Saturday, March 26, 2016

DOJ indictments of foreign hackers are bad for US gov employees

The indictments that the DOJ has handed down for foreign hackers acting on behalf of their governments sets a REALLY bad precedent.  First it was China.  Now we have Iran.  And it won't stop here.  If it was politically expedient, the DOJ would indict a baked potato.  Just stand by to see who's next.

But here' the wrinkle: the US government ALSO employs hackers that target other nations for a variety of reasons you can read about elsewhere.  This is far from a secret.  If the US DOJ wants to indict other countries' governments for criminal hacking of our infrastructure, go for it.  But indicting individuals working at the behest of their governments?  That's a bad idea.

And I don't really care if their government told them to do something the US government would "never" do...  Because:
  1. Many suspect there's very little the US government won't do given the right circumstances
  2. If you think these hackers have a real choice when the government says "pull the trigger" you're delusional
So here you have hundreds of US employed hackers who signed up to do a mission.  And sure, OPSEC will help them maintain their secrecy (or not, see OPM).  At the time they signed up, they knew they could become the targets of foreign surveillance.  What most didn't know was they would eventually face indictment from a foreign government - all because the DOJ wants to grandstand.

Perhaps Lando said it best...

Whoa - they volunteered for this
No, they didn't.  End of story.  They signed up to protect their country and serve - in many cases for a fraction of the prevailing industry wage.  They work long hours, nights, weekends, and holidays. And overtime.  Holy crap - did I mention the overtime?!  If you think there's a skilled worker shortage in infosec, imagine if you had to get Top Secret clearances for all your people.  Then imagine that they also have to work in a zero tolerance for mistakes environment.  Yep. That's what they're dealing with (or so I'm told...).

They can't tell their families what they do.  I've personally seen this dynamic end more than its fair share or marriages/relationships.  Not because the couple isn't meant to be together, but because they don't understand how important the mission is that keeps the other away from home.

Scratch that.  It's not that they don't understand - they can't understand.  And not because their partners are idiots.  It's because they can't be told how things work, what the partner does, and how just last night the partner gained access to a treasure trove of information that is reshaping national policy as they sleep the day away.

DOJ is screwing the pooch
The DOJ sets a precedent for other nations to charge our cyber operators for "just doing their job."  Sure, sure, these fine men and women (some of the finest you'll EVER meet) took an oath to a lifelong obligation to protect classified information.  But they didn't agree to have their lives rocked in ways they couldn't possibly predict.  Luckily no other countries have yet followed suit indicting US government hackers. But if DOJ continues these shenanigans, it's only a short matter of time.

Our unsung heroes of national intelligence should be applauded, but at home that's just often not the case. I'll stand up to salute you, our national intelligence heroes.  I'll even shake your hand.  But while I'm shaking your hand, don't forget to keep looking over your shoulder - the DOJ is sticking a knife in your back.


  1. This comment has been removed by a blog administrator.

    1. Now why would you go and try to advertise EC Council courses on my blog. That's blasphemy. Deleted.


Note: Only a member of this blog may post a comment.