FORBES - Nov. 29 2010 - 5:02 pm
FORBES: I wanted to ask you about [Peiter Zatko, a legendary hacker and security researcher who also goes by] “Mudge.”
Assange: Yeah, I know Mudge. He’s a very sharp guy.
FORBES: Mudge is now leading a project at the Pentagon’s Defense Advanced Research Projects Agency to find a technology that can stop leaks, which seems pretty relative to your organization. Can you tell me about your past relationship with Mudge?
Assange: Well, I…no comment.
FORBES: Were you part of the same scene of hackers? When you were a computer hacker, you must have known him well.
Assange: We were in the same milieu. I spoke with everyone in that milieu.
FORBES: What do you think of his current work to prevent digital leaks inside of organizations, a project called Cyber Insider Threat or Cinder?
{snip}
Assange: New formats and new ways of communicating are constantly cropping up. Stopping leaks is a new form of censorship. And in the same manner that very significant resources spent on China’s firewall, the result is that anyone who’s motivated can work around it. Not just the small fraction of users, but anyone who really wants to can work around it.
Censorship circumvention tools [like the program Tor] also focus on leaks. They facilitate leaking.
Airgapped networks are different. Where there’s literally no connection between the network and the internet. You may need a human being to carry something. But they don’t have to intentionally carry it. It could be a virus on a USB stick, as the Stuxnet worm showed, though it went in the other direction. You could pass the information out via someone who doesn’t know they’re a mule.
FORBES: Back to Mudge and Cinder: Do you think, knowing his intelligence personally, that he can solve the problem of leaks?
Assange: No, but that doesn’t mean that the difficulty can’t be increased. But I think it’s a very difficult case, and the reason I suggest it’s an impossible case to solve completely is that most people do not leak. And the various threats and penalties already mean they have to be highly motivated to deal with those threats and penalties. These are highly motivated people. Censoring might work for the average person, but not for highly motivated people. And our people are highly motivated.
Mudge is a clever guy, and he’s also highly ethical. I suspect he would have concerns about creating a system to conceal genuine abuses.
FORBES: But his goal of preventing leaks doesn’t differentiate among different types of content. It would stop whistleblowers just as much as it stops exfiltration of data by foreign hackers.
Assange: I’m sure he’ll tell you China spies on the U.S., Russia, France. There are genuine concerns about those powers exfiltrating data. And it’s possibly ethical to combat that process. But spying is also stabilizing to relationships. Your fears about where a country is or is not are always worse than the reality. If you only have a black box, you can put all your fears into it, particularly opportunists in government or private industry who want to address a problem that may not exist. If you know what a government is doing, that can reduce tensions.
http://blogs.forbes.com/andygreenberg/2 ... assange/7/
....................................................................
Could "wikileaks" be a DARPA-funded pinata for "Mudge" and his fellow DARPA hacker pals to whack at, with other useful benefits like poking Obama's State dept. in the eye and ginning up wars?
Hacker 'Mudge' gets DARPA Job
Gets Job as Program Manager at Defense Department
Peiter Zatko, also known as "Mudge" (CBS)
(CNET) Peiter Zatko--a respected hacker known as "Mudge"--has been tapped to be a program manager at DARPA, where he will be in charge of funding research designed to help give the U.S. government tools needed to protect against cyberattacks, CNET has learned.
Zatko will become a program manager in mid-March within the Strategic Technologies Office at DARPA (Defense Advanced Research Projects Agency), which is the research and development office for the Department of Defense. His focus will be cybersecurity, he said in an interview with CNET on Tuesday.
One of his main goals will be to fund researchers at hacker spaces, start-ups, and boutiques who are most likely to develop technologies that can leapfrog what comes out of large corporations. "I want revolutionary changes. I don't want evolutionary ones," he said.
He's also hoping that giving a big push to research and development will do more to advance the progress of cybersecurity than public policy decisions have been able to do over the past few decades.
"Not much has changed" with regard to strengthening the U.S. cybersecurity position, he said. "As a society, we have a larger dependence on being wired in, yet the government only focuses on particular areas."
The connectedness of commercial, government, and military networks makes the situation even more dire, he said. "I'm going to argue that they're all pretty much intertwined now and we've seen how vulnerable some of those sectors are now. That's unacceptable," Zatko said. "I aim to fix that."
{snip}
He started the corporate information security group at BBN Technologies in the 1990s, was chief executive at L0pht Heavy Industries when the hacker space decided to incorporate, and founded security consultancy @Stake, which was later acquired by Symantec. Since 2004, he's been back at BBN, working as division scientist and technical director for the company's National Intelligence Research and Applications department.
Zatko has also done his fair share of work for the government. He was appointed to the Information Assurance sub-committee out of the Executive Office of the President, named as a subcommittee member to the Partnership for Critical Infrastructure Protection and testified several times before Congressional committees. The main hacker character in the book Breakpoint by former U.S. cybersecurity guru Richard Clarke is believed to be based on him.
"I don't want people to be putting out virus signatures after a virus has come out. I want an active defense. I want to be at the sharp pointy end of the stick."
He's not the only self-described hacker to embrace public service. Jeff Moss, founder of the Black Hat and Defcon conferences, joined the Homeland Security Advisory Council last summer.
One of the reasons Zatko decided to take the job is that the new DARPA director, Regina Dugan, is entrepreneurial and is looking to engage more with academics, following years of DARPA being closed to nongovernmental researchers for national security reasons, he said. "Now they are running more programs out of DARPA that are not classified beyond what they need to be, so it will enable more people to have visibility into them," he added.
Another lure of the job was the budget he will have. Zatko said he doesn't know exactly how much of the $3.5 billion a year DARPA spends to fund research he will oversee but said it's likely to be a "good chunk."
From his many years doing penetration testing and working to break security systems, he understands what it takes to try to defend networks and how to come up with innovative solutions to break through barriers and get around obstructions.
http://www.cbsnews.com/stories/2010/02/ ... 4372.shtml
............
the plot thickens..
