Jim Christy
Another node in the Jim Christy network. The Riviera Hotel and Casino in Las Vegas hosts 6,000 hackers for DefCon. Across the back of his polo shirt are the words dod cyber crime response team as in US Department of Defense. A big guy with a shaved head walks up. "You're Jim Christy" . Christy passes him a business card. That's why he comes to DefCon, to extend his already vast informal intelligence web of hackers, security professionals, and computer geeks. He's also here to pick up tips, of course. And to try to recruit a few of the blackhats to the side of justice or at least to scare them straight. "We're appealing to their patriotism," he says. "And if that doesn't work, then fear works, too."
History:
JIM CHRISTY was 19 when he joined the military. It was 1971; he was barely passing his classes at a Baltimore-area junior college and working full time at a car wash to help support his parents. Christy knew he wouldn't qualify for a student deferment. He figured that if he had to go in, he'd choose how. He enlisted in the Air Force. But Christy didn't end up in Vietnam. He became a computer operator, eventually landing on the night shift at the Pentagon. He stayed on after his discharge, and in 1986 he heard the Air Force Office of Special Investigations was looking for a computer crime investigator. "I read the job announcement and said, 'Wow, I get to stay with technology and carry a gun and be a cop play cops and robbers for real?'" Apparently, his experience writing Cobol and Fortran algorithms to organize how people paid for parking at the Pentagon gave him an edge; Christy was hired as the assistant chief of the 16-person unit.
1992 Christy founded the Pentagon's first digital forensics lab.
1997 he was the guy they tapped to explain computer security to
senators and the White House. Now Christy has built his shop into
the world's largest center for pulling evidence off damaged or
encrypted hard drives, tracking hackers across networks,
reconstructing terrorists' computers, and training a new
generation of law enforcement. He's the government's original geek
with a gun.
About the same time, Cliff Stoll, a UC Berkeley astronomer turned
computer security guru, found hackers on his network. In The
Cuckoo's Egg, Stoll's now-classic account of the story, he says
that local police had no idea what he was talking about, and the
FBI dismissed it as small-potatoes fraud. They told him to call
back when he'd lost half a million dollars.
Stoll finally found Christy
. Stoll turned out to be a good teacher, full of tricks for
tracking bad guys online. Together with a like-minded FBI agent,
the pair traced the hackers back to West Germany. They sent police
there to pick up five men, in their late teens to early twenties,
selling US military documents to the KGB. The bust made his
reputation. As
DefCon founder Jeff Moss
(handle: the Dark Tangent) tells it, in the late '80s and early
'90s there were only three people hackers worried about. Christy
was one of them. "It was like, be fearful, there's Jim Christy.
Holy crap, stay out of his way." As computers and networks became
common, Christy's caseload grew. In 1991, a murder suspect on an
Air Force base chopped up two floppy disks.
Investigators found 23 pieces, which Christy took to forensic
specialists in law enforcement and intelligence. They said they
couldn't help. Eventually, he and a deputy put the fragments
together with tape and a magnifying glass; he recovered about 95
percent of the data,
practically handing the military prosecutor a conviction. (Will he
reveal who said it couldn't be done? "No way," Christy says. "I
have to work with those agencies.") That same year, Christy
founded his digital forensics lab, which was really just him and
another guy reading
confiscated hard drives with scavenged equipment at Bolling Air
Force Base in DC. But the Pentagon started to see their value, and
in 1998, Christy's lab was moved from the Air Force to the
Department of Defense.
Christy was putting in time on Capitol Hill. He'd get up
early, do a few hours at the lab, then go coordinate cybersecurity
hearings for the Senate or work on the President's Task Force on
Infrastructure Protection. "We'd send him to see a senator," says
Dan Gelber, a Florida state representative and former staff
director for the US Senate Investigations subcommittee. "He'd go
in there and explain not only how the Internet worked, but how it
was breached." Other staffers started calling Gelber to find
Christy their bosses wanted his briefings. "They finally had
someone explain to them what happened on a computer and why it was
important."
That's when Christy started hanging out with hackers.
His superiors didn't quite understand why he was going to DefCon;
why not just send undercover agents? But Christy knew that if he
talked to hackers,
hackers would talk to him. One former blackhat says that meeting
Christy and his fellow government operatives at DefCon over the
years convinced him to switch sides. "When you realize that all
the hackers in other countries, especially China, are ganging up
on America, it doesn't take a rocket scientist to decide what side
you want to be on," he says. After a couple of years working
undercover "with, not for" various agencies with three-letter
initialisms, he enlisted in the Army. He plans to try for Special
Forces and hopes to get a job in law
enforcement when he's done.
THE DEFENSE Cyber Crime Center, or DC3
, occupies a low unmarked brick building just off Highway 295, the
Baltimore-Washington Parkway. Christy
now heads its research lab, the Defense Cyber Crime Institute, on
the top floor. It's tasked with ensuring that the tools and
technologies used by the guys downstairs actually perform as
advertised, a process called validation. The rest of the team
works on problems that commercial software can't yet handle, like
decoding information hidden inside images or audio files. It's
called
steganography
, and there are more than 100 free tools that can do it. The
trouble is, pedophile rings are increasingly relying on
steganography to hide child pornography. And while some commercial
software can sniff out a steganographically concealed file, it
can't
decrypt it. Christy's institute is working on software that can
reveal the contents of a steg file. "It could be like a virus
scan," Christy says.
But even with 38 staffers, Christy has more problems than time. So
this summer, he decided to get outside help. At DefCon, Christy
announced the DC3 Forensics Challenge: 12 problems covering
everything from
recognizing faked images to cracking passwords Christy had answers
to only 10. Whoever solved the most first (or best) would win a
free trip to Christy's annual DOD Cyber Crime Conference. More
than 130 teams signed up.
We're struggling with Vista and BitLocker.
Microsoft's BitLocker Drive Encryption locks down an entire hard
drive if the startup information is changed or a particular chip
is removed. Microsoft has pledged never to create a BitLocker
backdoor, and Christy
worries about what that means for his team. "Right now, a dead box
comes to us, and with the tools we have, we can exploit it," he
says. "With Vista, we're gonna get dead boxes and they're gonna
stay dead."
Christy's panel titled "Meet the Fed" says:
"It's a lot harder to defend a network than it is to break into
one," he says. "And we could use a lot of talented people. So if
you haven't crossed that line yet, don't. Come to work for us."
The paycheck Christy
hinted at is what really gets their attention.
About future employment 2006 Hackers can work for the Feds - NO DEGREE REQUIRED
So does Christy have undercover informants at DefCon? Of course. Then why go himself? "We not only find out what's happening," he says, "we find out who's doing it."