

The NSA Wants Hackers, And It Wants Them On Its Side - skyrelief
http://www.fastcompany.com/3000879/nsa-wants-hackers-and-it-wants-them-its-side

======
CapitalistCartr
From the movie "Good Will Hunting": "Will: Why shouldn't I work for the
N.S.A.? That's a tough one, but I'll take a shot. Say I'm working at the
N.S.A. Somebody puts a code on my desk, something nobody else can break. Maybe
I take a shot at it and maybe I break it. And I'm real happy with myself,
'cause I did my job well. But maybe that code was the location of some rebel
army in North Africa or the Middle East. Once they have that location, they
bomb the village where the rebels were hiding and fifteen hundred people that
I never met and that I never had no problem with get killed. Now the
politicians are sayin', "Send in the marines to secure the area" 'cause they
don't give a shit. It won't be their kid over there, gettin' shot. Just like
it wasn't them when their number was called, 'cause they were pullin' a tour
in the National Guard. It'll be some kid from Southie takin' shrapnel in the
ass. And he comes home to find that the plant he used to work at got exported
to the country he just got back from. And the guy who put the shrapnel in his
ass got his old job, 'cause he'll work for fifteen cents a day and no bathroom
breaks. Meanwhile he realizes the only reason he was over there in the first
place was so we could install a government that would sell us oil at a good
price. And of course the oil companies used the skirmish over there to scare
up domestic oil prices. A cute little ancillary benefit for them but it ain't
helping my buddy at two-fifty a gallon. They're takin' their sweet time
bringin' the oil back, and maybe even took the liberty of hiring an alcoholic
skipper who likes to drink martinis and fuckin' play slalom with the icebergs,
and it ain't too long 'til he hits one, spills the oil and kills all the sea
life in the North Atlantic. So now my buddy's out of work and he can't afford
to drive, so he's walking to the fuckin' job interviews, which sucks 'cause
the schrapnel in his ass is givin' him chronic hemorroids. And meanwhile he's
starvin' 'cause every time he tries to get a bite to eat the only blue plate
special they're servin' is North Atlantic scrod with Quaker State. So what did
I think? I'm holdin' out for somethin' better. I figure, fuck it, while I'm at
it, why not just shoot my buddy, take his job and give it to his sworn enemy,
hike up gas prices, bomb a village, club a baby seal, hit the hash pipe and
join the National Guard? I could be elected president."

~~~
fghh45sdfhr3
When I was young I thought free hackers would always beat government paid
hackers. Because super smart hackers are naturally pro-freedom and against big
government's secrecy and rights violations.

After growing up and dealing with many kinds of brilliant hackers, all kinds
in fact, from hard core US Democrat style liberals, to UK climate change and
evolution deniers, I now realize genius hackers come in all political
varieties.

And the NSA has some and they are paying them well to work full time. So now I
think even in the era of pure information warfare, governments still have the
upper hand.

~~~
jlgreco
The question should be less _"will they suffer for lack of me?"_ and more _"Is
this something I feel comfortable participating in?"_

------
tokenadult
I for one am glad that the United States National Security Agency is being
proactive in training new hackers, and in recruiting existing hackers. Much
disagreement with United States government policy in general, and with
specific actions attributed to the NSA, has already been expressed in this
thread. In an ideal world, we would all agree with Henry Stimson that
"Gentlemen do not read each other’s mail,"

[http://chronicle.com/blognetwork/edgeofthewest/2012/08/17/ge...](http://chronicle.com/blognetwork/edgeofthewest/2012/08/17/gentlemen-
reading-mail-part-i/)

but we do not live in an ideal world, and while we live in the world we all
live in, I am glad that the governments of free countries with representative
democracy are developing hacking capabilites. Hacking used for defense
protects our secrets and thus reduces our vulnerability to attack of all
kinds, and hacking used for offense often is more precise in targeting and
saves civilian lives and property while decreasing an enemy's means of waging
war.

