FEATURES & COMMENTARY
Las Vegas, NEV. — At the opening of the annual Def Con hackers convention, the Pentagon’s CIO pleaded with attendees to leave government systems alone and outlined proposed new laws aimed at prosecuting computer crimes more expeditiously. But he also said the government’s doors are open to hackers who want to help prevent attacks.
“Some of you are extremely talented, gifted even at what you do,” said Arthur Money, Assistant Secretary of Defense and CIO at the Department of Defense (DoD). “If you’re thinking about what you want to do with the rest of your life, maybe you should think about this in a different manner. You should think about coming to work for us.”
Speaking during a “Meet the FED” panel at Def Con 8, Money said anyone who has been convicted of a felony shouldn’t bother applying for jobs with the DoD. But he and other government representatives said half-jokingly that the Pentagon has plenty of technology to offer to hackers interested in going to work for Uncle Sam.
“There’s no one here with a level of sophistication that can’t be matched by the government,” said Dick Schafer, director of information assurance for the DoD. “No one here has a set of toys as neat as what we’ve got. I hope we have some military recruiters here to handle the onslaught.” A uniformed Marine officer in the back of the room raised his hand.
On a more serious note, Money said the proposed legislation for speeding up prosecution of computer crimes also would increase the penalties for malicious attacks and make it easier to investigate suspected crimes by freeing law-enforcement officials from restrictive wiretap laws.
Money sounded a similar theme Thursday night during his closing keynote address at the Black Hat Briefings conference, a precursor to Def Con that features security-related presentations aimed at corporate users. “The laws in the U.S. are totally arcane and antiquated when it comes to cybercrimes,” Money said during the Black Hat speech. But if the proposed legislation passes, he added, computer attacks against the DoD would become a national security violation instead of just a criminal action.
The bill also would give the DoD “the ability to talk back, trace back and attack back,” Money said. In addition, the Pentagon would be able to take over investigations from the FBI more quickly, without having to wait several weeks to get wiretaps for each leg of an attack to prove it was a computer crime.
At Def Con Friday, Money said there were more than 22,000 confirmed attacks against the DoD’s systems in the last year alone. “Not pings, but attacks,” he said. “This is no longer [fun] and giggles, this is serious stuff.”
Asked by an attendee when the government would release the technical details of its controversial Carnivore e-mail surveillance technology, Schafer said Carnivore is a sniffing system that’s much less powerful than those available to the average system administrator because law enforcement officials have to use filters to limit the information they gather.
But Schafer declined to comment further. “I’m not going to show you my electronic surveillance techniques because you guys just build countermeasures,” he said. “So have a nice day, (but) sit down.”
After the session, the panel members dispersed into the Def Con crowd. “I’m just here to trade t-shirts,” said Jim Christy, a special agent assigned to Money’s office as he held up a “DoD Computer Response Team” shirt.