so did they manage to get
Crash Override and Acid Burn on board?
The UK government's reported decision to employ ex-hackers to work at a newly-established Cyber Security Operations Centre have met with derision from both a high-profile former hacker and an acknowledged cybersecurity expert. Lord West, the Home Office security minister, first suggested that former hackers (or "naughty boys …
Was the admiral aware of Sweden's top-secret lingerie division and their plans to re-enact the glory days of the Vikings? Boatloads of Scandinavian beauties storming the beaches of Eastern England, elastic twanging - we would have been (deliciously) defenceless without his bazooka nets.
If you'll excuse me, I think I need to go and lie down in a darkened room.
I only ask because I am assuming Lord West was having a laugh, and that you journalists have decided not to have a sense of humor all of a sudden.
Topless lovelies who have had too much to drink? He was probably joking, wasn't he?
Teen hackers being recruited for GCHQ 2.0. Naughty boys etc. Well, he's half right. The boys he is thinking of are probably now a bit older than their teen counterparts. These older naughty boys can be found at White Hat conventions, telling corporations where the holes are in their security and how to fix them, or at Black Hat conventions on /b/, where they discuss all kinds of stuff.
Not so far fetched, not so bonkers really.
The Cyber Defence Command comprised of egotisitcal high profile hackers is obviously a put up job to distract attention, while the real work is carried out by something with a more boring name like "Department of Works Infrastructure" staffed with competent and patriotic but discrete computer science graduates.
The alternative is too horrible to consider.
I have a lovely fix-all at the end of this...
I did "The Real Thing(TM)" in many various ways back in the 1990s (nothing deliberately harmful)
A small example would be by-passing the piracy protection schemes used at the time so I could play [insert name of a game].
Oddly enough I had cause to use the skills, perfectly legally, later in my career
One of several examples...
I once worked for a very populat printed computer magazine who wanted to give away a certain piece of software on the cover of their next issue. I was prsented with a floppy disk and asked if I could 'nobble' it so they could put it on the 125,000 magazines.
Naturally, no longer being an irresponsible kid, checked out the legallity and got written permission to do, what was essentially, illegal.
They put it on the magazine and it did very well...
Later in life I know far more than I did then, I am far more 'dangerous' now than I was 20 years ago, or even 10 years ago.
It took me 30 years to aquire the knowledge I have today - that's what makes me 'dangerous'
I play with the Internet these days, not games (OK, MSC is annoyingly addictive) and my skills in this area are just as honed.
I'm far from a kid anymore and, as such, I'm more than aware of the effects that any actions I perform may have on a third party - i.e. maturity and responsibiity - I use my skills beneficially for others these days.
The average Western PS3 / X360 / Wii junkie wouldn't have the inclination to even bother learning the skills I learned all those years ago as they're too busy playing this week's hot game (todays kid mentality superbly demonstrated by certain South Park episodes)
So....
Deluge Asia, and Russia etc with free games consoles and games and the problem vanishes rather quickly
Whos left to kill the Internet after you do that?
No officer, I'm not hacking, I'm applying to work for the UK government, it worked for them.
The really good hackers never get caught, in fact we don't even know they exist (they are that good).
They're not good enough to stay unknown, but are interested in this sort of thing, maybe it's more of a training camp, giving them the equipment, protection and education then they'll be of use? although their orginal tendencies to do something wrong can't be a good thing, and then putting a load of them together is really just asking for trouble.
Hacking is very, very, very easy, like any other arena it just takes education and practice to do ti consistently, this is probably all smoke and mirrors keeping up the "1337 h4><0r" myth, there are thousands of people with too much time on their hands, spending hours trying to 'sploit this that or the other, most fail but the few lucky or skillful successes hide the time involved. because you never see this effort it appears as if somebody does it with minimal or no time (as on the 60 second 128bit encryption hack on Swordfish).
meh
A very interesting (dated) story for those of you so inclined is to be found in The Cuckoo's Egg by Clifford Stoll (Reg offer pls?)
Its a fascinating story that reads like popular spy novels (if you're computer-minded at least) dealing with tracking down the trail of clues to the hackers
OK - it's fact from the 80s but the same ideas are the basis of most Computer crime today
History has a tendancy to repeat itself...
Hence the economy at the moment
So they got a bunch of script-kiddie, now they only need a magical defense PHP script to give them and UK's cyberspace is safe? I think not. Offense is far easier than defense in these field. a 0.1% success rate for attackers is still OK, though defenders *need* a 100% success rate. All this bullshit relies on the "personification" of hacker tools, à la Tron, where programs and hackers' avatars physically fight each other in a virtual reality space. "we're attacked by a giant worm, quick put our teen hackers's avatars around the heart of our system and arm them with big swords!" Yeah, sure.
That, or they want the kids to crash-test the systems, which is a dumb approach to begin with. They can only make it 99.9% secure, and all the attackers will need is that 0.1% window.
Simon,
Whenever you're good at that sort/these sort of hacky/cracky things one doesn't so much as work for governments, as own them [by Virtue of Binary Control of their myriad SCADA Operating Systems for Remote Virtual Administration]
Would you disagree?
