LAS, VEGAS – It doesn’t get much stranger than this, even in Vegas.
Gen. Keith Alexander, director of the National Security Agency, stood in front of a standing-room-only crowd Wednesday, selling the idea of government surveillance programs. His audience? More than 3,000 cybersecurity specialists, including some of the world’s best hackers, an unruly community known for its support of civil liberties and skepticism of the government’s three-letter agencies.
Alexander praised the group as one of the brightest collections of technical minds in the world. He asked them to help the NSA fulfill its mission of protecting the country, while also protecting privacy.
“We stand for freedom,” Alexander told the crowd in a vast ballroom at Caesars Palace. “Help us to defend the country and develop a better solution.”
Some in the crowd weren’t buying, and one hacker hurled an expletive back at him.
“I’m saying I don’t trust you!” a voice shouted.
This is Black Hat, the annual hacker conference. For a few days every year, it takes center stage in the topsy-turvy worlds of cyberspace, network computing and digital security. The conference serves as a platform for hacking seminars, partying and — more and more — policy discussions about what the government and corporate worlds ought to be doing to confront problems like cyber-espionage and cyber-attacks, growing threats with no clear-cut remedies.
Most Black Hat participants are actually “white hat” hackers — security professionals whose careers are built around using their technical skills to thwart the bad guys. But to do their jobs and find security gaps, they often employ the same techniques.
This year’s conference comes at an especially interesting time, as hackers from China, Russia and other countries continue relentless attacks into corporate, academic and government computers, presumably as part of spying initiatives backed by the private sector, foreign governments and criminal groups.
It also follows the unprecedented disclosures of top-secret documents by Edward Snowden detailing wide-ranging data collection and surveillance programs by the agency. The disclosures have prompted intense criticism from civil liberties advocates and some lawmakers.
Alexander’s appearance here seems to be part of a public relations campaign to better explain what the NSA is doing and the oversight under which it is operating. He gave a similar speech this month at a national security conference in Aspen, Colorado. His message, which mixes technical details and broad-based strategic justifications, is part of a shift inside the Pentagon and the intelligence community toward a more open stance about cybersecurity and national security.
Alexander told the hackers that they needed to hear the facts. He said NSA workers want to find and watch terrorists, not regular Americans. He referred to agency personnel as “these noble folks” and said that 20 had died while deployed to support the wars in Afghanistan and Iraq.
He also faulted the media for misrepresenting facts about the NSA programs.The reputation of NSA employees is being “tarnished because all the facts aren’t on the table,” Alexander said, adding that “you can help us to articulate the facts.”
Alexander also serves as the head of the Defense Department’s U.S. Cyber Command, and Wednesday was not the first time he had reached out to members of the hacking community. Last summer, as part of the NSA’s openness campaign, he donned a T-shirt and jeans in an unprecedented appearance at another hacker conference in Las Vegas. He called on hackers to help, and went out of his way to assure them the government was not spying on them or regular Americans.
Some participants at this week’s event view the latest disclosures about the agency’s programs as undercutting Alexander’s earlier remarks. Charlie Miller, a security executive at Twitter and something of a star here because of his hacking prowess, questioned whether Alexander’s statements last year were true. He decided to skip the NSA director’s speech.
“Everybody agrees. You told us you were good and you’re not,” said Miller, a former NSA employee. “So go home.”
Anup Ghosh, founder of cybersecurity firm Invincea, said Alexander and the NSA need hackers more now than ever. But he said Snowden’s disclosures, and the gap between what the government had previously said about surveillance and the apparent reality, is “making distrust a bigger and bigger issue.”
“It’s a challenging problem Gen. Alexander has in convincing this community he’s on their side,” Ghosh said. “He needs this community.”