Loading ...
Sorry, an error occurred while loading the content.

Pentagon Seeks High School Hackers

Expand Messages
  • suesarkis@aol.com
    Cybersecurity Pentagon Seeks High School Hackers Andy Greenberg, 05.21.09, 06:15 PM EDT As a cyber space race looms, the military is looking for a few good
    Message 1 of 2 , May 29, 2009
    View Source
    • 0 Attachment
      Cybersecurity
      Pentagon Seeks High School Hackers
      Andy Greenberg, 05.21.09, 06:15 PM EDT

      As a cyber space race looms, the military is looking for a few good geeks.

      High school hackers, crackers and digital deviants: Uncle Sam wants you.

      As part of a government information security review released as early as
      Friday, White House interim cybersecurity chief Melissa Hathaway likely will
      mention a new military-funded program aimed at leveraging an untapped
      resource: the U.S.' population of geeky high school and college students.

      The so-called Cyber Challenge, which will be officially announced later
      this month, will create three new national competitions for high school and
      college students intended to foster a young generation of cybersecurity
      researchers. The contests will test skills applicable to both government and
      private industry: attacking and defending digital targets, stealing data, and
      tracing how others have stolen it.

      The competitions, as planned, go far beyond mere academics. The Air Force
      will run a so-called Cyber Patriot competition focused on network defense,
      fending off a "Red Team" of hackers attempting to steal data from the
      participants' systems. The Department of Defense's Cyber Crime Center will
      expand its Digital Forensics Challenge, a program it has run since 2006, to
      include high school and college participants, tasking them with problems like
      tracing digital intrusions and reconstructing incomplete data sources.

      The security-focused SANS Institute, an independent organization, plans to
      organize what may be the most controversial of the three contests: the
      Network Attack Competition, which challenges students to find and exploit
      vulnerabilities in software, compromise enemy systems and steal data.

      More is at stake in these games than mere geek glory. Talented entrants
      would be recruited for cyber training camps planned for summer 2010, nonprofit
      camps run by the military and funded in part by private companies, or
      internships at agencies including the National Security Agency, the Department
      of Energy or Carnegie Mellon's Computer Emergency Response Team.

      Alan Paller, director of the SANS Institute, says companies including EMC (
      EMC - news - people ), AT&T ( T - news - people ) and Verizon ( VZ - news
      - people ) have all expressed interest in sponsoring elements of the
      program. (EMC and AT&T spokespeople didn't respond to requests for comment, and
      Verizon declined to comment in advance of the program's announcement.)

      The ultimate goal, according to the initiative's mission statement, is a
      new sort of grassroots cybersecurity education designed to keep America ahead
      of a growing threat of cyber attacks from both criminal and
      state-sponsored enemies. "In the 1950s and 1960s, Sputnik and the space race inspired
      young people to pursue careers in science and engineering," reads a draft of
      the statement. "We have a similar opportunity to inspire today's young
      people to tackle the important challenges we face, including cybersecurity.

      Fears of cyber-sabotage or espionage were brought home last month by
      revelations, reported in The Wall Street Journal, that Russian and Chinese
      intruders had gained access to and mapped out the networks of U.S. power
      systems, leaving behind software designed to sabotage them. Cyberspies have also
      repeatedly hacked government and military networks going back as early as the
      beginning of the decade. Forbes reported in 2007 that military contractors
      including Lockheed Martin ( LMT - news - people ), Raytheon ( RTN - news -
      people ), Boeing ( BA - news - people ) and Northrup Grumman had suffered
      security breaches that had the potential to reveal classified information.

      One element of ending those cyber debacles, says the SANS Institute's
      Paller, will mean a renewed focus on cyber education. "We have probably only
      1,000 very skilled hackers working for government and industry," he says. "We
      need 20,000 or 30,000. Those hackers are out there. We just need to get
      them into a much more important and useful role."

      China, for its part, may be well ahead of the U.S. in cybersecurity
      education and recruiting, Paller argues. In a hearing before the Senate's
      Homeland Security last month, Paller told the story of Tan Dailin, a graduate
      student in China's Sichuan province who in 2005 won several government-sponsored
      hacking competitions and the next year was caught intruding on U.S.
      Department of Defense networks, siphoning thousands of unclassified documents to
      servers in China. "China's People's Liberation Army is running these
      competitions all the time, aiming their recruits at the U.S.," Paller says.
      "Shouldn't we be looking for our best talent the way other countries are?"

