From the movie "Good Will Hunting":
"Will: Why shouldn't I work for the N.S.A.? That's a tough one, but I'll take a shot. Say I'm working at the N.S.A. Somebody puts a code on my desk, something nobody else can break. Maybe I take a shot at it and maybe I break it. And I'm real happy with myself, 'cause I did my job well. But maybe that code was the location of some rebel army in North Africa or the Middle East. Once they have that location, they bomb the village where the rebels were hiding and fifteen hundred people that I never met and that I never had no problem with get killed. Now the politicians are sayin', "Send in the marines to secure the area" 'cause they don't give a shit. It won't be their kid over there, gettin' shot. Just like it wasn't them when their number was called, 'cause they were pullin' a tour in the National Guard. It'll be some kid from Southie takin' shrapnel in the ass. And he comes home to find that the plant he used to work at got exported to the country he just got back from. And the guy who put the shrapnel in his ass got his old job, 'cause he'll work for fifteen cents a day and no bathroom breaks. Meanwhile he realizes the only reason he was over there in the first place was so we could install a government that would sell us oil at a good price. And of course the oil companies used the skirmish over there to scare up domestic oil prices. A cute little ancillary benefit for them but it ain't helping my buddy at two-fifty a gallon. They're takin' their sweet time bringin' the oil back, and maybe even took the liberty of hiring an alcoholic skipper who likes to drink martinis and fuckin' play slalom with the icebergs, and it ain't too long 'til he hits one, spills the oil and kills all the sea life in the North Atlantic. So now my buddy's out of work and he can't afford to drive, so he's walking to the fuckin' job interviews, which sucks 'cause the schrapnel in his ass is givin' him chronic hemorroids. And meanwhile he's starvin' 'cause every time he tries to get a bite to eat the only blue plate special they're servin' is North Atlantic scrod with Quaker State. So what did I think? I'm holdin' out for somethin' better. I figure, fuck it, while I'm at it, why not just shoot my buddy, take his job and give it to his sworn enemy, hike up gas prices, bomb a village, club a baby seal, hit the hash pipe and join the National Guard? I could be elected president."
When I was young I thought free hackers would always beat government paid hackers. Because super smart hackers are naturally pro-freedom and against big government's secrecy and rights violations.
After growing up and dealing with many kinds of brilliant hackers, all kinds in fact, from hard core US Democrat style liberals, to UK climate change and evolution deniers, I now realize genius hackers come in all political varieties.
And the NSA has some and they are paying them well to work full time. So now I think even in the era of pure information warfare, governments still have the upper hand.
The fact that they're capitulating by even trying to recruit outside hackers is a significant milestone. Too many intelligent people are uninterested in being a cog in their machinery. Or they have at least observed how it treats it's own when they try to do the right thing ( Thomas Andrews Drake, Manning, Russell D. Tice, William Binney, Mark Klein, Daniel Ellsberg). Most hackers are too ethical to work for the government, and the ones that aren't can make more money elsewhere.
> Most hackers are too ethical to work for the government, and the ones that aren't can make more money elsewhere.
There's also the fact that many-if-not-most hackers are... shall we say... "unsuited" (in terms of their temperament) to the kind of work environment found in government security agencies. Let's just say that your tolerance for pointy-haired administrative BS had better be pretty dang high (like, somewhere between "ISS" and "Earth-Moon L1") if you're going to go down that particular professional path.
> There's also the fact that many-if-not-most hackers are... shall we say... "unsuited" (in terms of their temperament) to the kind of work environment found in government security agencies.
I imagine the NSA is well aware of the correlation between "very clever" and "difficult to work with".
I know people who work for GCHQ, and while they never talk about the work they are happy that the managers keep them insulated from the PHB stuff.
