By Keith Johnson
Computer hackers, once considered to be outlaws and trouble makers, are now becoming more mainstream, and emerging as a hard sought after commodity by intelligence and law enforcement agencies around the globe.
According to a June 8 article in U.S. News and World Report, “Experts have suggested that the United States government will need to hire at least 10,000 cybersecurity experts over the next several years, while the private sector will need even more. While most of those jobs are in defense, there’s also a growing need for people who are able to hack into complicated networks.”
In May, the National Security Agency (NSA) announced that it would be offering a new “cyber-ops” program at selected universities. “NSA officials say the program, which is part of President Barack Obama’s national initiative to improve cybersecurity through education, aims to prepare students for careers at the U.S. Cyber Command, the NSA’s signals intelligence operations and law enforcement agencies investigating cyber crimes,” Reuters reports.
In an exclusive interview with AMERICAN FREE PRESS, hacker-turned-cybersecurity expert Gregory D. Evans tells this reporter that the search for qualified hackers is not confined to the halls of academia.
“When DEFCON [world’s largest computer hacker’s convention] started in Las Vegas [in 1993], it was primarily attended by true hackers. Now it’s commercialized. Big corporations have taken it over. And law enforcement [agencies], which used to attend undercover, have booths set up and are actively looking for hackers as cybersecurity experts.”
Evans goes on to say that the U.S. government also recruits hackers who have found themselves in trouble with the law. “Depending on the person’s crime, the U.S. Attorney’s Office may offer probation in lieu of jail time,” says Evans. “Instead of paying restitution, they’ll be offered a job.”
The philosophy behind this practice makes sense to Evans: “It takes a hacker to catch a hacker. These guy’s bring something to the table that can’t be learned from MIT or through federal law enforcement training.”
Evans speaks from experience, having served several months in federal prison and ordered to pay $10M in restitution to AT&T, MCI and other Fortune 500 companies as the result of his computer hacking exploits. He now conducts seminars on cybersecurity to federal law enforcement agencies.
However, even Evans admits that hiring from a pool of criminals sometimes has its drawbacks. As an example, he relates the story of Max Ray Butler, aka “Iceman,” who was convicted in 2009 on two counts of wire fraud. “Iceman was caught stealing millions of credit card numbers and selling them online. At the same time, he was at war with other hackers trying to corner the black market.”
According to Evans, Iceman was eventually caught and then hired by the Federal Bureau of Investigation (FBI) as a confidential informant assigned to the task of identifying the other hackers. “While working undercover for the FBI, he started offering up all of these names,” says Evans. “When the FBI started looking into them, none of the information added up. Come to find out, he was actually doing the hacks himself.”
While Evans remains a staunch advocate in support of the government’s hiring of hackers, others are not as enthusiastic. This reporter recently spoke with Barrett Brown, whose articles on the “cyber-industrial complex” have appeared in Vanity Fair, The Guardian and The Huffington Post.
“This is an industry that is already very amoral,” says Brown. “On top of that you have the government recruiting criminal hackers—who may not necessarily be amoral—but who already have the mentality that the law doesn’t necessarily apply to them.”
One such individual is Christopher J. Rouland, who was caught hacking into the Pentagon in 1990. Rather than charge him with a crime, federal authorities decided to recruit him as a member of the Pentagon’s cyber division.
“In 2008, Rouland founded his own company, Endgame Systems,” says Brown. “Publicly, they provided a service by which security professionals could monitor known threats on a real-time basis. But as it turns out, Endgame was also providing massively offensive cyber capabilities that can take out entire regions of online infrastructure, including airports.”
According to a 2011 article in Businessweek, entitled “Cyber Weapons, The New Arms Race,” Endgame even offered package deals along with a price list for taking out each region of the world, including such U.S. allies as Western Europe. “It would be classified if this [price list] was just for the U.S. government,” adds Brown. “But they were offering these capabilities to…whoever.”
Brown goes on to say, “That’s just one small example we know of—only because it was made public. We can presume that kind of dynamic is replicated across the industry to various extents. Like a lot of developments in military and intelligence contract work, things are not being thoroughly thought out, or is basically under the jurisdiction of people who have a dangerous mentality when it comes to weighing the short term advantages of cyber warfare versus the long term consequences.”
This reporter also spoke with a man who goes by the alias FreedomUS. His organization, AnonPR (Anonymous Public Relations), aims to raise public awareness about the loosely associated hacktivist collective known as Anonymous.
According to FreedomUS, a climate of fear and distrust has descended on the hacking community ever since it was revealed that Hector Monsegur, AKA “Sabu,” once the leader of the hacking group LulzSec, had been working as an informant for the FBI—ultimately leading to the arrests of several other hackers.
“The FBI was actually using him to develop and execute more hacks,” says FreedomUs. “Ever since those arrests, everybody’s perceptive is changing. Nobody trusts anybody. Everybody thinks someone is either a fed or an agent.”