"All are subject to the same level of background security checks used to clear the employment of other intelligence staff."
So these Chinese hackers, have they passed the security checks?
Yes Sir, we checked their names against our database and they came up all clean.
Excellent. Well see if any of them can hack into the Chinese security database and set up some false records for some of our agents.
Typical lack of precision in the reporting.
"What really upsets me with this story is the implication that *only* young (former) criminals have the skills required to carry out the work necessary to combat cyber terrorism,"
That should obviously have read :
"What really upsets me with this story is the implication that *only* young (former) criminals have the mad skillz required to carry out the work necessary to combat cyber terrorism,"
Once again all cogent meaning in an article is lost and the whole rendered farcical because of lax editing by The Register.
Why the comments implying that these "kids" must be stupid script kiddies?
I'm working in IE at a university here, and I could point out maybe five people who'd make good potential "security experts" - and would investigate based on knowledge and understanding rather than just downloaded exploits. And would *also* be able to read security advisories and download exploits, to see what those do (hey, no sense ignoring it if someone has already identified weaknesses.)
I could probably find ten universities, and there would be someone in a similar position to me in each of them. That's 50 potential hackers with no criminal record, and easy references to see if they're malicious or not. (Yeah, you don't think malicious uni students with hacking abilities wouldn't try to squeeze something extra out of the uni networks?)
Not hard to check if they've been trying to install rootkits, bittorrent, or virii. Not hard to decide that one of those three is not like the other. Not hard to talk to their lecturers and see if they approach class with a thirst for knowledge and a love of the topic, or a sullen disregard for others and focus on their own ego. It's even easy to tell if they've been helping classmates on tests or not.
So with a bit of research, you'd get a pretty good idea if they've got the skills and temperament that you're looking for.
And it's simple enough to set up an insecure system with reasonable ways to figure out an entry point, if you want a hands-on test. Although testing hackers kind of misses the point, since if you can test them on a specific topic, you already have the knowledge of that topic. It's what they know and you don't yet know that is valuable.
Not that I expect a government organization to necessarily handle things like that, of course. I also regard these claims of a "hacker army" with suspicion.
"a newly-established Cyber Security Operations Centre .." .... which doesn't appear to have any dedicated real or virtual address or communications director.
My own request of an MPand her Office staff for such, only returned a disappointing public.enquiries@homeoffice.gsi.gov.uk. which of course has one talking to monkeys rather than the organ grinder.
But such appears to be the way of parliamentary democracy so that the public are always excluded from those who would imagine themselves powerful and right and immune.
Done properly, CyberIntelAIgent Security Operations render the likes of a spooky MI5 and MI6 and Special Branches of other Intelligence Services, either redundant or servants to Virtual Space Forces and that would obviously be a matter to be immediately resolved and further explained to deny any petty turf war conflicts which they would be ill equipped to deal with.
It also renders Government[s] on a sticky wicket too, and one can easily imagine them not want to queer their own lucrative pitch, with such shenanigans as are aired here ...... but it is delusional of them to imagine that they are indispensible or even really necessary, whenever the Private Pirate Sector can deliver whatever is needed at a true cost, rather than at an inflated value.
A true cost which is easily adjusted to suit its future market value and potential rather than being anything to do with present needs and feeds. Seven sevens is easily changed to eight eights and nine nines for Binary Control of Reality Systems which is what CyberIntelAIgent Security Systems of Operations Offer and dDeliver...... Virtually.
A little something for the Business Secretary to mull over, this weekend, and respond to of course, for we wouldn't want to deny him the chance to do something useful for AI Change, would we?
"by suggesting it is both reprehensibly criminal and simultaneously a useful national security skillset"
Lets list some others...
* Breaking and entering
* Killing someone
* Creation of fake identities
* Secretly recording someone without their knowledge
* Destruction of property
* Driving at high speeds on public roads
* Detaining someone against their will
All "reprehensibly criminal" when performed by a normal citizen, all "useful national security [skills]" when known by officially-sanctioned personnel.
I guess this announcement (hiring "Hackers" with criminal record) is a nice way to tell all the employees in the intelligence/government organizations that they have no skills to perform their job. Or better yet, their education, experience and training is worth nothing...
Since hiring "troubled" teenage youth is a "fashionable" trade, perhaps the state/local police should hire gangs to provide protection to civilians and get rid of the police officers. Oh, and we can also do the same for health care! Next time on of these "brilliant" decision makers requires a health examination or surgery they should go to their local high-school and ask to obtain medication for their condition or have an operation by one of the students!
Just because a person in one government agency made a poor decision to hire teenagers/criminals because they watch poorly scripted, sensationalized TV shows (e.g., NCIS) it doesn't mean that the rest of us have to suffer... Unfortunately we do...
There are many, many brilliant professionals with credible background in science (e.g., engineering, computer science, physics) and exceptional experience that make these glorified "hackers" look like "bone heads" which is actually what they are...
A famous example : T. Shimomura versus K. Mitnik.
PT