By Joseph Menn and Jim Finkle
| LAS VEGAS, July 27
LAS VEGAS, July 27 The head of the U.S.
government's secretive National Security Agency took the
unprecedented step on Friday of asking a convention of unruly
hackers to join him in an effort to make the Internet more
secure.
In a speech to the 20th annual Def Con gathering in Las
Vegas, four-star General Keith Alexander stressed common ground
between U.S. officials and hackers, telling them privacy must be
preserved and that they could help by developing new tools.
"You're going to have to come in and help us," Alexander
told thousands of attendees.
Alexander rarely gives speeches of any kind, let alone to a
crowd of hackers, professional defenders, and researchers whose
discoveries of software and hardware vulnerabilities are used by
both sides.
Conference founder Jeff Moss, known in hacking circles as
The Dark Tangent, told the conference that he had invited
Alexander partly because he wanted them to learn about one of
the world's "spookiest, least known" organizations.
Attendees were respectful and gave modest applause, though
several said they were concerned about secret government
snooping and the failure of authorities thus far to stop
foreign-backed attacks.
"Americans pay taxes so that federal agencies can defend
them," said a researcher who asked not to be named. "I see it as
a hard sell asking a business entity to spend money for the
common good."
Alexander won points by wearing the hacker "uniform" of
jeans and a tee shirt, wandering the halls and praising specific
hacking efforts, including intrusion detection tools and
advances in cryptology.
He also confronted civil liberties concerns that are a major
issue for many researchers devoted to the Internet.
The NSA sponsored a booth at the convention for the first
time, which organizers placed next to one from the Electronic
Freedom Foundation (EFF). The EFF has sued the government,
claiming that it illegally tapped conversations of Americans.
Alexander spoke with staff at the EFF booth, telling them he
believes the U.S. government can secure the nation and also
protect civil liberties. They did not discuss the pending
litigation.
Panels at the conference include a discussion of government
tracking of individuals through cell phone data.
Taking questions screened by Moss, Alexander adamantly
denied that the NSA has dossiers on millions of Americans, as
some former employees have suggested.
"The people who would say we are doing that should know
better," he said. "That is absolute nonsense."
Alexander used the speech to lobby for a cyber security bill
moving through the Senate that would make it easier for
companies under attack to share information with the government
and each other as well as give critical infrastructure owners
some reward for adhering to future security standards.
"Both parties see this as a significant problem," he said,
adding that the experts like those at Def Con should help in the
process. "What are the standards that we should jointly set that
critical networks should have?"
In addition to conducting electronic intelligence gathering,
primarily overseas, the Defense Department-controlled NSA is
charged with protecting the U.S. military from cyber attacks.
Increasingly, it has been sharing its findings with the
Federal Bureau of Investigation to aid in criminal cases and
with the Department of Homeland Security, which warns specific
industries of new threats.
Displaying a slide with the logos of several dozen of
companies breached by criminals or spies in the past two years,
Alexander said that only the most competent even knew they had
been hacked.
"There are 10 times, almost 100 times more companies that
don't know they've been hacked," he said.
As he walked the convention floor, he repeatedly asked
hackers, including children attending a "Def Con Kids"
conference, to consider joining the NSA once they have honed
their skills.
"Keep working on this. We need you in the future," he said.
Many of the more than 10,000 hackers who crowded into the
Rio casino conference center did not seem particularly
interested in the presence of the head of the biggest U.S. spy
agency, who was flanked by an entourage of plain-clothes guards
and Def Con's own red-shirted security force who call themselves
"goons".
"Nice to meet you," he said to several dozen hackers in line
to buy lock picking equipment at one crowded booth. "How can I
help you?"
The crowd did not respond, and the booth's organizers
politely chatted with Alexander.
When he approached a hacker preparing for a "capture the
flag" computer-takeover contest, the hacker waved casually, then
returned to his laptop. A teammate later explained: "We were
just too busy to chat."
(Reporting by Joseph Menn and Jim Finkle)