Hackers Courted by Government for Cyber Security Jobs - Rolling Stone
Inside a darkened conference room in the Miami Beach Holiday Inn, America’s most badass hackers are going to war – working their laptops between swigs of Bawls energy drink as Bassnectar booms in the background. A black guy with a soul patch crashes a power grid in North Korea. A stocky jock beside him storms a database of stolen credit cards in Russia. And a gangly geek in a black T-shirt busts into the Chinese Ministry of Information, represented by a glowing red star on his laptop screen. “Is the data secured?” his buddy asks him. “No,” he replies with a grin. They’re in.
Fortunately for the enemies, however, the attacks aren’t real. They’re part of a war game at HackMiami, a weekend gathering of underground hackers in South Beach. While meatheads and models jog obliviously outside, 150 code warriors hunker inside the hotel for a three-day bender of booze, break-ins and brainstorming. Some are felons. Some are con artists. But they’re all here for the same mission: to show off their skills and perhaps attract the attention of government and corporate recruiters. Scouts are here looking for a new breed of soldier to win the war raging in the online shadows. This explains the balding guy prowling the room with an “I’m Hiring Security Engineers. Interested?” button pinned to his polo shirt.
Hackers like these aren’t the outlaws of the Internet anymore. A 29-year-old who goes by the name th3_e5c@p15t says he’s ready to fight the good fight against the real-life bad guys. “If they topple our government, it could have disastrous results,” he says. “We’d be the front line, and the future of warfare would be us.”
After decades of seeming like a sci-fi fantasy, the cyberwar is on. China, Iran and other countries reportedly have armies of state-sponsored hackers infiltrating our critical infrastructure. The threats are the stuff of a Michael Bay blockbuster: downed power grids, derailed trains, nuclear meltdowns. Or, as then-Defense Secretary Leon Panetta put it last year, a “cyber-Pearl Harbor... an attack that would cause physical destruction and the loss of life, paralyze and shock the nation and create a profound new sense of vulnerability.” In his 2013 State of the Union address, President Obama said that “America must also face the rapidly growing threat from cyberattacks.…We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”
The pixelated mushroom cloud first materialized in 2010 with the discovery of Stuxnet, a computer worm said to be designed by the Israeli and U.S. governments, which targeted uranium-enrichment facilities in Iran. Last fall, Iranian hackers reportedly erased 30,000 computers at a Middle Eastern oil company. In February, security researchers released a report that traced what was estimated to be hundreds of terabytes of stolen data from Fortune 500 companies and others by hackers in Shanghai. A leaked report from the Department of Homeland Security in May found “increasing hostility” aimed online against “U.S. critical infrastructure organizations” – power grids, water supplies, banks and so on.
Dave Marcus, director of threat intelligence and advance research at McAfee Federal Advanced Programs Groups, part of McAfee Labs, a leading computer-security firm, says the effects would be devastating. “If you shut off large portions of power, you’re not bringing people back to 1960, you’re bringing them back to 1860,” he says. “Shut off an interconnected society’s power for three weeks in this country, you will have chaos.”
Hence, events like HackMiami, where the competition to hire cyberwarriors is increasingly intense. “There’s too much demand and not enough talent,” says Jeff “The Dark Tangent” Moss, founder of the largest hacker convention, DefCon, held annually in Las Vegas. Despite the threats, a report by the Commission on the Theft of American Intellectual Property, a group comprised of former U.S. government, corporate and academic officials, recently concluded that so far the feds have been “utterly inadequate [in dealing] with the problem.” While Uncle Sam is jockeying for the Internet’s best troops, private security firms are offering way more pay and way less hassle. Charlie Miller, a famous hacker who exposed vulnerabilities in the MacBook Air and iPhone, spent five years with the National Security Agency before joining Twitter’s security team. Earlier this year, the DHS lost four top cybersecurity officials. In April, Peiter “Mudge” Zatko, a renowned member of the pioneering hacker collective Cult of the Dead Cow who was working at the DOD’s Defense Advanced Research Projects Agency, split for Silicon Valley to join his former DARPA boss, Regina Dugan. “Goodbye DARPA,” he tweeted. “Hello Google!”
As a result, there’s a metawar taking place: one between government and industry to score the country’s toughest geeks – like the ones here this weekend – to join their front lines before it’s too late. “We need hackers,” Janet Napolitano, secretary of the Department of Homeland Security, toldRolling Stone in June, “because this is the fastest-growing and fastest-changing area of threat that we’re confronting.” A month later, however, she announced that she was leaving DHS too – stepping down from her post to head the University of California system.