My anecdotal evidence based on an aunt/uncle who work there is that it's VERY much a bureaucratic nightmare where most people work as hard as possible to work as little as possible. Then the minority of extremely smart researchers the NSA recruits just take advantage of the disorganization to research whatever they want regardless of whether it's actually relevant to the NSA's goals. So that's a plus for smart hackers. But I think in general the NSA has an easier time recruiting brilliant physicists/mathematicians because there's less competition from the private sector. I imagine it's a lot more difficult to recruit ultra-talented hackers, especially since they are totally unqualified to recognize them. At my campus' career fair they were interested in me but totally uninterested in the best programmer I know, who's far more qualified than me even on paper, because his GPA was too low (he was working full time as a graphics programmer at a game company throughout college which hurt his grades). But neither of us were seriously interested anyway because I don't think anyone smart would actually want to work for the government without a huge financial incentive. Even the fact that this article keeps referring to the students as 'soldiers' is the type of condescending Orwellian jingoism that makes me shudder.
"I imagine it's a lot more difficult to recruit ultra-talented hackers, especially since they are totally unqualified to recognize them."
Very real. Best hackers spend their time hacking, not trying to get grades or climbing the hierarchical ladder.
Just think of Steve Wozniak, he was so afraid of not being able to engineer anymore if Apple gave him executive power. He refused to climb the ladder so he could continue tinkering in the lab.
In those big orgs the people that want to get power use to be sociopaths and "power addicts"(people that choose power over everything else in life).
I for one am glad that the United States National Security Agency is being proactive in training new hackers, and in recruiting existing hackers. Much disagreement with United States government policy in general, and with specific actions attributed to the NSA, has already been expressed in this thread. In an ideal world, we would all agree with Henry Stimson that "Gentlemen do not read each other’s mail,"
but we do not live in an ideal world, and while we live in the world we all live in, I am glad that the governments of free countries with representative democracy are developing hacking capabilites. Hacking used for defense protects our secrets and thus reduces our vulnerability to attack of all kinds, and hacking used for offense often is more precise in targeting and saves civilian lives and property while decreasing an enemy's means of waging war.
I'll give one example of an activity that free people in free countries (employed by government agencies or not) could do to increase the prospect of world peace. Break down the great firewall of China and help everyone in China have full access to uncensored news. Then do the same for North Korea, for Iran, for Belarus, and for anywhere else where there is significant government censorship. Wikileak all over the world the internal documents of the Communist Party of China and its allies. Help the common people of the world's most oppressed countries understand their current condition and what they could to gain more freedom. That would reduce the risk of war among any combination of state or non-state actors, and help all of us enjoy more peace and prosperity. You could do this without working for the NSA, and without living in the United States. But anyone who can do this ought to consider doing this. More free flow of information with less censorship is desperately needed in many countries,
I'll give one example of an activity that free people in free countries (employed by government agencies or not) could do to increase the prospect of world peace. Break down the great firewall of China and help everyone in China have full access to uncensored news.
I don't want to get into this much, but I'll just say this has been done for years by multiple independent groups.
For open source information, google "bronc buster", "hong kong blondes", and "hacktivismo" circa 1990s/early 2000s. Those search terms should lead you to applicable information. Also, Tor/proxies/VPNs are in widespread use by the Chinese.
At Burning Man I met a couple of people who work on the Tor project.
They were brilliant. Honestly it's going to be hard for a govt agency to recruit people like this - people who are incredibly passionate about security and cryptography may tend to care about privacy issues as well, for which the government currently incurs a negative sentiment, and this is compounded by the fact that brilliant people these days tend to work on problems they are ideologically aligned with. This isn't the Manhattan Project era anymore...
But you just never know, people come from all sorts of political backgrounds.
re: Manhattan project, I think one difference is that in those days you couldn't use investigate it yourself, you needed the supply and equipment that only TBF government could provide.
Now, a €500 laptop (which people have for sending email) can provide most of what you need to be world class. If you have the brains, you don't need the government.
When I was in 8th grade I performed well enough on a national math competition to get a vague, recruity letter from the NSA. Of course, being a 14 year old math junkie I was over the moon about it.
Fast forward 10 years, Wired runs monthly articles about exactly how much the NSA spies on its own citizens. My enthusiasm? Curbed.
