While there have been high-profile computer
hacks in the past, 2011 seemed to have a pretty consistent
string of corporate and government cyber attacks that affected Sony,
the CIA,Gmail and many more. The Pentagon
is calling the government attacks an
act of war, and are looking for new recruits to help fight this battle.
Many federal agencies like the Department of
Defense (DOD), Department of Homeland Security (DHS), NASA and the National
Security Agency (NSA) are looking to hire hackers to help find holes in
government security and to even launch offensive attacks when needed. But the
feds don't want just any hacker -- they want the best of the best, and that is
why they're attending
this year's Defcon in Las Vegas.
Defcon is one of the world's largest hacker
conventions. It began in June 1993, and is held in Las Vegas annually. Defcon
allows hackers to show their stuff in the way of hardware modification,
computer code, computer architecture, phone phreaking, etc. The entrance fee is
$150 cash -- no names and no credit cards. Everything is anonymous.
"Today it's cyber warriors that we're looking
for, not rocket scientists," said Richard "Dickie" George,
technical director of the NSA's Information Assurance Directorate. "That's
the race that we're in today. And we need the best and brightest to be ready to
take on this cyber warrior status."
The NSA is especially looking for hacker recruits,
since its entire purpose is information systems security. The agency is looking
to hire 1,500 people in the fiscal year ending September 30. It will also hire
another 1,500 people next year.
A general worry with finding new employees from a hacker
convention is that young hackers may cross the line or break laws,
whether they're aware of these lines or laws or not. But the NSA's screening
process for new employees is a rigorous one, and Jeff Moss, a hacker known as
Dark Tangent that founded Defcon and the Black Hat convention and is now part
of the DHS' Advisory Council, assures that the government needs hackers who
really know the trade.
"They need people with the hacker skill set,
hacker mindset," said Moss. "It's not like you go to a hacker
university and get blessed with a badge that says you're a hacker. It's a
self-appointed label -- you think like one or you don't."
The NSA could certainly use the help, since George
described distinguishing between a real threat and a bunch of small-scale
"messing around" hacks as finding a single needle in a needle stack.
In a mess of teenagers just playing around, there's a real "bad guy"
mixed in and it's difficult to tell whose who, so everything must be seen as a
But won't a bunch of feds in a hacker convention
raise a few eyebrows? George says they won't have a problem fitting in.
"When I walk down the hall [through NSA
offices], there are people I see every day and I never know what color their
hair's going to be," said George, who said the agency is full of eccentric
mathematicians and linguists. "And it's a bonus if they're wearing shoes.
We've been in some sense a collection of geeks for a long, long time."
The NSA better find their new hacker friends
quickly, because it looks as if cyber criminals are taking their work a step
further. Not only are these criminals launching attacks themselves, but they're
their services to the public as well.
For as low as $5 to $10 per hour, cyber crooks,
who are offering their services in underground forums, will launch distributed
denial-of-service (DDoS) attacks to shut down the customer's website of choice.
DDoS attacks use a large network of bots to flood websites with enough Web
traffic to shut them down.
For $40 to $50 per hour, a customer can get a day's
worth of cyber attacks while a week will cost $350 to $400 and a month will
One particular forum for the operators of the
Darkness DDoS bot even shared the number of bots needed to complete a job. To
take down a small website, 15 to 30 bots are needed. An average site needs 250
to 280 bots, a large site needs 750 to 800 bots, a great site with anti-DDoS
protection needs 2,000 to 2,500 bots, a group of websites need 4,300 to 4,700
bots and any site with any protection needs 15,000 to 20,000 bots.
Hackers are certainly getting even more courageous
with efforts like these, but the government is working to take the target off
of its forehead by implementing a new
U.S. Cyber Command and offering better training of its security systems to