Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Robert O'Harrow: The general battling to win over the hackers who fight cyber-criminals

Corporate and government computers are under attack from China and Russia

Robert O'Harrow
Saturday 03 August 2013 01:13 BST
Comments

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

US Outlook It doesn't get much stranger than this, even in Vegas. General Keith Alexander, the director of the United States' National Security Agency (NSA), stood in front of a standing-room-only crowd on Wednesday, selling the idea of government surveillance programmes.

His audience? More than 3,000 cybersecurity specialists, including some of the world's best hackers, an unruly community well known for its support of civil liberties and scepticism when it comes to the US government's three-letter agencies.

General Alexander praised the group as one of the brightest collections of technical minds in the world. He asked them to help the NSA fulfill its mission of protecting the country, while also protecting privacy.

"We stand for freedom," the general told the crowd in a vast ballroom at Caesars Palace. "Help us to defend the country and develop a better solution."

Some in the crowd weren't buying, and one hacker hurled an expletive back at him. "I'm saying I don't trust you!" a voice shouted.

This is Black Hat, the annual hacker conference. For a few days every year, it takes centre stage in the topsy-turvy worlds of cyberspace, network computing and digital security. The conference serves as a platform for hacking seminars, partying and – more and more – policy discussions about what the government and corporate worlds ought to be doing to confront problems such as cyber-espionage and cyberattacks, growing threats with no clear-cut remedies.

Most Black Hat participants are actually "white hat" hackers – security professionals whose careers are built around using their technical skills to thwart the bad guys. But to do their jobs and find security gaps, they often employ the same techniques.

This year's conference comes at an interesting time, as hackers from China, Russia and other countries continue relentless attacks on corporate, academic and government computers, presumably as part of spying initiatives backed by the private sector, foreign nations and criminal groups.

It also follows the unprecedented disclosures of top-secret documents by Edward Snowden, a former NSA contractor, detailing wide-ranging data collection and surveillance programmes by the agency. The disclosures have prompted intense criticism from civil liberties advocates and some lawmakers. On Wednesday, Senator Patrick Leahy, the veteran Democrat who chairs the Senate Judiciary Committee, sharply questioned the NSA's deputy director about claims surrounding the programmes' effectiveness.

The General's appearance here seems to be part of a public relations campaign to better explain what the NSA is doing and the oversight under which it operates.

His message, which mixes technical details and strategic justifications, is part of a shift inside the Pentagon and the intelligence community toward a more open stance about cybersecurity and national security.

General Alexander told the hackers that they needed to hear the facts. He said NSA workers want to find and watch terrorists, not regular Americans. He referred to agency personnel as "these noble folks" and said that 20 had died while deployed to support the wars in Afghanistan and Iraq. He also faulted the media for misrepresenting facts about the NSA programmes.

The reputation of NSA employees is being "tarnished because all the facts aren't on the table," General Alexander said, adding that "you can help us to articulate the facts".

General Alexander also serves as the head of the Defence Department's US Cyber Command, and Wednesday was not the first time he had reached out to the hacking community. Last summer, as part of the NSA's openness campaign, he donned a T-shirt and jeans in an unprecedented appearance at another hacker conference in Las Vegas. He called on hackers to help, and went out of his way to assure them the government was not spying on them or regular Americans.

Some participants at this week's event view the latest disclosures about the agency's programmes as undercutting General Alexander's earlier remarks. Charlie Miller, a security executive at Twitter and something of a star here because of his hacking prowess, questioned whether the General's statements last year were true. He decided to skip the NSA director's speech.

"Everybody agrees. You told us you were good and you're not," said Mr Miller, a former NSA employee. "So go home."

Anup Ghosh, the founder of the cybersecurity firm Invincea, said General Alexander and the NSA need hackers more now than ever. But he said Mr Snowden's disclosures, and the gap between what the government had previously said about surveillance and the apparent reality, is "making distrust a bigger and bigger issue".

"It's a challenging problem General Alexander has in convincing this community he's on their side," Mr Ghosh said. "He needs this community."

In the general's view, much of the anger is based on a misunderstanding of the facts. In his address here, he noted claims that the NSA and its analysts can and regularly do tap into the communications records of ordinary Americans.

"Nothing could be further from the truth," he said. "We can audit the actions of our people, 100 per cent, and we do that."

He said the system used to collect e-mail and other digital records from internet companies has "100 per cent auditability", but did not explain how or why that system failed to prevent Mr Snowden from spiriting highly classified records out of the agency and sharing them with journalists.

Despite the scepticism, a significant proportion of the hackers who attended General Alexander's presentation said they approved of it. They admired the fact that he kept cool in the face of criticism. They even applauded his message about balancing security and privacy, or at least the risk he took in standing before them.

"It was a very solid presentation," said a security engineer who identified himself only as Jeremy J. "It's tough to balance security and privacy. They're legitimately asking for our help."

Wes Brown, at the security firm ThreatGrid, said that if nothing else, the Snowden disclosures have made the relationship between the NSA and hackers more complicated. Talented hackers who might have considered working with the government will think twice now, he said.

© Washington Post

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in