I'll give one example of an activity that free people in free countries
(employed by government agencies or not) could do to increase the prospect of
world peace. Break down the great firewall of China and help everyone in China
have full access to uncensored news. Then do the same for North Korea, for
Iran, for Belarus, and for anywhere else where there is significant government
censorship. Wikileak all over the world the internal documents of the
Communist Party of China and its allies. Help the common people of the world's
most oppressed countries understand their current condition and what they
could to gain more freedom. That would reduce the risk of war among any
combination of state or non-state actors, and help all of us enjoy more peace
and prosperity. You could do this without working for the NSA, and without
living in the United States. But anyone who can do this ought to consider
doing this. More free flow of information with less censorship is desperately
needed in many countries,

[http://www.freedomhouse.org/report/freedom-world/freedom-
wor...](http://www.freedomhouse.org/report/freedom-world/freedom-world-2012)

<http://transparency.org/country>

and any hacker contributing to that cause would be helping humankind.

~~~
runjake
_I'll give one example of an activity that free people in free countries
(employed by government agencies or not) could do to increase the prospect of
world peace. Break down the great firewall of China and help everyone in China
have full access to uncensored news._

I don't want to get into this much, but I'll just say this has been done for
years by multiple independent groups.

For open source information, google "bronc buster", "hong kong blondes", and
"hacktivismo" circa 1990s/early 2000s. Those search terms should lead you to
applicable information. Also, Tor/proxies/VPNs are in widespread use by the
Chinese.

------
yownie
The fact that they're capitulating by even trying to recruit outside hackers
is a significant milestone. Too many intelligent people are uninterested in
being a cog in their machinery. Or they have at least observed how it treats
it's own when they try to do the right thing ( Thomas Andrews Drake, Manning,
Russell D. Tice, William Binney, Mark Klein, Daniel Ellsberg). Most hackers
are too ethical to work for the government, and the ones that aren't can make
more money elsewhere.

~~~
stevenbedrick
> Most hackers are too ethical to work for the government, and the ones that
> aren't can make more money elsewhere.

There's also the fact that many-if-not-most hackers are... shall we say...
"unsuited" (in terms of their temperament) to the kind of work environment
found in government security agencies. Let's just say that your tolerance for
pointy-haired administrative BS had better be pretty dang high (like,
somewhere between "ISS" and "Earth-Moon L1") if you're going to go down that
particular professional path.

~~~
DanBC
> There's also the fact that many-if-not-most hackers are... shall we say...
> "unsuited" (in terms of their temperament) to the kind of work environment
> found in government security agencies.

I imagine the NSA is well aware of the correlation between "very clever" and
"difficult to work with".

I know people who work for GCHQ, and while they never talk about the work they
are happy that the managers keep them insulated from the PHB stuff.

