Rehabilitating the Hacker for National Security Purposes
LAS VEGAS, Nevada – The City of Lights is permanently bathed in a wash of flickering neon but over at the Riviera Hotel and Casino the air is charged with electronic transfers of a different kind, in an atmosphere the hosts gleefully describe as ‘hostile’.
Welcome to DEFCON 17, the 2009 incarnation of the world’s largest and most prestigious hackers’ convention, running annually since 1993. Your correspondent is no hacker, he freely admits. My netbook remains locked away at my hotel, many blocks from the mischievous Riviera airwaves. It was with some trepidation that I took my Blackberry through the gilt doors even.
At any given time there are probably several thousand hackers attending talks and giving demonstrations of the newest and best ways to exploit networked information systems and hardware. As well as computer-based activities, talk is turning in the hacker community as to how to hack the human organism and biology in general. On many levels, DEFCON – and conventions like it – represent one of the densest populations of innovation and experimentation on the planet. The creative energy is palpable, and the enthusiasm infectious.
Yet hackers are often, in the political discourse underpinning cyber crime and fears of cyberspace in general, bracketed with terrorists and other criminals of entirely different stripes. Curious then, that there should be such constructive dialogue between younger generations often branded miscreants and the agencies charged with protecting government and public cyberspace.
But this is exactly the situation here. In past years, there have been good-natured but pointed ‘Spot the Fed’ competitions; this year there was a ‘Meet the Fed’ panel, in which representatives of the FBI, NSA, NASA, DoD and many others delivered short recruitment pitches to a packed house of black-clad and occasionally oddly-coiffured geeks and nerds of decidedly anti-authoritarian bent. And got a good reception too.
The aims of the two communities are often very similar, in terms of securing communications channels for the greater good. Whilst hackers may flag up vulnerabilities in systems, industry and government often react to close up those loopholes and exploits – exactly the aim of the hacker in the first place.
The hacker always find ways into systems but will publish his, and increasingly her, results freely online. As a symbiotic relationship it works well, and the end result is a more secure cyberspatial environment for us all.
Some terrorists may be hackers, and vice versa also, but generally there are far more differences than there are similarities. Most hackers do not do things for personal gain, although there are criminals within the community. Most hackers are doing things for social benefit, a utopia-tinted view of a future cyberspace in which we can all develop and evolve.
How different then from the terrorists and cybercriminals in with whom they are often lumped. Fears of an imminent al-Qaeda cyberwar on the UK are horribly overblown, for example. Whilst terrorism groups must have some individuals of undoubted technical skill, I doubt their global number exceeds a few dozen that could match the majority of the DEFCON delegates.
Simple tools are available to those who wish to create low-level attacks but I seriously doubt if those able to inflict substantial and lasting effects on critical infrastructure exist within most of the Islamist terror organisations operating today.
Both the US and the UK are seeking to bring on board ‘hackers’ to help with national and economic security problems, and many will join to add to the ones already there. It feels as if the ‘hacker’ is being rehabilitated within mainstream cyber security. Although many will wish to remain outside of it, they are still not necessarily criminals, let alone terrorists. Indeed, it is their innovation out on the ‘edge’ that will continue to drive better attempts to understand and secure networks.
Throughout the convention, figures like Osama bin Laden cropped up in my mind several times. What would he not give to have a crew of similarly talented people harnessed to his own bizarre ideology? At present, it appears that this is not the case.
Until he starts bringing on board his own ‘naughty boys’, and fulfilling their career and financial expectations, I think it will be a while yet before we seriously need to worry about anything approaching the damage that the DEFCON dudes could come up with, even in the unlikely event they would choose to. I certainly slept soundly on the Strip this weekend.
We need more hackers, not less, and they could in fact be a strong bastion – in or out of government – against the sorts of attacks that AQ and the like will one day surely attempt in concerted fashion. DEFCON, the floor is yours.