Another node in the Jim Christy network. The Riviera Hotel and Casino in Las Vegas hosts 6,000 hackers for DefCon. Across the back of his polo shirt are the words dod cyber crime response team as in US Department of Defense. A big guy with a shaved head walks up. "You're Jim Christy" . Christy passes him a business card. That's why he comes to DefCon, to extend his already vast informal intelligence web of hackers, security professionals, and computer geeks. He's also here to pick up tips, of course. And to try to recruit a few of the blackhats to the side of justice or at least to scare them straight. "We're appealing to their patriotism," he says. "And if that doesn't work, then fear works, too."
JIM CHRISTY was 19 when he joined the military. It was 1971; he was barely passing his classes at a Baltimore-area junior college and working full time at a car wash to help support his parents. Christy knew he wouldn't qualify for a student deferment. He figured that if he had to go in, he'd choose how. He enlisted in the Air Force. But Christy didn't end up in Vietnam. He became a computer operator, eventually landing on the night shift at the Pentagon. He stayed on after his discharge, and in 1986 he heard the Air Force Office of Special Investigations was looking for a computer crime investigator. "I read the job announcement and said, 'Wow, I get to stay with technology and carry a gun and be a cop play cops and robbers for real?'" Apparently, his experience writing Cobol and Fortran algorithms to organize how people paid for parking at the Pentagon gave him an edge; Christy was hired as the assistant chief of the 16-person unit.
1992 Christy founded the Pentagon's first digital forensics lab. 1997 he was the guy they tapped to explain computer security to senators and the White House. Now Christy has built his shop into the world's largest center for pulling evidence off damaged or encrypted hard drives, tracking hackers across networks, reconstructing terrorists' computers, and training a new generation of law enforcement. He's the government's original geek with a gun.
About the same time, Cliff Stoll, a UC Berkeley astronomer turned computer security guru, found hackers on his network. In The Cuckoo's Egg, Stoll's now-classic account of the story, he says that local police had no idea what he was talking about, and the FBI dismissed it as small-potatoes fraud. They told him to call back when he'd lost half a million dollars.
Stoll finally found Christy. Stoll turned out to be a good teacher, full of tricks for tracking bad guys online. Together with a like-minded FBI agent, the pair traced the hackers back to West Germany. They sent police there to pick up five men, in their late teens to early twenties, selling US military documents to the KGB. The bust made his reputation. As DefCon founder Jeff Moss (handle: the Dark Tangent) tells it, in the late '80s and early '90s there were only three people hackers worried about. Christy was one of them. "It was like, be fearful, there's Jim Christy. Holy crap, stay out of his way." As computers and networks became common, Christy's caseload grew. In 1991, a murder suspect on an Air Force base chopped up two floppy disks.
Investigators found 23 pieces, which Christy took to forensic specialists in law enforcement and intelligence. They said they couldn't help. Eventually, he and a deputy put the fragments together with tape and a magnifying glass; he recovered about 95 percent of the data,
practically handing the military prosecutor a conviction. (Will he reveal who said it couldn't be done? "No way," Christy says. "I have to work with those agencies.") That same year, Christy founded his digital forensics lab, which was really just him and another guy reading
confiscated hard drives with scavenged equipment at Bolling Air Force Base in DC. But the Pentagon started to see their value, and in 1998, Christy's lab was moved from the Air Force to the Department of Defense.
Christy was putting in time on Capitol Hill. He'd get up
early, do a few hours at the lab, then go coordinate cybersecurity hearings for the Senate or work on the President's Task Force on Infrastructure Protection. "We'd send him to see a senator," says Dan Gelber, a Florida state representative and former staff director for the US Senate Investigations subcommittee. "He'd go in there and explain not only how the Internet worked, but how it was breached." Other staffers started calling Gelber to find Christy their bosses wanted his briefings. "They finally had someone explain to them what happened on a computer and why it was important." That's when Christy started hanging out with hackers. His superiors didn't quite understand why he was going to DefCon; why not just send undercover agents? But Christy knew that if he talked to hackers,
hackers would talk to him. One former blackhat says that meeting Christy and his fellow government operatives at DefCon over the years convinced him to switch sides. "When you realize that all the hackers in other countries, especially China, are ganging up on America, it doesn't take a rocket scientist to decide what side you want to be on," he says. After a couple of years working undercover "with, not for" various agencies with three-letter initialisms, he enlisted in the Army. He plans to try for Special Forces and hopes to get a job in law
enforcement when he's done.
THE DEFENSE Cyber Crime Center, or DC3, occupies a low unmarked brick building just off Highway 295, the Baltimore-Washington Parkway. Christy
now heads its research lab, the Defense Cyber Crime Institute, on the top floor. It's tasked with ensuring that the tools and technologies used by the guys downstairs actually perform as advertised, a process called validation. The rest of the team works on problems that commercial software can't yet handle, like decoding information hidden inside images or audio files. It's called steganography, and there are more than 100 free tools that can do it. The trouble is, pedophile rings are increasingly relying on steganography to hide child pornography. And while some commercial software can sniff out a steganographically concealed file, it can't
decrypt it. Christy's institute is working on software that can reveal the contents of a steg file. "It could be like a virus scan," Christy says.
But even with 38 staffers, Christy has more problems than time. So this summer, he decided to get outside help. At DefCon, Christy announced the DC3 Forensics Challenge: 12 problems covering everything from
recognizing faked images to cracking passwords Christy had answers to only 10. Whoever solved the most first (or best) would win a free trip to Christy's annual DOD Cyber Crime Conference. More than 130 teams signed up.
We're struggling with Vista and BitLocker.
Microsoft's BitLocker Drive Encryption locks down an entire hard drive if the startup information is changed or a particular chip is removed. Microsoft has pledged never to create a BitLocker backdoor, and Christy
worries about what that means for his team. "Right now, a dead box comes to us, and with the tools we have, we can exploit it," he says. "With Vista, we're gonna get dead boxes and they're gonna stay dead."
Christy's panel titled "Meet the Fed" says:
"It's a lot harder to defend a network than it is to break into one," he says. "And we could use a lot of talented people. So if you haven't crossed that line yet, don't. Come to work for us." The paycheck Christy
hinted at is what really gets their attention.
About future employment 2006 Hackers can work for the Feds - NO DEGREE REQUIRED
So does Christy have undercover informants at DefCon? Of course. Then why go himself? "We not only find out what's happening," he says, "we find out who's doing it."