~~~
ditonal
My anecdotal evidence based on an aunt/uncle who work there is that it's VERY
much a bureaucratic nightmare where most people work as hard as possible to
work as little as possible. Then the minority of extremely smart researchers
the NSA recruits just take advantage of the disorganization to research
whatever they want regardless of whether it's actually relevant to the NSA's
goals. So that's a plus for smart hackers. But I think in general the NSA has
an easier time recruiting brilliant physicists/mathematicians because there's
less competition from the private sector. I imagine it's a lot more difficult
to recruit ultra-talented hackers, especially since they are totally
unqualified to recognize them. At my campus' career fair they were interested
in me but totally uninterested in the best programmer I know, who's far more
qualified than me even on paper, because his GPA was too low (he was working
full time as a graphics programmer at a game company throughout college which
hurt his grades). But neither of us were seriously interested anyway because I
don't think anyone smart would actually want to work for the government
without a huge financial incentive. Even the fact that this article keeps
referring to the students as 'soldiers' is the type of condescending Orwellian
jingoism that makes me shudder.

~~~
forgottenpaswrd
"I imagine it's a lot more difficult to recruit ultra-talented hackers,
especially since they are totally unqualified to recognize them."

Very real. Best hackers spend their time hacking, not trying to get grades or
climbing the hierarchical ladder.

Just think of Steve Wozniak, he was so afraid of not being able to engineer
anymore if Apple gave him executive power. He refused to climb the ladder so
he could continue tinkering in the lab.

In those big orgs the people that want to get power use to be sociopaths and
"power addicts"(people that choose power over everything else in life).

------
david_shaw
Many people fail to realize how hard it is for the military, government and
law enforcement to recruit top security talent.

There are several reasons that come to mind, a few of which are hard problems
to solve.

1\. Market competition. The information security industry is currently
undergoing major growth. As a whole, it is a thriving and exciting place to
work. This allows companies to recruit top talent and, sometimes more
importantly, pay top dollar. Sure, there's the occasional genius that comes
out of the NSA (like Charlie Miller, for example), but even he is now at
Accuvant. If you're a scraggly kid who spent all his high school years behind
a terminal, and you're offered low wages to work for the FBI or DoD, or
extremely high pay to work for a large consulting firm, which would you pick?
Patriotism doesn't help all that much.

2\. While less security guys have criminal backgrounds than many would think,
the strict clearance required to perform intelligence-related work conflicts
with a lot of personalities. Infosec people generally fall into one of two
categories: very clean cut, professional, etc., or the typical "dirty hacker"
that hangs out in a basement or studio apartment, breaking into networks and
slugging beers. Three letter agencies say they want these guys, but there's no
way they'd conform to government standards or pass a strict background check.
No drugs for ten years? That's a problem for a lot of people.

3\. Lastly, and this is probably the weakest point, but a lot of people
disagree with things the U.S. government is doing. NSA wiretapping? Security
professionals generally don't want to be a part of that. I'm hesitant to make
sweeping generalizations, but if you go to a security or hacker conference
(DEFCON comes to mind), you'll notice that a lot of the talks and sentiment
are of a "rebellious" nature. At the very least, security people are strong
advocates of privacy. Working for the NSA or the Air Force Cyber Command
doesn't generally sit well with a lot of these people.

China has their best hackers in their military, working for the state. The
United States has their best hackers in the private sector. I'm not saying
that there aren't a few seeds of genius laying around Fort Meade, but it's not
the same as what you see in the private sector.

If the government wants to recruit more hackers, they need to sweeten the
offer; but how can they do so with (a) government-controlled funding and
salaries, (b) strict background checks that are required for sensitive work,
such as national security and (c) a mandate that many people they're trying to
recruit simply don't support?

~~~
fghh45sdfhr3
_you'll notice that a lot of the talks and sentiment are of a "rebellious"
nature. At the very least, security people are strong advocates of privacy._

It sound to me like the sentiment is not so much rebellious, as it is very
ethical.

~~~
david_shaw
_> It sound to me like the sentiment is not so much rebellious, as it is very
ethical._

Sure, I just meant rebellious in the sense that the participants tend to rebel
against what is seen as government fascism or privacy violations - not that
they're evil anarchists.

------
ambertch
At Burning Man I met a couple of people who work on the Tor project.

They were brilliant. Honestly it's going to be hard for a govt agency to
recruit people like this - people who are incredibly passionate about security
and cryptography may tend to care about privacy issues as well, for which the
government currently incurs a negative sentiment, and this is compounded by
the fact that brilliant people these days tend to work on problems they are
ideologically aligned with. This isn't the Manhattan Project era anymore...

But you just never know, people come from all sorts of political backgrounds.

~~~
dillona
You know that Tor was developed for the navy, right?

------
dj2stein9
It's a big job, spying on every US citizen, treating each of them as a
"terrorist", and coordinating which secret internment camp to send dissidents.

------
jayro
In other news ...

House Approves Sweeping, Warrantless Electronic Spy Powers:
[http://www.wired.com/threatlevel/2012/09/house-approves-
spy-...](http://www.wired.com/threatlevel/2012/09/house-approves-spy-bill)

------
bicknergseng
When I was in 8th grade I performed well enough on a national math competition
to get a vague, recruity letter from the NSA. Of course, being a 14 year old
math junkie I was over the moon about it.

Fast forward 10 years, Wired runs monthly articles about exactly how much the
NSA spies on its own citizens. My enthusiasm? Curbed.

------
ImprovedSilence
Old joke:

How do you find an extrovert at the NSA?

