'Hackers wanted' ad fed security misconception
I should never be surprised at things related to government security efforts, but I did think the concept of hiring hackers was pretty much dead in government circles. Then comes the recent headline, " U.S. Looks to Hackers to Protect Cyber Networks." Frankly, I think it set the security profession back at least three years.
The story, widely quoted throughout the U.S. and the world, makes people think that hackers are superior to the best security professionals. Now, admittedly, recent stories have made it appear that the government's security efforts are poor at best. We've had foreign intelligence agencies infiltrating the power grid, and The Wall Street Journal recently reported that the F-35 designs have been hacked for years. All of that is something to ponder. But hiring hackers to fix security breaches? Hackers are not security experts. A recent, and most telling, survey from Verizon basically found that hackers' skills reside in the ability to exploit very basic mistakes on the part of their victims.
Some people will contend that this is all a misunderstanding, because "hackers" are not computer criminals by definition. Criminals are "crackers," they will point out. Others will say that the story used the word "hackers" for sensationalist purposes and that the workers actually being sought were people to perform professional penetration tests. There's some truth to that argument, but there's no mistaking the article's implication that hackers are criminals. To quote from the introduction, "Federal authorities are looking for hackers -- not to prosecute them, but to pay them to secure the nation's networks."
It's one thing for moronic CEOs of small companies such as exqSoft Solutions to hire the Twitter hacker for the publicity, but the U.S. government and General Dynamics, its proxy in this case, should know better. And it could be that this ad was just a misstep. But it was a misstep with unfortunate consequences.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Methinks he doth protest too much
Look,Misnomers aside, the government systems and military systems that I have come in contact with have not been "best of the best" in security proficiency. Working for IBM in the S&P practice we often would come in and root systems, networks, etc, and much of the time we could is because the security "professionals" if they had any on site, were not worth their weight in salt.
So, yes, the GD ad took the word "hacker" but really, anyone in the know knows that they would NOT hire a convicted hacker nor would they be hiring just some schlub off the internet wo says he has cred. Most often I think this ad would be for someone who has TS/S credentials or can be cleared before going to work for the GD machine.
You are arguing with a fallacy of naming conventions. Yes, GD would like professionals who can "hack" or rather be a part of a "red team" that they have on site. So in a way, they want hackers... Not crackers... Not "security specialists"
Get over it.. What is plainly needed is a real approach to securing those networks and not just covering things up and hoping that their head in the sand will make all the bad men go away.