01.25.14
Redefining hacker culture as corporate stooge-ism
PBS rebroadcast a cyberwar bit from October recently. Google News displayed it prominently for a couple days. And that makes it worth commenting on again in its completely tone-deaf qualities, a brief piece trying to sell the ideas that hacker culture is still new, that hacker misuse of technology can be turned into offensive cyberwar for our exceptional nation, and — last — that there’s something about this corporate stooge-ism that’s cool.
Originally commented on here:
In five minutes PBS delivers every cliche written in the last quarter century about the genius and talent of young hackers and how they’ll change the world.
We must allow offensive corporate computer security so good guy young hackers can hack attack the bad guys back. This is the prescription of the a NSA man, Stewart Baker, doing public outreach for his old agency …
But back to the main thing at PBS, excerpted (it’s posted with a new air date but it’s actually a re-treaded paste-up from October):
RICK KARR: Stuart Baker is former general counsel of the NSA who’s now a computer security consultant.
STEWART BAKER: They can steal your designs. They can steal your– knowhow. They can steal your customer list and your internal analysis of what the biggest problems are in your product. This is pretty scary.
RICK KARR: The bad guys are mostly working from China and former Soviet states. They’re well-trained. Some of them are protected by — or even working for — their governments, so they don’t care about getting caught. And they might be able to do even more that steal information from businesses. Security experts worry that they could cripple the banking system … or shut down parts of the electric grid. Baker says … American businesses need a new mindset if they’re going to defend themselves.
STEWART BAKER: I’m a big believer that– the best defense is an offense. And– if we’re going to have an offense– we’ve got to have people who are really talented drawn to that field.
Definitions of role and context are important: Stewart Baker is a lawyer/mouthpiece for the NSA. And it has been part of his job to push the extremely unpopular idea that computer crime law needs to be rewritten to allow corporate America to go vigilante and strike back of those it thinks have attacked it in cyberspace.
This toxic concept is roped into a hackneyed discussion of hacker/computer security training at Carnegie-Mellon’s CyLab:
RICK KARR: People like these college undergraduates, who just might be able to save America’s corporations and governments from the bad-guy hackers: They’re students at Carnegie Mellon University, one of the nation’s top computer science schools … and they’re learning to fight off the bad guys … by thinking the same way they do. They’re learning to be the good guy hackers.
DAVID BRUMLEY: You have to understand and be able to anticipate how attackers are going to come at you. ‘Cause if you’re only doing defense, if you don’t look at offense at all, you’re always reacting and you’re always one step behind.
RICK KARR: Computer security professor David Brumley says … it’s tough stuff to teach … because the brand-new, cutting-edge cyberattack of today will be available to anyone with a web browser by next week.
DAVID BRUMLEY: For example, my courses in computer security? We don’t have textbooks. Everything’s so new. We have to go out and look at websites, we have to go look at– the latest things from conferences, and really teach from that. Every year it’s a significant update.
Karr: Carnegie Mellon’s students are so good at exploiting those vulnerabilities … that the NSA enlisted them to create a game that teaches hacking skills to high-school-aged students — and paid for the job. Cylab, the university’s cybersecurity institute, is home to the to-ranked competitive hacking team in the world: the Plaid Parliament of Pwning — “pwn??? is hacker-speak for “own???, as in the hacker takes a computer over and owns it. For third straight year, the team won top honors at international contests that pit teams of hackers against one another … and utterly demolished the competition at a prestigious contest in Las Vegas.
DAVID BRUMLEY: It’s a little bit like a little, mini-cyber-war that’s going on. And you get points by how well you find exploits in your adversaries and how well you can defend against their attacks. They’re– secure from the normal internet and they’re set up specifically for this purpose.
RICK KARR: How stiff is the competition here? I mean, who’s on your heels …
MALE STUDENT #3: Man, so, you know, who’s not? There’s all sorts of government contractors who have, you know, teams that we compete with. And, you know, they do this professionally.
