The U.S. government has a problem with hackers—but not the kind you think. The problem I refer to is Uncle Sam’s reputation of hostility towards hackers, which makes it difficult to hire the sort of people the country needs to tighten up its sprawling computer networks.
I discovered this firsthand by polling hackers and security experts in San Francisco this week, asking if any of them would ever consider working for the government. In a room of hundreds of people, fewer than ten hands went up.
That’s bad news because the crowd, who was attending an event by the bug bounty firm HackerOne, are exactly the sort of people the government needs: Smart and creative technologists who are well versed in hacker culture, and capable of protecting the U.S. from cyber attacks on its websites and infrastructure.
Their reluctance to join the government is two-fold. The first reason stems from long-running mistrust over the government’s persecution of hackers like Aaron Swartz, a young genius who uploaded academic journals from MIT, and Samy Kamkar, who faced a lengthy criminal ordeal over a caper involving the social network MySpace (which he related in humorous detail to the HackerOne crowd).
The government’s second hiring challenge is more prosaic. Namely, talented hackers don’t want to trade in plush positions and big bucks at cool technology companies to work for an average salary in the unglamorous world of the civil service.
Fortunately, not everyone feels this way. One example is Mike Chung, a former manager at Apple who left to help lead the Digital Defense Service, and run programs like “Hack the Pentagon” and “Hack the Airforce,” which offer cash prizes to hackers who find vulnerabilities in military software. Another is Jacob Kaplan-Moss who used to direct security at Heroku but now works for 18F, a government agency that’s helping the likes of the IRS harden its computer defenses.
At the HackerOne event, both men said their work comes with a sense of mission missing from many corporate jobs, and also described the sweeping impact a hacker can make inside the government. They also made the case that Uncle Sam is overcoming its aversion to hackers, and recognizing it needs to accommodate their culture.
Their pitch was persuasive, and even led some young hackers to ask Chung and Kaplan-Moss how to get involved with the government. While many in the room remained skeptical, the good news is that the government appears to recognize they need a few good hackers—and might even do what it takes to get them.
Jeff John Roberts
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
Bad date: Online dating can be plenty rough, but more so when your courtship app is dripping with cyber vulnerabilities. Kaspersky Labs tested Tinder, Bumble and the rest of them and discovered the apps contain security flaws that make it possible to identify users' identities and location.
Bad Rabbit on the move. The latest data-encrypting malware is freezing computers at news agencies, trains and airports in the Ukraine and beyond, and spreading via an NSA exploit. Early guesses are that Russia is responsible for Bad Rabbit.
Come in, Amazon cyber-stalkers. You've heard about Amazon's new smart doorbell that lets you open the door for remote deliveries. Some people are put-off by the idea of strangers in their house (well, techically their foyer), but we're more worried about the hacking risks. Adam is probably right that the decision to buy one is based on how much you trust Amazon.
Equi-fail (again). Here's more gasoline for the Equifax dumpster fire: A researcher reportedly notified the credit bureau of egregious security holes last December—months earlier than the company says it learned of the hack. Equifax, of course, ignored the warnings. No word if they also tried to sell the guy some credit protection.
Your phone grip is a tell: The latest layer of phone security is "behavioral biometrics"—a long list of behaviors such as how you tilt your phone, how you scroll, and how you respond to scream stimuli. Together all this forms a unique profile. Coming to a banking app near you.
Way to make our robot overlords feel right at home! Saudi Arabia this week granted citizenship to a mechanical humanoid. Really.
Share today's Data Sheet with a friend:
Looking for previous Data Sheets? Click here.
The resurgence [of cryprojacking] can be attributed to the cryptocurrency Monero. Designed to be mined on PCs, the privacy-minded e-coin sparked the development of a handful of off-the-shelf Monero mining tools... When added to a website, these tools transform typically unsuspecting visitors’ computers into cryptographic quarries—and new revenue streams.
—Fortune's Robert Hackett explains the finer points of cryptojacking, which involves slipping software onto unsuspecting consumers' computers in order to mine cryptocurrency.
Meet Reaper: A Hacker Is Assembling the Biggest Botnet Ever by Robert Hackett
Bitcoin Alums Announce New Digital Currency Metronome by Jeff John Roberts
Forescout Raises $116 million in an IPO price below last valuation by Robert Hackett
Wire Brings Secure, Encrypted Chat to Business by Barb Darrow
Coinbase Boosts Bug Bounty Payout to $50,000 by Jeff John Roberts
ONE MORE THING
Your cyber-crime shopping list. Ever wanted to go an cyber-crime spree but worried it would break the bank? Well, a list culled from dark web breaks down the prices —they range from $20 for 500 spammy texts to $700 for a DDoS attack. All summed up in this cool Fortune graphic.