Wearing a t-shirt and jeans, America’s top spymaster — National Security Agency Director Gen. Keith Alexander, also the head of the U.S. Cyber Command — took the stage Friday at the nation’s largest hacker convention to deliver a recruiting pitch.
“In this room, this room right here, is the talent our nation needs to secure cyberspace,” Alexander told the standing-room-only audience at DefCon, a grassroots gathering in Las Vegas expected to draw a record 16,000 attendees this year. “We need great talent. We don’t pay as high as everybody else, but we’re fun to be around.”
Alexander’s appearance is a milestone for DefCon, a hacker mecca with an often-uneasy relationship with the feds. DefCon is the older, wilder and far less official sibling of BlackHat, a cybersecurity conference that wrapped up Thursday in Las Vegas.
BlackHat draws corporate infosecurity workers in suits. At DefCon, they switch to t-shirts and spend the weekend mingling with cryptographers, script kiddies, security researchers and a liberal smattering of military and law enforcement agents — both in and out of uniform.
DefCon is famed as an elite hacking showcase. The registration badges alone are a technical feat, featuring a customizable circuit board and cryptographic scavenger-hunt puzzle. A hacker group called Ninja Networks set up a private cellular network to chat on during the show — a stunt that drew admiring praise from Alexander during his talk.
Those are the kinds of skills the government needs, he said. Playing to his audience, Alexander rattled off a long list of tech-industry stars like Vint Cerf and Dave Aitel who did pioneering work on the federal payroll.
“We’re the ones who built this Internet,” Alexander said, citing the key role agencies like DARPA (Defense Advanced Research Projects Agency) played in the network’s early days. “Now we’re the ones who have to keep it secure, and I think you folks can help do that.”
To hammer the point home, the NSA set up a special recruiting site for the show: http://www.nsa.gov/careers/dc20/. It’s not your standard government careers page. This one includes the line: “If you have a few, shall we say, indiscretions in your past, don’t be alarmed.”
Related story: Former FBI cyber cop worries about a digital 9/11
The NSA is especially keen to draw in people like those holed up in a conference room just 20 feet away from Alexander’s presentation, hunched over laptops and takeout cartons. They’re competitors in Defcon’s “Capture the Flag” battle, a kind of geek Olympics.
Hacking is usually a glamorless sport, but Defcon plays up the drama for its famed-in-nerd-circles CTF showdowns. In a darkened arena filled with rock music and colored laser lights, 20 competing teams fight for 48 hours to break into each other’s servers and steal key information, called “flags,” while holding off rival attackers. The winner will be announced Sunday evening during DefCon’s closing ceremonies.
Coders from around the globe battle through a series of qualifying rounds to make it to the CTF. “These hackers here are the top of the world,” one observer murmured in hushed tones, watching the teams bang feverishly on their computers a few hours after the contest’s Friday morning kickoff.
The NSA would love to learn more about the exploits those CTF hackers are using. But do the hackers want to play ball?
The audience reaction to Alexander’s talk was generally favorable. Organizers had to turn away hundreds of attendees from the at-capacity conference hall, and the crowd that made it in listened attentively to the general’s talk.
One attendee near the front — a corporate security researcher who specializes in defending against digital espionage — said he came away impressed. More importantly, from NSA’s point of view, he says he would consider checking out the agency’s career options.
“I think it would be thrilling,” said the researcher, who asked to remain anonymous. “I mean, that’s the real deal. We’re trying to protect our corporate IP. They’re trying to protect the country and people. It would be absolutely awesome — even though the pay is nothing.”
Of course, not everyone was so easily won over. A few rows further back, a group of cynics kept up a running counterpoint to Alexander’s talk.
“Sometimes you guys get a bad rep,” Alexander said at one point. “From my perspective, what you’re doing to figure out the vulnerabilities in our systems is absolutely needed.”
“Then stop arresting us!” one of the hecklers called back.