The UK government's reported decision to employ ex-hackers to work at a newly-established Cyber Security Operations Centre have met with derision from both a high-profile former hacker and an acknowledged cybersecurity expert. Lord West, the Home Office security minister, first suggested that former hackers (or "naughty boys", …
so did they manage to get
Crash Override and Acid Burn on board?
are forbidden from "tell[ing] their parents or girlfriends what they do in the windowless basement area in the Security Service building beside the Thames".
Girlfriends - is he kidding us!?
obligatory Monty Python reference
He's not a hacker, he's a very naughty boy
I'm a hacker
Please sir! pick me! ... and I haven't been caught doing anything naughty.
Mines the one with the school logo and the catapult in the pocket.
Not wishing to debunk the debunker..
..but they might know that the alleged naughty hackers are being naughty, but have no court-admissible evidence to show that, hence cannot get the CPS to take it forward. He's not got a record, after all.
is MoD IT-wise enough?
To know the difference between Script-Kids and The Real Thing(TM)?
i dont think so...
Fake project or not, the outcome will be FUD
'For example, he later suggested that a net-flinging entanglement "bazooka" designed to stop speedboats might be just the job for use on "topless lovelies".'
I'm with the Admiral on this one.
So now we are even outsourcing our hackers? The IT industry really has hit the rocks in this country hasn't it?
Can't wait for them to bring back capital punishment so we can bring in some cheap labour from Zimbabwe.
"by suggesting it is both reprehensibly criminal and simultaneously a useful national security skillset"
Just like being able to blow someones head off at 100 yards really.
Pick me, Pick me. I have just installed a rootkit.
Now if I could only manage to get it onto someone elses PC. Hmmm...
A factual story appearing in the Sunday Express that doesn't involve Jordan (the Bulgarian airbag stand not the country).
Was the admiral aware of Sweden's top-secret lingerie division and their plans to re-enact the glory days of the Vikings? Boatloads of Scandinavian beauties storming the beaches of Eastern England, elastic twanging - we would have been (deliciously) defenceless without his bazooka nets.
If you'll excuse me, I think I need to go and lie down in a darkened room.
Slow news day?
I only ask because I am assuming Lord West was having a laugh, and that you journalists have decided not to have a sense of humor all of a sudden.
Topless lovelies who have had too much to drink? He was probably joking, wasn't he?
Teen hackers being recruited for GCHQ 2.0. Naughty boys etc. Well, he's half right. The boys he is thinking of are probably now a bit older than their teen counterparts. These older naughty boys can be found at White Hat conventions, telling corporations where the holes are in their security and how to fix them, or at Black Hat conventions on /b/, where they discuss all kinds of stuff.
Not so far fetched, not so bonkers really.
Flaw discovered in the idea
The whole project was running excellently until
Minister: "We're relying on these kids to save us all"
Official: "They're not the Messiah, they're just very naughty boys"
@ Chris 116
If installing rootkits is what's needed then surely they just need to outsource our hacking to Sony?
And we pay for them...why? So that the government can look good?
Some of these leet hacksaws have really hot girlfriends, I saw it in 'Hackers', so it must be true.
They've also ordered a bunch of Xbox 360s complete with copies of Halo.
And the pizza delivery van is on standby outside.
The government takes IT seriously.
we got the computer-savvy hackers rather than the non-computer-savvy ones...
Does this mean that Gary McKinnon will have a claim against HMG at some point that he has been the victim of both age and disability related discrimination?
For the .Gov to find these people in the wild, they have to be caught or caught bragging.. Neither should be employed by MI5/MI6.
The Cyber Defence Command comprised of egotisitcal high profile hackers is obviously a put up job to distract attention, while the real work is carried out by something with a more boring name like "Department of Works Infrastructure" staffed with competent and patriotic but discrete computer science graduates.
The alternative is too horrible to consider.
Better watch out
Hmm, is it even safe to comment with an army of Computer genii prowling the UK networks?
Maybe the COCKids are watching right now, wait, is that the door? I'll get me coat...
You cant work for SIS if your not a UK national... as they cant do the background checks that are necessary for the role. Outsourcing is not an option.
Would have thought a security consultant would know that?
"The majority of the teens are Asians", can you imagine the fuss that would be made if a regular company had an exceptionally large proportion of just men or white people?
'if you have to claim that you have such a big and impressive one everyone knows that its probably very tiny and disappointing,"
*snigger* I bet Paris has seen the truth of that before!
When I were a lad...
I have a lovely fix-all at the end of this...
I did "The Real Thing(TM)" in many various ways back in the 1990s (nothing deliberately harmful)
A small example would be by-passing the piracy protection schemes used at the time so I could play [insert name of a game].
Oddly enough I had cause to use the skills, perfectly legally, later in my career
One of several examples...
I once worked for a very populat printed computer magazine who wanted to give away a certain piece of software on the cover of their next issue. I was prsented with a floppy disk and asked if I could 'nobble' it so they could put it on the 125,000 magazines.
