LAS VEGAS -- Over the past two decades, hackers at Defcon and the feds have been circling each other suspiciously. The nation's top "spook" -- National Security Agency Director Gen. Keith Alexander -- giving a keynote at the hacker confab, shows just how much tensions have mellowed.
"I've spent 20 years trying to get someone from the NSA" to speak at Defcon, said Defcon founder Jeff Moss, who serves on the U.S. Homeland Security Advisory Council and is chief security officer for ICANN. "It's eye-opening to see the world from their view," he said. "On the NSA's 60th anniversary and our 20th anniversary this has all come together."
Against a backdrop of relentless cyber-espionage on U.S. companies and government agencies and vulnerabilities and exploits affecting critical infrastructure providers, Gen. Alexander, who also is commander of the U.S. Cyber Command, asked the hackers for help. "In this room right here is the talent we need to secure cyberspace," he said. "You know we can protect the networks and have civil liberties and privacy and you can help us get there."
Long a staple at Defcon, the "Spot the Fed" contest served as a playful detente between the hackers and the agents who chased them for phone phreaking, distributed denial-of-service attacks, Web site defacements, and basically using the Internet as their personal playground and social experiment.
Now, Defcon is "the world's best cybersecurity community," Alexander said. "This community, better than anyone, understand(s) what we need to do" to address these problems.
The country also needs better sharing between private companies and the government, something that proposed cybersecurity legislation can help fix, he said, noting that Congress is debating the legislation this week. "We can sit on the sidelines and let others who don't understand this space tell us what they're gonna do or...help them develop strategy. That's there real reason I came here. To solicit your support. You have the talent. You have the expertise."
The U.S. needs to do more to train and educate people in cybersecurity to increase the numbers of hackers who can work on the problems, he said, praising Defcon Kids for doing just that. He congratulated a preteen hacker, CyFi, for winning the Defcon Kids Zero-Day contest by finding a vulnerability that was previously unknown.
"Sometimes you guys get a bad rap," Alexander said. "From my perspective, what you're doing to figure out vulnerabilities in systems" is great.
Asked during the question-and-answer session whether the NSA keeps a file on every U.S. citizen, Alexander said that notion was "absolute nonsense," partly because managing 260 million or so individual citizen files would be impossible for the department to handle.
"No we don't. Absolutely not," he said. "Our job is foreign intelligence. We get oversight by Congress...everything we do is auditable by them, by the FISA (Foreign Intelligence Surveillance Act)...and by the (Obama) Administration."
He acknowledged that occasionally there are slip ups. "We may, incidentally in targeting a bad guy, hit on a good guy," he said. "We have requirements from (the FISA) court and the attorney general to minimize that."