Robert O'Harrow: The general battling to win over the hackers who fight cyber-criminals
Corporate and government computers are under attack from China and Russia
Saturday 03 August 2013
US Outlook It doesn't get much stranger than this, even in Vegas. General Keith Alexander, the director of the United States' National Security Agency (NSA), stood in front of a standing-room-only crowd on Wednesday, selling the idea of government surveillance programmes.
His audience? More than 3,000 cybersecurity specialists, including some of the world's best hackers, an unruly community well known for its support of civil liberties and scepticism when it comes to the US government's three-letter agencies.
General Alexander praised the group as one of the brightest collections of technical minds in the world. He asked them to help the NSA fulfill its mission of protecting the country, while also protecting privacy.
"We stand for freedom," the general told the crowd in a vast ballroom at Caesars Palace. "Help us to defend the country and develop a better solution."
Some in the crowd weren't buying, and one hacker hurled an expletive back at him. "I'm saying I don't trust you!" a voice shouted.
This is Black Hat, the annual hacker conference. For a few days every year, it takes centre stage in the topsy-turvy worlds of cyberspace, network computing and digital security. The conference serves as a platform for hacking seminars, partying and – more and more – policy discussions about what the government and corporate worlds ought to be doing to confront problems such as cyber-espionage and cyberattacks, growing threats with no clear-cut remedies.
Most Black Hat participants are actually "white hat" hackers – security professionals whose careers are built around using their technical skills to thwart the bad guys. But to do their jobs and find security gaps, they often employ the same techniques.
This year's conference comes at an interesting time, as hackers from China, Russia and other countries continue relentless attacks on corporate, academic and government computers, presumably as part of spying initiatives backed by the private sector, foreign nations and criminal groups.
It also follows the unprecedented disclosures of top-secret documents by Edward Snowden, a former NSA contractor, detailing wide-ranging data collection and surveillance programmes by the agency. The disclosures have prompted intense criticism from civil liberties advocates and some lawmakers. On Wednesday, Senator Patrick Leahy, the veteran Democrat who chairs the Senate Judiciary Committee, sharply questioned the NSA's deputy director about claims surrounding the programmes' effectiveness.
The General's appearance here seems to be part of a public relations campaign to better explain what the NSA is doing and the oversight under which it operates.
His message, which mixes technical details and strategic justifications, is part of a shift inside the Pentagon and the intelligence community toward a more open stance about cybersecurity and national security.
General Alexander told the hackers that they needed to hear the facts. He said NSA workers want to find and watch terrorists, not regular Americans. He referred to agency personnel as "these noble folks" and said that 20 had died while deployed to support the wars in Afghanistan and Iraq. He also faulted the media for misrepresenting facts about the NSA programmes.
The reputation of NSA employees is being "tarnished because all the facts aren't on the table," General Alexander said, adding that "you can help us to articulate the facts".
General Alexander also serves as the head of the Defence Department's US Cyber Command, and Wednesday was not the first time he had reached out to the hacking community. Last summer, as part of the NSA's openness campaign, he donned a T-shirt and jeans in an unprecedented appearance at another hacker conference in Las Vegas. He called on hackers to help, and went out of his way to assure them the government was not spying on them or regular Americans.
Some participants at this week's event view the latest disclosures about the agency's programmes as undercutting General Alexander's earlier remarks. Charlie Miller, a security executive at Twitter and something of a star here because of his hacking prowess, questioned whether the General's statements last year were true. He decided to skip the NSA director's speech.
"Everybody agrees. You told us you were good and you're not," said Mr Miller, a former NSA employee. "So go home."
Anup Ghosh, the founder of the cybersecurity firm Invincea, said General Alexander and the NSA need hackers more now than ever. But he said Mr Snowden's disclosures, and the gap between what the government had previously said about surveillance and the apparent reality, is "making distrust a bigger and bigger issue".
"It's a challenging problem General Alexander has in convincing this community he's on their side," Mr Ghosh said. "He needs this community."
In the general's view, much of the anger is based on a misunderstanding of the facts. In his address here, he noted claims that the NSA and its analysts can and regularly do tap into the communications records of ordinary Americans.
"Nothing could be further from the truth," he said. "We can audit the actions of our people, 100 per cent, and we do that."
He said the system used to collect e-mail and other digital records from internet companies has "100 per cent auditability", but did not explain how or why that system failed to prevent Mr Snowden from spiriting highly classified records out of the agency and sharing them with journalists.
Despite the scepticism, a significant proportion of the hackers who attended General Alexander's presentation said they approved of it. They admired the fact that he kept cool in the face of criticism. They even applauded his message about balancing security and privacy, or at least the risk he took in standing before them.
"It was a very solid presentation," said a security engineer who identified himself only as Jeremy J. "It's tough to balance security and privacy. They're legitimately asking for our help."
Wes Brown, at the security firm ThreatGrid, said that if nothing else, the Snowden disclosures have made the relationship between the NSA and hackers more complicated. Talented hackers who might have considered working with the government will think twice now, he said.
© Washington Post
Liam Neeson's Downton dreams
Thriller is set in the secret world of British espionage
Bomber jacket worn by Mary Berry sells out within an hour
Much-loved cartoon character returns - without Sir David Jason
Actress to appear in second series of the hugely popular crime drama
- 2 Scottish independence: What you shouldn't tweet about if you want to avoid jail today
- 3 Scottish independence: Five reasons Salmond is secretly hoping for a 'No' vote
- 4 Isis plan to 'behead random member of the public' in Sydney thwarted by Australian police
- 5 Scottish independence: Andy Murray backs Yes campaign in eleventh hour decision
Thailand beach murders: Thai PM suggests 'attractive' female tourists cannot expect to be safe wearing bikinis
Scottish independence referendum live: Latest news as Scotland votes Yes or No
Scottish independence: Final opinion polls show undecided voters could swing result either way
Scottish independence: Almost half of No voters have felt 'personally threatened' by the Yes campaign
Isis plan to 'behead random member of the public' in Sydney thwarted by Australian police
Daniele Watts: Django Unchained actress detained by Los Angeles police after being mistaken for a prostitute
The political class is doing what Hitler couldn’t – destroying Britain
Scottish independence referendum: A nation divided against itself
Scottish independence: Nationalist leader Jim Sillars threatens pro-union companies with 'day of reckoning' after independence
Scottish independence: David Cameron is becoming the 'George Bush of Britain'
Russia freezes Ukraine into submission: Kiev admits country doesn't have enough fuel for winter
iJobs Money & Business
£320 - £330 per day: Ashdown Group: The Ashdown Group have been engaged by a l...
To £75,000 + Pension + Benefits + Bonus: Saxton Leigh: My client is looking f...
To £85,000 + banking benefits: Saxton Leigh: You will be expected to carry out...
Up to £90,000 + benefits: Saxton Leigh: Credit Risk Audit Manager required to ...