Naturally, no longer being an irresponsible kid, checked out the legallity and got written permission to do, what was essentially, illegal.
They put it on the magazine and it did very well...
Later in life I know far more than I did then, I am far more 'dangerous' now than I was 20 years ago, or even 10 years ago.
It took me 30 years to aquire the knowledge I have today - that's what makes me 'dangerous'
I play with the Internet these days, not games (OK, MSC is annoyingly addictive) and my skills in this area are just as honed.
I'm far from a kid anymore and, as such, I'm more than aware of the effects that any actions I perform may have on a third party - i.e. maturity and responsibiity - I use my skills beneficially for others these days.
The average Western PS3 / X360 / Wii junkie wouldn't have the inclination to even bother learning the skills I learned all those years ago as they're too busy playing this week's hot game (todays kid mentality superbly demonstrated by certain South Park episodes)
Deluge Asia, and Russia etc with free games consoles and games and the problem vanishes rather quickly
Whos left to kill the Internet after you do that?
Yeah 003.5s mum phoned and says he needs to come home, right now and do his homework.
Plus he wont be back on Monday because he's ruining their benefits by working more than 30 hours a week, even if it is only minimum wage.
He sounds bitter that he was ignored, and more talented individuals were picked up.
No officer, I'm not hacking, I'm applying to work for the UK government, it worked for them.
The really good hackers never get caught, in fact we don't even know they exist (they are that good).
They're not good enough to stay unknown, but are interested in this sort of thing, maybe it's more of a training camp, giving them the equipment, protection and education then they'll be of use? although their orginal tendencies to do something wrong can't be a good thing, and then putting a load of them together is really just asking for trouble.
Hacking is very, very, very easy, like any other arena it just takes education and practice to do ti consistently, this is probably all smoke and mirrors keeping up the "1337 h4><0r" myth, there are thousands of people with too much time on their hands, spending hours trying to 'sploit this that or the other, most fail but the few lucky or skillful successes hide the time involved. because you never see this effort it appears as if somebody does it with minimal or no time (as on the 60 second 128bit encryption hack on Swordfish).
Why do people always think Hackers are Teenagers?
There are plenty of more mature people out there that have both the skills to do it and the experience to avoid being caught!
I'm a hacker and so';s my wife... ;-)
A very interesting (dated) story for those of you so inclined is to be found in The Cuckoo's Egg by Clifford Stoll (Reg offer pls?)
Its a fascinating story that reads like popular spy novels (if you're computer-minded at least) dealing with tracking down the trail of clues to the hackers
OK - it's fact from the 80s but the same ideas are the basis of most Computer crime today
History has a tendancy to repeat itself...
Hence the economy at the moment
Hackers? More like crackers.
So they got a bunch of script-kiddie, now they only need a magical defense PHP script to give them and UK's cyberspace is safe? I think not. Offense is far easier than defense in these field. a 0.1% success rate for attackers is still OK, though defenders *need* a 100% success rate. All this bullshit relies on the "personification" of hacker tools, à la Tron, where programs and hackers' avatars physically fight each other in a virtual reality space. "we're attacked by a giant worm, quick put our teen hackers's avatars around the heart of our system and arm them with big swords!" Yeah, sure.
That, or they want the kids to crash-test the systems, which is a dumb approach to begin with. They can only make it 99.9% secure, and all the attackers will need is that 0.1% window.
No Im a hacker!
Re ... When I were a lad... # By Simon Booth Posted Thursday 24th September 2009 13:55 GMT
Whenever you're good at that sort/these sort of hacky/cracky things one doesn't so much as work for governments, as own them [by Virtue of Binary Control of their myriad SCADA Operating Systems for Remote Virtual Administration]
Would you disagree?
Security's not a dirty word Blackadder.
"All are subject to the same level of background security checks used to clear the employment of other intelligence staff."
So these Chinese hackers, have they passed the security checks?
Yes Sir, we checked their names against our database and they came up all clean.
Excellent. Well see if any of them can hack into the Chinese security database and set up some false records for some of our agents.
what they do in the windowless basement
We know what they do there. Girlfriends? Surely you jest.
@northern monkey - dammit. you beat me off the mark on this one.
Sunday Express ?
Dirty Desmond's piss poor attempt to give himself some class? Just right of Mein Kampf and just past The Sport in credibility stakes!
Typical lack of precision in the reporting.
"What really upsets me with this story is the implication that *only* young (former) criminals have the skills required to carry out the work necessary to combat cyber terrorism,"
That should obviously have read :
"What really upsets me with this story is the implication that *only* young (former) criminals have the mad skillz required to carry out the work necessary to combat cyber terrorism,"
Once again all cogent meaning in an article is lost and the whole rendered farcical because of lax editing by The Register.
Identifying "naughty boys"
When I was a Lecturer in Computing I could have easily identified prospective "naughty boys" for this type of work -- not too naughty of course!
Why all the hate?
Why the comments implying that these "kids" must be stupid script kiddies?
