Times: Snowden Had 'Ethical Hacker' Certification
As NSA leaker Edward Snowden remains trapped in a Russian airport travel limbo, a fuller picture of him continues to emerge. A new article in the New York Times indicates his resume shows he has gotten certifications in "ethical hacking" that are accepted by a number of U.S. government agencies.
The New York Times laid out some details in a story titled "Résumé Shows Snowden Honed Hacking Skills," which sheds new light on what led Snowden to take a job with contractor Booz Allen for the express purpose of gaining access to classified information. He first shared the information with leftist activist journalists Glenn Greenwald and Laura Poitras and then the rest of the world. The Times writes:
Mr. Snowden’s résumé, which has not been made public and was described by people who have seen it, provides a new picture of how his skills and responsibilities expanded while he worked as an intelligence contractor. Although federal officials offered only a vague description of him as a “systems administrator,” the résumé suggests that he had transformed himself into the kind of cybersecurity expert the N.S.A. is desperate to recruit, making his decision to release the documents even more embarrassing to the agency
Remember, this is the same Snowden who was incensed by (ironically) the New York Times publishing information about classified military secrets and said in online chats on IRC in January, 2009 according to Ars Technica:
that shit is classified for a reason - it's not because "oh we hope our citizens don't find out" - it's because "this shit won't work if iran knows what we're doing."
As the Times details, Snowden's last job prior to going to work for Booz Allen was with computer maker Dell in Hawaii, where the article says his resume indicates he was head of Windows Infrastructure security for the Pacific. The Times also claims that prior to working at Booz, he may have been trained in the "offensive" side of cybersecurity, a skill set that would have made him more hire-able by the NSA. As the Times writes:
Some intelligence experts say that the types of files he improperly downloaded at Booz Allen suggest that he had shifted to the offensive side of electronic spying or cyberwarfare, in which the N.S.A. examines other nations’ computer systems to steal information or to prepare attacks. The N.S.A.’s director, Gen. Keith B. Alexander, has encouraged workers to try their skills both defensively and offensively, and moving to offense from defense is a common career pattern, officials say.
The article notes that NSA director Gen. Alexander was the keynote speaker at the hacker convention Defcon in Las Vegas in 2012. According to Computerworld, Gen. Alexander had high praise for the hacking community and even made a point of mentioning protection of civil liberties:
"This is the world's best cybersecurity community," said Gen. Alexander, who also heads the U.S. Cyber Command. "In this room right here is the talent our nation needs to secure cyberspace."
Hackers can and must be part, together with the government and the private industry, of a collaborative approach to secure cyberspace, he said.
Hackers can help educate other people who don't understand cybersecurity as well as they do, the NSA chief said. "You know that we can protect networks and have civil liberties and privacy; and you can help us get there."
The Times says Snowden got a certification in "Ethical Hacking" from a company called EC-Council, which describes the courses it teaches on its website:
As the world leader in ethical hacking and Information Security training and certification, EC-Council offers information security courses and certifications in all of the major information security disciplines including Ethical Hacking,Computer Security, Network Security, Application Security, Internet Security, Vulnerability Assessment, Penetration Testing, Computer Forensics, Intrusion Detection, Network Security Essentials and Security Fundamentals security courses.
Aside from the NSA, EC-Council says on its site that the Ethical Hacking certification is accepted by the US Department of Defense (DoD), United States Air Force's Information Operations Center, and U.S. Naval academic institutions.
EC-Council describes what an Ethical Hacker is:
The Ethical Hacker is an individual who is usually employed with the organization and who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods and techniques as a Hacker.
The Ethical Hacking course currently costs $2,895 but there is a military/government discount bringing the cost down to $2,195.
The problem military intelligence faces is attracting a hacker talent pool that has increasingly flexible ethical definitions, many of which are openly hostile to the United States military. Snowden apparently needed to pass a 'lifestyle' polygraph test, which may have missed or preceded things like Snowden's girlfriend posing in a Guy Fawkes mask or the Electronic Frontier Foundation sticker on his laptop.