Are they really so desperate to survive that they are willing to be the first to declare the internet a war zone? Such fashism makes me sick. Internet is the first real system without boundries. Stop trying to divide it for your own personal gain.
Many people fail to realize how hard it is for the military, government and law enforcement to recruit top security talent.
There are several reasons that come to mind, a few of which are hard problems to solve.
1. Market competition. The information security industry is currently undergoing major growth. As a whole, it is a thriving and exciting place to work. This allows companies to recruit top talent and, sometimes more importantly, pay top dollar. Sure, there's the occasional genius that comes out of the NSA (like Charlie Miller, for example), but even he is now at Accuvant. If you're a scraggly kid who spent all his high school years behind a terminal, and you're offered low wages to work for the FBI or DoD, or extremely high pay to work for a large consulting firm, which would you pick? Patriotism doesn't help all that much.
2. While less security guys have criminal backgrounds than many would think, the strict clearance required to perform intelligence-related work conflicts with a lot of personalities. Infosec people generally fall into one of two categories: very clean cut, professional, etc., or the typical "dirty hacker" that hangs out in a basement or studio apartment, breaking into networks and slugging beers. Three letter agencies say they want these guys, but there's no way they'd conform to government standards or pass a strict background check. No drugs for ten years? That's a problem for a lot of people.
3. Lastly, and this is probably the weakest point, but a lot of people disagree with things the U.S. government is doing. NSA wiretapping? Security professionals generally don't want to be a part of that. I'm hesitant to make sweeping generalizations, but if you go to a security or hacker conference (DEFCON comes to mind), you'll notice that a lot of the talks and sentiment are of a "rebellious" nature. At the very least, security people are strong advocates of privacy. Working for the NSA or the Air Force Cyber Command doesn't generally sit well with a lot of these people.
China has their best hackers in their military, working for the state. The United States has their best hackers in the private sector. I'm not saying that there aren't a few seeds of genius laying around Fort Meade, but it's not the same as what you see in the private sector.
If the government wants to recruit more hackers, they need to sweeten the offer; but how can they do so with (a) government-controlled funding and salaries, (b) strict background checks that are required for sensitive work, such as national security and (c) a mandate that many people they're trying to recruit simply don't support?
> It sound to me like the sentiment is not so much rebellious, as it is very ethical.
Sure, I just meant rebellious in the sense that the participants tend to rebel against what is seen as government fascism or privacy violations - not that they're evil anarchists.
> If the government wants to recruit more hackers, they need to sweeten the offer; but how can they do so with (a) government-controlled funding and salaries, (b) strict background checks that are required for sensitive work, such as national security and (c) a mandate that many people they're trying to recruit simply don't support?
They can do it with how they are going about it. Lets look at what is going on here.
The US government is funding education that is tailored to focus on their topics of interest. These students then spend 2 years working for the government getting more education and experience.
At this point, (a) is remedied by leaving government positions for better paid contractor ones (I think the US government / contractor relationship is greatly misunderstood in general) or feeding off into private industry. If you read through several bios of people in the industry you find ties to DoD and intel agencies all over the place (some are as contractors). But the idea here is (in my opinion), the government isn't concerned about who is on their payroll, but rather they have more capable professionals trained for this type of work in the country. People whose skills they can pay for one way or another.
I think a lot of people misunderstand the requirements of (b). And those that can't qualify for top clearances can be fed as "infosec engineers" into other agencies where a secret clearance is all that is required (FAA for example). Again, just having more trained people spread about is the goal here.
Additionally, contractors can conduct work in non-classified environments with non-cleared personnel in some situations and/or you have more distant relationships. Think vulnerability selling / purchasing.
As for (c), it is often hard to tie someone's direct work to some mandate. Where do you draw the line? Not working in a specific group? Specific agency? Contractor? Supplier? At some level, Microsoft is supporting the work NSA does. Different people draw different lines at different places.
The very first word in the instructions, "cryptograms" -- coincidentally the entire subject of the exercise -- is misspelled. Pretty sure that will fall on them. It's not very reassuring in an agency where attention to detail is of paramount concern.
