Feds Seek a Few Good Hackers

Attention, hackers: Uncle Sam wants you.

And hackers are answering the call, or at least listening. A well-attended session at the recent Defcon 12 hackers' conference was "Meet the Feds," a recruitment presentation by a group of federal cybercrime law enforcement agents, who fielded questions from would-be cybercops.

"We're looking for good, talented people. We need a lot of help," said Jim Christy, director of the Defense Department's Cyber Crime Center.

"The Department of Defense understands how important computers are to defending the United States, and is always on the lookout for good people," said Alvin Wallace, a supervisory special agent with the Air Force's Office of Special Investigations.

Patriotic Hackers Sought

The largely twentysomething crowd was receptive to the pitches, snapping up business cards and making note of the Web sites where they can apply.

In fact, many of their questions pertained to college scholarships from the military and the National Security Agency, security clearance issues, and pay--especially as opposed to private sector jobs.

September 11, 2001, marked a turning point for government recruitment, says former NSA Director of Information Assurance Mike Jacobs, who now works in the private sector. Before the terrorist attacks, the NSA typically received about 200 applications monthly, he adds. In the three months following the attacks, more than 20,000 people applied for employment at the NSA.

In the presentation, he urged computer-savvy patriots to put their skills to use defending the country from spies, terrorists, and other criminals.

"Playing defense [for the United States] is often more difficult than playing offense," Jacobs said. "I would urge you to take your talents, your intellect, your curiosity, and your aggressiveness, and play defense."

He said that during his time at the NSA, he often reminded colleagues that "the hacker community is probably our ally, and we need to pay attention to what they're doing out there."

Clean Living Advised

One hitch, of course, is a security clearance--elusive for some hackers.

The DOD's Christy and Tim Huff, a special agent with the FBI's Computer Analysis Response Team, fielded questions about so-called gray-hat hackers, who sometimes break the law but aren't charged. Christy and Huff made it clear that cybercriminals--even those who haven't been caught--are not likely to be invited to join the ranks of cybercops.

"If you're not accepting people who crossed the line, aren't you afraid you're limiting yourself to wannabes?" asked one audience member.

"Everyone's broken the law at some time in their life, so it depends on when you did it," Christy answered. "If you were breaking the law yesterday and want to come work for the government tomorrow, the chances are we aren't going to select you, because there are a whole lot of talented people that haven't crossed over that line for seven or eight years."

"Just because we haven't filed charges against you, it doesn't mean there isn't some kind of file on you," Huff added.

In fact, the war on terrorism has drawn security agency resources away from the more routine cybercrime, Christy noted. But it doesn't mean the agencies are unaware of domestic hackers' activities.

"All of the intrusions take valuable resources away from the war on terrorism and other really significant things we're trying to do," Christy said.

He also gave a warning: "If you have hacked systems, we want you to know that we're working together, and we are sharing information, and we will ruin your life," Christy said. "But if you haven't stepped over that line, please don't."

Private Industry Lures

The presenters acknowledged that while patriotism and first jobs might draw young people to government jobs, recruitment must continue because corporate opportunities siphon employees away.

"We're recruiting because, while we are one of the best training grounds, we seem to have a retention problem, thanks to industry out there," said Wallace, the Air Force representative. "Some of the best computer crime investigators in other federal agencies had their start in the Air Force Office of Special Investigations."

But the lure of commercial enterprise is too tempting for some cyber-investigators to resist, he acknowledged.

Another, better-known NSA personality also took part in the panel discussion. Attending was Robert Morris, Sr., a former NSA analyst and the father of Robert Morris, Jr., who in 1988 created the Morris Worm, the first computer virus to spread over the early Internet. The senior Morris was introduced by Christy, who was one of the agents that investigated his son's case.

"I'm primarily here to say 'no comment,'" Morris said.

Subscribe to the Security Watch Newsletter

Comments