      But a parallel track of domestic cyber training raises the specter of U.S.
      government-trained hackers not only stealing data from foreign enemies--a
      diplomatically thorny prospect in itself--but also hacking other targets for
      fun or profit, and potentially becoming a rogue collection of skilled
      cybercriminals. "There probably could be a couple people we train that go to
      the dark side," admits Jim Christy, director of the Department of Defense's
      Cyber Crime Center. "But we'll catch them and send a message. The good guys
      will outweigh the bad."

      Teaching offensive hacking is a necessary element of protecting networks,
      argues the SANS Institute's Paller. "Offense must inform defense," he says.
      "We'd like it to be just training defenders, but if they don't know how
      attacks are performed, they'll be incompetent."

      He adds that even without formal training, teens are already becoming
      active hackers. According to a survey released by Panda Security earlier this
      month, one in five U.K. teens says he or she knows how to find online
      software tools for gaining unauthorized access to data. A third of those
      respondents claimed to have used them. "This isn't about educating hackers," says
      Paller. "It's about finding them."

      Training games used in digital espionage and data theft, including
      offensive tactics, are nothing new: The military has long put cadets through
      defensive and offensive simulations. Programs like the SANS Institute educate
      so-called white-hat hackers, penetration testers paid to test the security of
      private companies and government institutions. And cybersecurity
      conferences like Las Vegas' DefCon host games of "Capture the Flag," in which teams
      win points by compromising the opposition's PCs.

      But the Cyber Challenge would be the military's first attempt to reach
      civilian students. And despite the controversy it likely will raise, it may be
      the kind of early education push American cybersecurity needs, argues the
      Department of Defense's Christy. "As cybersecurity comes to the forefront,
      we're going to start seeing fratricide between in agencies and the private
      sectors as everyone tries to recruit a small number of experts," he says.
      "We have to grow this workforce."

      **************Discover the variety of Bisquick® mix. Get Recipes & Savings
      Now.
      (http://pr.atwola.com/promoclk/100126575x1222831871x1201491818/aol?redir=http:%2F%2Fad.doubleclick.net%2Fclk%3B215225813%3B37274670%3Be%3Fhttp:%2F%2
      Frecipes.bisquick.bettycrocker.com%3FESRC%3D971)


      [Non-text portions of this message have been removed]
    • Ricky Gurley
      ... Yep, hacking is becoming big business . One of my associates is working in an area related to, and possibly mentioned in this article (have to be
      Message 2 of 2 , Jun 1, 2009
      View Source
      • 0 Attachment
        --- In infoguys-list@yahoogroups.com, suesarkis@... wrote:
        >
        > Cybersecurity

        Yep, "hacking" is becoming "big business". One of my "associates" is working in an area related to, and possibly mentioned in this article (have to be kinda "cryptic" here, he has become very "paranoid" for lack of a better word, here lately).

        http://www.nytimes.com/2009/05/31/us/31cyber.html?_r=1&scp=1&sq=Plum&st=cse

        Rick.


        Risk Management Research & Investments, Inc. & Thoth Data Systems
        Mailing Address: 2101 W. Broadway PMB 326, Columbia, MO. 65203
        Office Address: 1 E. Broadway Suite Z, Columbia, MO. 65203
        Direct Office Number: (573) 234-6876
        Office Phone: (573) 234-4647 Ext. 110
        Car Phone: (573) 529-0808
        Cell Phone: (573) 529-4476
        Toll Free Phone: (888) 571-0958
        Toll Free Fax: (877) 795-9800
        EMERGENCY LINE: (573) 234-4871

        RMRI, Inc. Websites
        (1) http://www.rmriinc.com
        (2) http://rmriinc.bestcyberinvestigator.com

        RMRI, Inc. Blogs
        (1) http://rmriinc.blogspot.com/index.html
        (2) http://rmriincspace.spaces.live.com/
      Your message has been successfully submitted and would be delivered to recipients shortly.