Monday, August 08, 2011

Department of Defense tries to court hackers

Las Vegas, Nevada (CNN) -- Dear hackers: The U.S. government wants you.

Or, at the very least, the Department of Defense's research wing wants to pay you to help it block cyber threats, a project manager at the Defense Advanced Research Projects Agency said Thursday.

Former hacker Peiter Zatko announced the start of a fund-the-hackers program, called Cyber Fast Track, in a keynote talk at the Black Hat conference, which is aimed at hackers and computer security experts. The program began officially late Wednesday, he said.

Experts say the government has done a lousy job in the past of getting money to security researchers quickly enough for them to actually help mitigate cyber threats. Or the feds have avoided dealing with hackers entirely.

"One of the ways I see fixing it is bridging the gap between the government and the hacker community," said Zatko, who goes by the handle "Mudge."

By "hacker," he doesn't mean criminal. He's referring to people who try to break computer systems with the goal of making them more secure. These people are sometimes referred to in the security industry as "white hats," as opposed to nefarious "black hats."

"We have all sorts of other criminals, be it in politics or finance, and those elements may be bigger than the criminal element in the hacker community," he said.

Other wings of the government appear to be courting the hacker community as well. The Federal Bureau of Investigation and the Internal Revenue Service both have booths set up on the expo floor here at Caesars Palace. Federal agents are so commonplace at this hacker conference -- and at another, called DEF CON, which happens later this week -- that some of the hackers have held a "Spot the Fed" contest, with T-shirts as prizes.

Law enforcement and hackers don't always play well in these arenas. Speakers at past Black Hat and DEF CON conferences have been threatened with injunctions aimed at stopping them from explaining how to hack into certain systems.

The hackers say they're making public such exploits for the public's own good. If they can find the bugs, then bad guys who want to steal information and make money could, too.

In an interview after his talk, Zatko declined to say how much money DARPA will put into the new program, or how big the individual grants will be.

The goal is to fund independent security researchers, who currently do much of their work on nights and weekends without pay, in hopes that they will help make the Internet safer.

One of those hacker-researchers is Dino Dai Zovi, who says his girlfriend gets annoyed that he spends almost all of his free time on his computer.

"Look at the bags under my eyes -- I never stop working," he said.

Dai Zovi said the DARPA program will help hackers actually get paid for their work.

The stakes for the new program are also high.

Zatko, the hacker-turned-DARPA official, said the number of malware attacks continues to increase even as government agencies spend more money to stop them.

In 2000, he said, there were about 1,400 "incidents of malicious cyber activity." Nine years later, that number had jumped to more than 71,000.

Current computer systems are needlessly complicated, he said, which leaves them more open to malicious hacking. He suggested that researchers work, for example, to simplify Microsoft Word with its list of 3,000 fonts and many potential exploits.

Zatko, whose notable life as a hacker has been the inspiration for fictional characters, said he's trying to change how the government works from the inside.

"I hope the old Mudge of 1999 is looking at the current Mudge of 2011 and saying, 'Yeah, you're wearing a pocket square and you don't have long hair,' " he said, " 'but, yeah, you're still remaining true to the cause.' "

Source: CNN

ROOTCON is managed by like minded InfoSec professionals across the Philippines.

All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.