It's a busy week in Las Vegas. The Black Hat security conference wound up yesterday and today Defcon 19 opens - and both corporations and federal agencies are in attendance on a recruiting mission.
DARPA took advantage of the Black Hat conference to launch its Cyber Fast Track project that will provide funding for small security firms. Under this initiative, which is intended to fund between 20 to 100 projects annually, groups will be able to pitch Darpa with ideas and have a project approved and underway within 14 days. Developers will retain intellectual property rights on their projects, and Darpa will operate under government use rights.
The scheme was introduced by Peiter Zatko, also known by his hacker alias "Mudge" who is now a DARPA program manager. It aims to bridge the gap between hacker groups and government agencies:
"We need new ideas and we need new performers," said Zatko, who believes that some more flexible alternative to spending more money with larger security contractors is needed.
Microsoft is also offering incentives. Its new Blue Hat Prize, described in the video below as the first and largest incentive prize ever offered by Microsoft, will be awarded to whoever who finds a way of blocking entire classes of attacks on memory vulnerabilities in Windows, and a cash payment of $200,000 will be awarded as the first prize at next year's Black Hat USA conference. There's $50,000 for the runner-up and the third placed contestant will get a MSDN Universal subscription worth $10,000.
According to Katie Moussouris, senior security strategist lead for the Microsoft Security Response Center (MSRC):
"We're looking to make life more costly for criminals. The value of the prize will go beyond dollars, however, we looked at what researchers were doing with our products and saw there were more motivations than money. It's one motivation, but there's also recognition within the community and the pursuit of intellectual happiness from the act of discovering these issues."
She also explained that researchers will own the intellectual property from their inventions, enabling them to develop them further, and Microsoft will use the technology under a royalty-free license.
The competition, which has a closing date of April 1, 2012, is aimed at researchers from industry, academia and even hobbyists (apart from Microsoft employees and countries under US trade embargoes) and open to hackers aged 14 and over, although minors need parental permission to enter. More details can be found at Bluehatprize.com
The white-hat hacking talents of both youngsters and adults will be being appraised at Defcon 19 this weekend by what Reuters has described as:
"an alphabet soup of federal agencies - DOD, DHS, NASA, NSA".
For the first time this popular event includes sessions for 8-16 year olds with the idea of introducing kids to the positive ideals of white hat hacking at an early age.
Defcon has an ethos that at first sight doesn't seem conducive to the involvement of pre-teens and teenagers - it is a convention where the $150 entrance fee is cash only - no registration, no credit cards, no names taken.
However, its "cyber-warrior" attendees are in high demand both by corporations and government agencies who are keen to tap into this pool of talent. According to Reuters, the NSA is hiring about 1,500 people in the fiscal year which ends September 30 and another 1,500 next year, most of them cyber experts.
It quotes Richard "Dickie" George, technical director of the NSA's Information Assurance Directorate, the agency's cyber-defense side as saying:
"Today it's cyber warriors that we're looking for, not rocket scientists"
George goes on to explain that the NSA can attract hackers to work with the organisation by dazzling them with the latest technology, appealing to their competitive nature, and giving them a sense of working for the greater good.
Jeff Moss, the founder of both Defcon and the Black Hat conference, a former hacker who is now a member of the Department of Homeland Security's Advisory Council, which advises the government on cyber security told Reuters:
"They [NSA] need people with the hacker skill set, hacker mind-set. It's not like you go to a hacker university and get blessed with a badge that says you're a hacker. It's a self-appointed label -you think like one or you don't."
and he maintains that NSA is actually an environment where the hacker mindset fits right in to work with "a critical mass of people that are just like them."
It almost seems a shame that talented programmer have to get involved in the darker side of things even if for a positive reason. Programming, when done right, really is exciting without having to get into hacking.
Reuters: Government hankers for hackers
Kids Hacking Conference raises questions
If you would like to be informed about new articles on I Programmer you can either follow us on Twitter or Facebook or you can subscribe to our weekly newsletter.