RealTime IT News

Hackers: Uncle Sam Wants You

Black Hat and U.S. agencies
LAS VEGAS -- The U.S. government is actively engaged in the fight to help protect against Internet threats and cybercrime. And speaking before a packed ballroom here at the Black Hat security conference, they made it clear they want hackers to join the effort.

"The reason why we come here is we hope to attract folks to government service," said James Finch, assistant director of the FBI's cyber division. "And if we can't get you in service, then we want partnerships on working on security issues."

Those issues brought a handful of representatives from U.S. government agencies -- including the Department of Homeland Security's U.S. Computer Emergency Readiness Team (US-CERT), the FBI, NASA, the National Security Agency, the Naval Criminal Investigative Service, the Internal Revenue Service and the U.S. Air Force -- to speak to hackers and security experts here at Black Hat.

"It's people like yourselves that understand the threat that need to come into the government and help us address this problem," Finch said.

Safeguarding the country's networks is critical to U.S. national security policy, the speakers said, as agencies and the military work to fend off rogue groups and states from compromising U.S. assets.

The government also plays an important part in helping American enterprises protect themselves against threats like the much-discussed Kaminsky DNS flaw that was formally presented earlier at Black Hat.

The new head of US-CERT, Mischel Kwon, told attendees that her agency took an active role in helping to disseminate information about the DNS flaw that would help protect users.

"We did a very broad distribution of information and also had engineers on-call for a period of time and advertised that fact, so people could call in and ask questions about the issue," Kwon said. However, she added that she would have liked to have seen more people call in earlier then they did.

Still, she said, the key for success in US-CERT's mission to warn about and protect against online threats is information sharing.

"The nice thing about sharing information with other people is they share info with us," Kwon said. "We can't stand in an ivory tower and say 'We're US-CERT' -- we want to be seen as a place where you can come for information on security."

While US-CERT wants to be seen as a two-way street, the nation's armed forces are looking to protect their assets by having a private street.

"The U.S. military operational network is separate," said Col. Mike Convertino of the Air Force Cyber Command. Convertino described SIPRNET, one of the networks that the U.S. military uses, and which he said is completely separated from the public Internet.

[cob:Special_Report]"We conduct wars on SIPRNET," he said. "So it's very important that there is little-to-no chance that it can be interfered with."

While the armed forces are engaged in fighting enemies in the physical world, cyberwars are being waged against the U.S. government itself, according to the FBI's Finch.

"When it comes to a specific country [attacking the U.S.], I won't comment. However, we have identified those countries that we consider to have capabilities that could impact our national security," he said.

"Some exceed our skills; some countries are noisier in their techniques," he added. "I worry about the ones that aren't hitting our sensors. So, yes, there are countries knocking on our door daily and it does pose a threat to our national security."

Finch also fielded a question about the use of the USA PATRIOT Act and wiretapping of U.S. citizens.

"The last thing I'll do is apologize for the use of court-authorized wiretaps," Finch said, adding that there is a trade-off between privacy rights and national security that wiretaps need to deal with.

"The last thing we want to do is overreach when it comes to citizen privacy and rights," he said. "But I agree with what's in that Patriot Act in term of the authority it give us, and it lets us do a better job of national security."

Updates prior version to correct reference to SIPRNET