He's the one looking at someone else's shoes

------
strictfp
Are they really so desperate to survive that they are willing to be the first
to declare the internet a war zone? Such fashism makes me sick. Internet is
the first real system without boundries. Stop trying to divide it for your own
personal gain.

~~~
noahc
I agree that _fashism_ makes me sick too. That's why I threw away all Gucci
and Versace away.

Now, _fascism_ , on the other hand is whole different matter!

------
mrhyperpenguin
Coincidentally, the NSA is at my school today. They're passing out flyers[0]
with a cryptography puzzle presumably to recruit students.

[0] <http://i.imgur.com/0braj.jpg>

~~~
newsoundwave
My substitutions:

in out

x n

n e

b r

l a

f y

s o

c t

i f

j h

v u

z w

o g

u s

d v

h d

k j

m c

p i

q k

r m

a p

g b

Not sure if it's my mistake or their mistake, but there are two typos in the
cleartext.

~~~
Prophasi
The very first word in the instructions, "cryptograms" -- coincidentally the
entire subject of the exercise -- is misspelled. Pretty sure that will fall on
them. It's not very reassuring in an agency where attention to detail is of
paramount concern.

------
mtgx
Yes, it wants them to create viruses like Stuxnet and commit acts of war
against other countries. It has nothing to do with _defending_ the country. So
who's in?

~~~
batista
True.

And another thorny issue in reading something like this on HN: the internet is
international.

Lots of us are not even from the US, and couldn't care less about defending
THAT particular country. Not to mention that the defending part mostly means
offending or spying on other countries, mainly our own.

~~~
DanBC
Well, if you're in the UK you have GCHQ which does a lot of interesting math
stuff. Obviously mostly about crypto, but also other stuff. You get to work
with some very smart people.

Disadvantages include not being able to publish some of it. That's significant
if other people independently discover something after you.

(<http://en.wikipedia.org/wiki/Clifford_Cocks>)

(<http://en.wikipedia.org/wiki/RSA_(algorithm)>)

~~~
mcantelon
Another disadvantage is increased possibility of winding up found in a duffel
bag.

<http://en.wikipedia.org/wiki/Death_of_Gareth_Williams>

~~~
DanBC
He was working for MI6 at the time!

~~~
mcantelon
Still working for GCHQ, but farmed out to MI6 AFAIK. So perhaps the moral is
stay in the cubicle.

------
forgottenpaswrd
I would never do that. I met a person who had to do something similar and he
quit because he knew important secrets, and this was incredible stressing for
him. He was young but made himself old very quickly.

He was not interested on secrets(he avoided them as much as he could) and
probably because of that they keep giving him more and more high level
responsibility.

In an ideal world things are made the "right way", in the real world
occasionally real people do bad things, and you know it, and you can't say
anything to anybody, even your family or your deep friends, and you become
extremely dangerous to some people in power.

What he was told inside the organization was on the lines of "because bad guys
do bad things we have to do bad things to fight bad guys".

You don't want t become whistleblower. They will make your life Hell for you
and your family for the rest of your life.

------
RyanMcGreal
IT'S A TRAP.

~~~
bediger4000
Yes, but for who?

In the case of hiring "hackers", the NSA (and whatever other Double Secret TLA
is out there, that we're not supposed to know about) _should_ hire people who
very literally think outside the box. The NSA has the problem of what to do
with disruptive ideas, or they have the problem of no disruptive ideas. Maybe
the "hackers" they hire write Stuxnet NT, or maybe they develop algorithms
that solve the Traveling Salesman Problem and open a bigger can of worms than
thought possible.

Or maybe the NSA gets nothing from their "hackers" because 9-to-5 regular day
jobs in a building with no windows, except fake ones on the fake building
around the real building, causes a near-total physiological and psychological
block on new ideas. Net loss to society, since some of the "hackers" could be
writing code for the next Pets.com .

Or maybe the NSA can't hire any real "hackers" since they almost universally
have showstopping blots on their records: sampling illicit drugs, committing
minor fraud, getting expelled from school, undergoing psychiatric treatment,
nominal homelessness, participating in OWS, whatever, you'd be surprised at
what prohibits someone from getting an exotic clearance, which you certainly
need to have to work at the NSA. What if the NSA can only hire poseurs and
lamers?

Yes, this is indeed a trap.

------
tete
There was a time when there was a difference between engineers an soldiers. ;)

------
necenzurat
wtf is this shit, i mean, the best "security experts" will not work for a
goddamn NSA facility, they will make money in private sectors or better they
will be responsible for the attacks...

NSA clearly got it wrong, "hacking" is not for "your country" it's a selfish
act, for your personal goals, i mean, let's say you work for NSA and you stop
or make a stuxnet like virus... you cannot brag about it, as a hacker, you got
to show your work, to proudly say: i did that.

IMHO