I'm working in IE at a university here, and I could point out maybe five people who'd make good potential "security experts" - and would investigate based on knowledge and understanding rather than just downloaded exploits. And would *also* be able to read security advisories and download exploits, to see what those do (hey, no sense ignoring it if someone has already identified weaknesses.)
I could probably find ten universities, and there would be someone in a similar position to me in each of them. That's 50 potential hackers with no criminal record, and easy references to see if they're malicious or not. (Yeah, you don't think malicious uni students with hacking abilities wouldn't try to squeeze something extra out of the uni networks?)
Not hard to check if they've been trying to install rootkits, bittorrent, or virii. Not hard to decide that one of those three is not like the other. Not hard to talk to their lecturers and see if they approach class with a thirst for knowledge and a love of the topic, or a sullen disregard for others and focus on their own ego. It's even easy to tell if they've been helping classmates on tests or not.
So with a bit of research, you'd get a pretty good idea if they've got the skills and temperament that you're looking for.
And it's simple enough to set up an insecure system with reasonable ways to figure out an entry point, if you want a hands-on test. Although testing hackers kind of misses the point, since if you can test them on a specific topic, you already have the knowledge of that topic. It's what they know and you don't yet know that is valuable.
Not that I expect a government organization to necessarily handle things like that, of course. I also regard these claims of a "hacker army" with suspicion.
Well, yes, Sony admitted they'd been very naughty but they promised to never do it again.
"Why all the hate?"
That is not hate. Rather, it is pity. The ministeer in question is probably an idiot.
 Said steer is obviously emasculated, that's not a typo.
Spinning another Ripped Yarn ....... All fur coat and no knickers
"a newly-established Cyber Security Operations Centre .." .... which doesn't appear to have any dedicated real or virtual address or communications director.
My own request of an MPand her Office staff for such, only returned a disappointing firstname.lastname@example.org. which of course has one talking to monkeys rather than the organ grinder.
But such appears to be the way of parliamentary democracy so that the public are always excluded from those who would imagine themselves powerful and right and immune.
Done properly, CyberIntelAIgent Security Operations render the likes of a spooky MI5 and MI6 and Special Branches of other Intelligence Services, either redundant or servants to Virtual Space Forces and that would obviously be a matter to be immediately resolved and further explained to deny any petty turf war conflicts which they would be ill equipped to deal with.
It also renders Government[s] on a sticky wicket too, and one can easily imagine them not want to queer their own lucrative pitch, with such shenanigans as are aired here ...... but it is delusional of them to imagine that they are indispensible or even really necessary, whenever the Private Pirate Sector can deliver whatever is needed at a true cost, rather than at an inflated value.
A true cost which is easily adjusted to suit its future market value and potential rather than being anything to do with present needs and feeds. Seven sevens is easily changed to eight eights and nine nines for Binary Control of Reality Systems which is what CyberIntelAIgent Security Systems of Operations Offer and dDeliver...... Virtually.
A little something for the Business Secretary to mull over, this weekend, and respond to of course, for we wouldn't want to deny him the chance to do something useful for AI Change, would we?
"by suggesting it is both reprehensibly criminal and simultaneously a useful national security skillset"
Lets list some others...
* Breaking and entering
* Killing someone
* Creation of fake identities
* Secretly recording someone without their knowledge
* Destruction of property
* Driving at high speeds on public roads
* Detaining someone against their will
All "reprehensibly criminal" when performed by a normal citizen, all "useful national security [skills]" when known by officially-sanctioned personnel.
A bad fashion show instead of an advancement in cybersecurity?
I guess this announcement (hiring "Hackers" with criminal record) is a nice way to tell all the employees in the intelligence/government organizations that they have no skills to perform their job. Or better yet, their education, experience and training is worth nothing...
Since hiring "troubled" teenage youth is a "fashionable" trade, perhaps the state/local police should hire gangs to provide protection to civilians and get rid of the police officers. Oh, and we can also do the same for health care! Next time on of these "brilliant" decision makers requires a health examination or surgery they should go to their local high-school and ask to obtain medication for their condition or have an operation by one of the students!
Just because a person in one government agency made a poor decision to hire teenagers/criminals because they watch poorly scripted, sensationalized TV shows (e.g., NCIS) it doesn't mean that the rest of us have to suffer... Unfortunately we do...
There are many, many brilliant professionals with credible background in science (e.g., engineering, computer science, physics) and exceptional experience that make these glorified "hackers" look like "bone heads" which is actually what they are...
A famous example : T. Shimomura versus K. Mitnik.
- Review This is why we CAN have nice things: Samsung Galaxy Alpha
- Hey, YouTube lovers! How about you pay us, we start paying for STUFF? - Google
- MEN: For pity's sake SLEEP with LOTS of WOMEN - and avoid Prostate Cancer
- Vid BONFIRE of the MEGA-BUCKS: $200m+ BURNED in SECONDS in Antares launch blast
- Tim Cook: The classic iPod HAD to DIE, and this is WHY