Confessions of a Cyber Warrior 213
snydeq writes "InfoWorld's Roger Grimes interviews a longtime friend and cyber warrior under contract with the U.S. government, offering a fascinating glimpse of the front lines in the ever-escalating and completely clandestine cyber war. From the interview: 'They didn't seem to care that I had hacked our own government years ago or that I smoked pot. I wasn't sure I was going to take the job, but then they showed me the work environment and introduced me to a few future co-workers. I was impressed. ... We have tens of thousands of ready-to-use bugs in single applications, single operating systems. ... It's all zero-days. Literally, if you can name the software or the controller, we have ways to exploit it. There is no software that isn't easily crackable. In the last few years, every publicly known and patched bug makes almost no impact on us. They aren't scratching the surface.'"
Re:fud (Score:5, Interesting)
Or they would take the money and disclose the vulnerability. Enforcing an NDA in this case would give away that these exchanges are on going.
Re:saber rallying (Score:5, Interesting)
If it's used against "us" then the likelihood of it being detected and disclosed is too high. They can't utilize these exploits carte blanche, but would have to save them only for specific targets, and still they face the risk of compromising an exploit every time it's used. Any evidence collected in this manner is not usable in court either, so it's really only useful for the spy game against high value foreign targets.
Re:saber rallying (Score:5, Interesting)
I call BS on that guy. He claims there are 5000 people working there. At $100k/year salaries (and it's probably more), that puts this program up to at least $1 billion dollars per year for payroll and equipment. I would assume there is some accounting for that kind of spending.
The US spends upwards of $500B on "Defense" each year... Do you really think a missing $1B would get noticed here and there?
Re:saber rallying (Score:4, Interesting)
From the summary, "They didn't seem to care that I had hacked our own government years ago or that I smoked pot". I call BS on any notion that the federal government intelligence agencies would hire anyone with a background rife with illegal activity. For every Kevin Mitnick, a convicted person now with a felony record, hired there are thousands of applicants rejected because of a small infraction or deviant behavior, including a preference not to socialize outside of the workplace.
I have a story to tell. (yes, it's relevant).
When I served in the Army I was stationed with an individual that was in the process of getting kicked out. He had been an E4 and had managed to hack into some of NSA's servers (the events took place both before I arrived, and before I knew a damn thing about computers, so I don't know the vector or what his actual abilities are). He created some bogus accounts and used those accounts to send overly critical emails to Generals, signed with a pseudonym, of course. Well, by the time I got there he had already been busted - and like Manning got busted down to an E1 before they kicked him out (dishonorable discharge, of course). Within a month of him getting kicked out NSA directly hired him, paying him far more than he could have ever been paid had he stayed in the service.
The Government ignores laws when it's convenient for them to do so, even when it comes to their own hiring policies.