RICK KARR: “Hacker??? is a label the students embrace. The word has a long history in computer science circles — where it was originally meant as praise. The students say … it still can be.
MALE STUDENT #2: We don’t think of it as bad. We think of it as– getting a deeper understanding for how something works in order to make it do something that maybe it wasn’t intended to do but it’s capable of doing.
ANDREW CONTE: It’s often the people who as young high school students they started goofin’ around with– electronics or computers, and they started figuring out, you know, how to do simple attacks, how to get inside of– machines.
RICK KARR: Andrew Conte is an investigative reporter at the Pittsburgh Tribune-Review who’s written dozens of articles about hackers and cybersecurity.
ANDREW CONTE : And at some point they make the decision. You know, “Am I going to be– a good hacker or a bad hacker? And there’s not that much difference between them in terms of– their abilities. Huge difference in terms of their motivations.
RICK KARR: That raises the question of how wise it is to teach these abilities to students barely out of their teens … with unknown motivations. Cylab graduate student Peter Chapman says not to worry.
The talk about young hackers, their aptitude for technology and natural inquisitiveness is now well over twenty years old, as old as the fact that new computer vulnerabilities are created with every update.
What’s so utterly clueless about the philosophy, and I think it’s easily identifiable by readers, is the recruitment of “hackers” into corporate stooge-ism for saving American business and military/intelligence/government interests.
Edward Snowden was just such a corporate stooge, a contract worker for Booz Allen Hamilton, at the National Security Agency. Until he took matters into his own hands.
Another open secret here is the veiled mention of the DefCon/BlackHat meetings, “a prestigious contest in Las Vegas.”
DefCON/BlackHat, particularly the latter, is a recruiting ground for the NSA and its arms manufacturer/computer security operation contractors. Another way of looking at is to call it a debutantes ball
, a Rose Queen contest, for advancement into corporate stooge work in the national security megaplex.
And we know how that’s turned out. US taxpayers have lavishly funded the biggest makers of untrustworthy networks in the world.
The paradox remains Edward Snowden. He is the only person, outside of Bradley Manning, who decided, at great personal cost, that something needed doing to change the conversation.
A well-paying job in the US economy of fear buys a lot of corporate stooge-ism and loyalty.
But it’s not going over well anymore outside the hermetically-sealed world of national security.
Hacker culture (or its way of thinking) never meant corporate stooge-ism. The NSA and mainstream media has regularly taken this old subject and tried to refashion it into the idea that using computer hackers as corporate lackeys and fulfillment servants for defense contractors is great stuff for the country.
There’s nothing special about people who solve Rubik’s Cube puzzles in 90 seconds except its use as a brag.
Well, yes, solve that Rubik for the rubes so as to distract from a larger unpleasantness: The NSA’s data suction contributed nothing on the discovery of terrorist attacks, few or many, depending on your point of view.
Note again:
RICK KARR: Cybersecurity consultant Stewart Baker says … sometimes it makes sense for a company that’s been the target of bad-guy hackers to engage in a little digital breaking and entering of its own — to hack back, in other words. He thinks it could be an important weapon in the cybersecurity arsenal. But it isn’t always so clear-cut ethically. Or legally, because in can violate federal computer security laws.
STEWART BAKER: I have been making a very public– argument that we should allow this and we should read the Computer Fraud and Abuse Act to permit it.
STEWART BAKER: I’m a big believer that– the best defense is an offense. And– if we’re going to have an offense– we’ve got to have people who are really talented drawn to that field.
RICK KARR: People like these college undergraduates, who just might be able to save America’s corporations and governments from the bad-guy hackers: They’re students at Carnegie Mellon University, one of the nation’s top computer science schools …
The story line is now the opposite and black is not white. American people, and a lot of others worldwide, need saving from our corporations, the national security business and its corporate stooge-ism disguised as the preservation of freedoms.
MORE LATER…