-tapping everyone in the US without a warrant.

    Criminals, in other words.

  • Definitely the choice for recruitment.

    Heck, I'd work for the NSA if I were an american. If you're a security freak, wouldn't you want to go work for someone who takes security serious for a change? Where your request for a firewall isn't overruled by marketing because they fear (without substantiating facts, of course) that it'll slow down the website and impact the "user experience" ?

    Sure you have other pressures to bow to (politics) - but, as has become a frequent saying in several companies I worked for,

  • Sounds more like it should be "black hats" sponsored by Target. And that might even be funny if one of the sustaining partners of this conference didn't happen to be Microsoft. Anyone who's a real black hat probably wouldn't be caught dead here anyway.
  • even if you portray yourself as a 'haven for geeks' and recruit some of the people from black hat, eventually you will be asking those recruits to take actions against their own comrades in black hat world. and you will ask them to turn against some principles the underground world has. they will turn against on some of them sometimes. and sometimes, they wont. what is 100% guaranteed is that, there WILL be times they wont turn back - and thats not something you, as a secretive government organization, woul
  • Seriously, this goes hand in hand with wall street hiring all the engineers, to avoid them going elsewhere and providing competition to a market that is already running over every other. If there is no one left smart enough to understand and question what wall street is doing, then wall street wins, and the NSA is following in the same direction....avoid any possible discovery by having all the good ones playing for your team.

  • by dokc ( 1562391 )
    After reading several times I still can't find any news here...

You are always doing something marginal when the boss drops by your desk.

Working...