Monday, August 8, 2011

U.S. Agents, an Aerial Snoop and Teams of Hackers

"Hacker" used to be a bad word. Now, Hackers are being offered positions with the government to combat cyber crime. So, tell all your homies they could turn their lives around and go legit, roger that .. done deal.

August 7, 2011

U.S. Agents, an Aerial Snoop and Teams of Hackers

Defcon, a convention of computer hackers here, was crawling with hackers, digital security professionals and federal agents.

WHY are federal agents hobnobbing with hackers?

Defcon, a convention of computer hackers here, was crawling with them on Friday. They smiled, shook hands, handed out business cards, spoke on a panel called “Meet the Federal Agent 2.0” and were really, really nice.

Naturally, federal agents have been hanging out at hacker gatherings for years to snoop. “Cloak and dagger,” as one put it.

This time they came with another purpose: to schmooze, impress and, perhaps ultimately, lure. The United States Cyber Command, the Pentagon’s Internet defense arm, “has a work force issue,” said Daron Hartvigsen, special agent with the Air Force Office of Special Investigations. “We have needs that some in this community can solve. We need folks with skills.”

Government agencies especially need computer professionals with cybersecurity skills. At Defcon, these skills were in ample supply — and they can alternately thrill and scare. There were hackers and lockpickers here, problem solvers and troublemakers. There were attendees with mohawks and blue hair, and some with blue mohawks. One wore a cape. A few wore kilts. Most, whether out of fear or conceit, insisted on using their digital names rather than their real ones: Lost, alien, Abstract.

In their midst were Internet crime investigators representing the Army, Navy, Air Force and NASA. The F.B.I. set up a recruiting table at Black Hat, a related conference of security professionals earlier in the week. A National Security Agency official was to speak to next-generation hackers at a two-day event called Defcon Kids on Saturday.

For the federal agents, it seemed less an aggressive recruiting drive than a public diplomacy mission. They took pains to describe themselves as lovable hackers under their crew cuts.

Ryan Pittman, an ex-cop who now works computer crime cases in the Army’s criminal investigations division, said the convention was an opportunity to whittle away the federal agents’ image as “jackbooted thugs.” Ahmed Saleh, a computer crime investigator with NASA, described a job that might be appealing “if you’re a geek and you want to catch the bad guys.”

There seemed to be plenty of receptive hackers. Christine Banek, 29, a software programmer with plum-colored hair, sidled up to Mr. Saleh after the panel and asked if his agency was still hiring. She said she had applied online and had not heard back. “If they were offering, I would totally take it,” she said. Later, she suggested aloud that the government legalize marijuana. Positive drug tests generally disqualify a candidate from a law enforcement position.

It flies. It spies. It is the color of sunshine, and it has googly eyes.

Meet WASP, the Wireless Aerial Surveillance Platform, one of the star attractions of this year’s Black Hat conference.

It’s a remote-controlled plane with a computer in its belly that can fly up to 400 feet above the ground, snoop quietly on wireless networks below and attack one if it wants to. It can also pretend to be a GSM cellphone tower, eavesdropping on calls and text messages that pass through.

The WASP was built by Richard Perkins and Mike Tassey using hobby materials, including a Styrofoam plane body, a plastic propeller and foam tires, along with circuit boards and wires. The materials are all off the shelf, costing $6,190 — a fraction of the cost of a spy plane, with cyberweapons included.

Its creators eschew the term “spy plane.” “There’s a negative connotation to a spy plane,” Mr. Tassey said. “This was done in an attempt to prove a concept.”

What concept?

“That it can be done,” he said.

His sentiment perfectly embodied the ethos of Black Hat, a spirited gathering of technologists who sometimes make scary things to show that they can be made, and at other times break things to show how badly they need to be fixed.

The bird conjured by Mr. Perkins and Mr. Tassey is barely four feet long and becomes an imperceptible, quietly humming little creature when it hovers overhead. It could be deployed over, say, an office building to sniff out information going across its wireless network. Or if the office network is well secured, the plane could follow an employee on a trip to a neighborhood Starbucks.

The WASP could mimic the cafe’s network, luring the unwitting employee and allowing access to a laptop or cellphone. As Mr. Tassey put it, “In Starbucks, no one can hear your laptop scream.”

They sat at tables along the perimeter of a ballroom in the Rio hotel. Lights were low. Laptops burned like campfires. Men and women hunched over the machines, their backs curved like question marks. Their fingers clicked away furiously.

“This is a spelling bee for hackers,” explained Giovanni Vigna, 42, a professor of computer science from the University of California, Santa Barbara. “It’s a way to prove your hacking skills.”

Each team, he said, was given the same type of virtual server, with the same strengths and weaknesses. The teams were charged with defending their servers and attacking those of others. Each time a weak spot was attacked, a flag was awarded. The team with the most flags won. Hence, the name of the contest: Capture the Flag. This was the final round.

Contests are a big deal at Defcon. But they’re not all on computers. Defcon is about celebrating tinkering.

There was a “lockpicking village” where interested parties did exactly that: pick locks. “Most of us see locks as puzzles,” Babak Javadi, 26, one of the organizers, explained. He has been taking apart locks since he was a kid, he said, and now runs a security business, specializing in high-security locks.

There was a barber offering mohawks. There were vendors selling “advanced gaming eyewear,” glasses that sell for up to $189 a pair, designed to reduce the glare of a computer screen and ease eye fatigue. There were vendors selling luggage tags that said “Geek on Board.”

In one hall, a competition was under way to invent a beer-cooling contraption. In another, teams were competing to tamper with so-called tamper-resistant materials.

“You’re doing something you’re not meant to do: That’s the essence of hacking,” said Chris Kuivenhoven, 34, a security engineer from Atlanta. “People can use it for good or bad.”

http://www.nytimes.com/2011/08/08/technology/scenes-from-hacker-gatherings-in-las-vegas.html?_r=1&pagewanted=all