Government employs hacker in the new scheme of courageous

Since the dawn of computing, there was a cold war between those who manage computer systems and those who attack them.

And never will--at least until now.

Speaking at ShmooCon hacker Conference in Washinton DC, Defense Advanced Research projects Agency (DARPA) project manager Peiter Zatko announced Cyber Fast Track, a new scheme that will build on the skills of "small organisations, shops, spaces for hackers, [and] maker labs" in order to find solutions to computer security.

Zatko is perhaps better known in the circles of hackers from the handle "mudge" and as a lifetime member of the cult of Dead Cow and collective L0pht. created the legendary password cracking tool L0phtCrack and was one of the first to highlight the buffer overflow hack in 1995. In 1998 he said famously a Senate Committee that hackers could break the Internet within 30 minutes.

The nature of government contracting means that cybersecurity projects undertaken by the Department of Defense typically involve millions of dollars and are designed to take years to complete. There is nothing wrong with that, Zatko credits, but thinking more agile you need.

Zatko described what he called "asymmetry" between the ease of malware creation than the solutions used to defend against it; a piece of malware typically involves 125 lines of computer code, he said, and that has remained the same since 1985. However, the latest unified threat management solutions involve approximately 10,000,000 lines of code, having increased by the same type of figures such as malware in 1985.

Associate a value of a dollar for every line of code, it is clear that the creation of defensive solutions is becoming increasingly expensive, complex and time consuming, while the malware is still simple to produce.

Zatko's solution is to harness those within the community of hacking that typically have research to conventions or white hat, but whose work flies under the radar of DARPA. He intends to exploit the teams or individuals employed at the back of short fixed-price contracts for DARPA produce results in months rather than years.

"I went over to the dark side because they need it," Zatko explained in his keynote, referring to its occupation by DARPA and adding later: "I want the Government to amend and change".

So will it work?

To answer the question is necessary to understand what motivates hackers: curiosity, a sense of fun and community. Discover the secrets within software or hardware is a reward in itself, but these secrets to share with other permanent increases among your peers.

Although hackers have had various criticisms leveled at them over the years, few have suggested ever hackers are motivated by money. That kind of thinking is limited to fiction.

Mere pecuniary advantage, however, is not what uses Zatko to motivate his former classmates. He spoke of the creation of "incubators hacker" and clarified that the DoD does not ask any commercial rights of scoperte innovations.

In essence, Zatko wants to sponsor researchers, rather than providing them with rewards if they do well. This is much more in thought with aspirations of typical hacker--always someone to pay the Bills, while you do the things they love. And, in any case, at the end of the process the hacker or group concerned is free to try all the rewards you can get to work.

Zatko simply wants to harness the enormous power of the brain and creativity of the community hacker, and as a former member, he knows exactly what makes him tick. Although his regime will not be in operation for a few months yet, there are signs that could produce results which improve safety for all of us.

You can view the speech of Zatko below on YouTube.

Keir Thomas has made known his opinion on matters of calculation from the last century and more recently has written several best-selling books. You can read more about him at http://keirthomas.com. His Twitter feed is @ keirthomas.