US Defense contractors recruiting offensive attackers by the hundreds (opens in new tab)

(forbes.com)

40 pointsmikkohypponen14y ago10 comments

10 comments

7 comments · 3 top-level

mtgx14y ago· 4 in thread

This has confirmed all my worries. Whenever the intelligence agencies and the politicians lobby for "cyber-bills" and such, and it's almost never about "protecting US against threats", but about "attacking others".

So on one hand they keep drumming up the fear mongering about other countries attacking us through "cyberspace" and that they need "these bills" to stop that, when in fact the bills, and the bigger budgets, are all about US attacking others, and basically committing acts of war against them (their words, not mine).

If the US is really afraid of "cyber-threats", then they really need to ramp up the defense at home, not offense, and keep as much of the critical infrastructure off the Internet as possible.

Oh, and these are a couple of funny posts about the politicians' abuse of the word "cyber":

http://www.techdirt.com/articles/20120614/01590919314/cyberp...

http://www.techdirt.com/articles/20120615/03214619333/politi...

tptacek14y ago

Are we really shocked, shocked that the DoD employs offensive technology people? We're talking about the military here.

JoachimSchipper14y ago

Piggybacking off your comment: I am surprised, am I missing something? Given the US' and the West's rather serious vulnerability in this arena, escalating the use of cyber-"weapons" doesn't obviously seem the best idea.

(Stockpiling hacks and crypto nastiness is obviously a good idea, doing something about China's cyber-espionage makes sense, and increasingly sophisticated and well-funded hacking is probably unavoidable; but TTBOMK, the US has been the first to directly attack targets of major military significance, both in Iraq and in Iran.)

1 more reply

pilom14y ago

"it's almost never about "protecting US against threats", but about "attacking others""

I'd like to see your sources. I think you might be confusing bills like SOPA and CISPA as actual cyber bills. Most of the actual cyber bills I've read are for things like the US being able to lock down the security of the power grid b/c NSA really is that much better at it than your average sysadmin.

tptacek14y ago

CISPA is an actual cyber bill. It's not a good one, but it has nothing to do with copyright infringement.

pilom14y ago

I work for one of the companies listed in this article as a "Cyber Security Engineer." I have 2 issues with this article. First, the vast majority of cyber security work is defence. I would guess the percentage of people working defence is 100x more than the number of people working offence. (And yet the people on offence always have the upper hand, but that is a different story.) Second, most of the hiring for offensive talent is at the Speculation phase. NSA doesn't really outsource much of its work on this kind of stuff. The contractors know that the demand will eventually ramp up but it hasn't yet. So most offensive guys at contractors spend their time doing Internal R&D to use as demos for the government. Some day NSA will ask for help, but it isn't today. When it does though the contractors are trying to be ready.

AJ00714y ago

Unlike a standing army, the US could conceivably have a majority of the world's skilled hackers and crackers on their payroll (directly or indirectly.)

It also makes for good record keeping by "interviewing" talent.

j / k navigate · click thread line to collapse

10 comments

7 comments · 3 top-level

mtgx14y ago· 4 in thread

If the US is really afraid of "cyber-threats", then they really need to ramp up the defense at home, not offense, and keep as much of the critical infrastructure off the Internet as possible.

Oh, and these are a couple of funny posts about the politicians' abuse of the word "cyber":

http://www.techdirt.com/articles/20120614/01590919314/cyberp...

http://www.techdirt.com/articles/20120615/03214619333/politi...

tptacek14y ago

Are we really shocked, shocked that the DoD employs offensive technology people? We're talking about the military here.

JoachimSchipper14y ago

1 more reply

pilom14y ago

"it's almost never about "protecting US against threats", but about "attacking others""

tptacek14y ago

CISPA is an actual cyber bill. It's not a good one, but it has nothing to do with copyright infringement.

pilom14y ago

AJ00714y ago

Unlike a standing army, the US could conceivably have a majority of the world's skilled hackers and crackers on their payroll (directly or indirectly.)

It also makes for good record keeping by "interviewing" talent.

j / k navigate · click thread line to collapse