I thought by the instructions they meant the same code that is used in the example "The Smart Cat" was used in the 2 codes below, but then it made no sense. -_-
Yes, it wants them to create viruses like Stuxnet and commit acts of war against other countries. It has nothing to do with defending the country. So who's in?
True, but still better than killing people mine countries.
In the last two weeks at least two US bombs from WW2 exploded. None of them harmed people. One of then in the Danube, Vienna which caused tons of dead fish and could have also harmed people, if there was a ship there at that time. Nobody knew it was there. The other was in Germany, which took a lot of time and effort and had to be detonated (lots of people had to be evacuated and buildings began to burn (and of course tons of windows broke)). Lots of other bombs are regularly found, but gladly it is usually not causing such troubles.
And another thorny issue in reading something like this on HN: the internet is international.
Lots of us are not even from the US, and couldn't care less about defending THAT particular country. Not to mention that the defending part mostly means offending or spying on other countries, mainly our own.
This isn't an article only for US citizens. If you can't care less that a major government is recruiting hackers for national defense (or offense) & paying for their school/training, then maybe you should think outside your borders a bit.
>This isn't an article only for US citizens. If you can't care less that a major government is recruiting hackers for national defense (or offense) & paying for their school/training, then maybe you should think outside your borders a bit.
Well, I do care in the sense that I am disgusted by it.
I just wanted to point out that "oh, how honorable to work for them, it's our patriotic duty" response to a story like this doesn't work in the intertubes, where we're not even from the same country.
Who's response was that? The OP had pretty much the opposite reaction.
The Internet is the perfect place for articles like this. You are getting insight to what other nations are doing. The Internet affords us this much. It's not just International, it is free.
No one was cheerleading for or against any particular country in this thread.
Well, if you're in the UK you have GCHQ which does a lot of interesting math stuff. Obviously mostly about crypto, but also other stuff. You get to work with some very smart people.
Disadvantages include not being able to publish some of it. That's significant if other people independently discover something after you.
I would never do that. I met a person who had to do something similar and he quit because he knew important secrets, and this was incredible stressing for him. He was young but made himself old very quickly.
He was not interested on secrets(he avoided them as much as he could) and probably because of that they keep giving him more and more high level responsibility.
In an ideal world things are made the "right way", in the real world occasionally real people do bad things, and you know it, and you can't say anything to anybody, even your family or your deep friends, and you become extremely dangerous to some people in power.
What he was told inside the organization was on the lines of "because bad guys do bad things we have to do bad things to fight bad guys".
You don't want t become whistleblower. They will make your life Hell for you and your family for the rest of your life.
In the case of hiring "hackers", the NSA (and whatever other Double Secret TLA is out there, that we're not supposed to know about) should hire people who very literally think outside the box. The NSA has the problem of what to do with disruptive ideas, or they have the problem of no disruptive ideas. Maybe the "hackers" they hire write Stuxnet NT, or maybe they develop algorithms that solve the Traveling Salesman Problem and open a bigger can of worms than thought possible.
Or maybe the NSA gets nothing from their "hackers" because 9-to-5 regular day jobs in a building with no windows, except fake ones on the fake building around the real building, causes a near-total physiological and psychological block on new ideas. Net loss to society, since some of the "hackers" could be writing code for the next Pets.com .
Or maybe the NSA can't hire any real "hackers" since they almost universally have showstopping blots on their records: sampling illicit drugs, committing minor fraud, getting expelled from school, undergoing psychiatric treatment, nominal homelessness, participating in OWS, whatever, you'd be surprised at what prohibits someone from getting an exotic clearance, which you certainly need to have to work at the NSA. What if the NSA can only hire poseurs and lamers?
wtf is this shit, i mean, the best "security experts" will not work for a goddamn NSA facility, they will make money in private sectors or better they will be responsible for the attacks...
NSA clearly got it wrong, "hacking" is not for "your country" it's a selfish act, for your personal goals, i mean, let's say you work for NSA and you stop or make a stuxnet like virus... you cannot brag about it, as a hacker, you got to show your work, to proudly say: i did that.
