DEF CON 20, the hacker convention in Las Vegas, has wound up, leaving hackers of all hat colors bemused, befuddled, and bewildered. What it meant depended on who you talked to. Gen. Keith Alexander, head of the NSA and U.S. Cyber Command, appeared at the 2012 DefCon hacker conference in Las Vegas on Friday.
General Alexander, dressed in the uniform of the day, jeans and t-shirt, told the crowd of hackers and security professionals that his agency “absolutely” does not maintain files on Americans.
“And anybody who would tell you that we’re keeping files or dossiers on the American people,” Alexander continued, “knows that’s not true.”
But William Binney, a former technical director at the NSA, said during a panel discussion that NSA Director Gen. Keith Alexander was playing a “word game” and that the NSA was indeed collecting e-mails, Twitter writings, internet searches and other data belonging to Americans and indexing it, reports Wired.
According to Bill Binney, a former NSA analyst, the N.S.A. has built enormous electronic-storage facilities in Texas and Utah that now stores copies of all e-mails transmitted in America. Whereas wiretap surveillance requires trained human operators, data mining is automated, meaning that the entire country can be watched.
In the late nineties, Binney estimated that there were some two and a half billion phones in the world and one and a half billion I.P. addresses. Approximately twenty terabytes of unique information passed around the world every minute. Binney started assembling a system that could trap and map all of it, says author Jane Mayer in The New Yorker.
Defcon’s lessons in security include:
- Security researcher Michael Coppola demonstrated how small routers can be compromised and turned into botnet clients by updating them with backdoored versions of vendor-supplied firmware.
- A hack on Huawei routers, giving ammunition to the House of Representatives’ Intelligence Committee concerns about the company.
- Cryptography specialist Moxie Marlinspike released two tools that can be used to crack the encryption of any PPTP (Point-to-Point Tunneling Protocol) and WPA2-Enterprise (Wireless Protected Access) sessions that use MS-CHAPv2 for authentication.
- The “Ninja Tel” network is “the biggest open BTS (base transceiver station) network ever,” said Ninja Michael J.J. Tiffany. BTS networks are designed to allow for software-based switching technology that can be housed in small spaces, such as a van.
When the Stuxnet worm inadvertently became public, many United States officials and outside experts expressed concern that it could be reverse-engineered and used against American targets. General Alexander said he saw no evidence of that. General Alexander spoke in a 75-minute interview at the Aspen Security Forum last week.
General Alexander, as head of the NSA, was a crucial player in a covert American program called Olympic Games that targeted the Iranian nuclear program.