LAS VEGAS—The Blackhat Security Briefings opened on a somber note this year as the community suffered the loss of one of its own. Just days before he was to present a proximity hack on a heart implant device, renowned security researcher Barnaby Jack, 35, was found dead in his San Francisco apartment.
With no sign of foul play, San Francisco police have ordered an autopsy that will take a month, leaving a tight-knit and naturally paranoid community with no closure.
Into this wake, stepped General Keith Alexander, commander of U.S. Cybercom and NSA chief. After a moment of silence was observed in honor of Barnaby Jack, Gen. Alexander took the stage to do damage control and address the Edward Snowden leak of NSA documents.
This was a much different General Alexander than the Alexander who won over the crowd at the 2012 DEFCON (the Blackhat followon conference).
Instead of jeans and a hacker t-shirt that he wore last year, Alexander was formally attired in Army dress pants and white shirt, four stars on his shoulders. Looking as somber as everyone in the crowd, he opened up about what information the NSA actually collects, and the checks and balances that go into their collection of communications data and their analysis processes.
According to Alexander, collection starts out with basic meta data including call date, telco carrier, the from number, the to number, and call duration.
This meta data collection is approved and monitored under Section 215 of the 2011 Foreign Intelligence Surveillance Act and refers only to the collection of information on foreign individuals.
Alexander repeatedly stated that terrorists walk among us, indicating the need for collecting this data domestically without actually coming out and saying it. He added that data is needed to protect the population, and that the meta data they collected acted as the initial tip to stop 12 of 13 suspected terrorist attacks in the U.S. and more in Europe.
Once a party comes under suspicion, the case is kicked over to the FBI who finds more data on the suspects and sends the case back to the NSA for further analysis into the actual communications (phone conversations and e-mails) themselves.
He says that only 35 NSA agents have the authority to dig deeper into the meta data and they must go through rigorous training. But this begs the question: How’d Snowden, only being a short-term IT contractor for the NSA, get the visibility he needed into the data to leak the story? No admin should have such rights if the data is supposed to be truly protected.
No one asked that question because they weren’t given a chance to.
The kimono opened only so far. The community, bereft from the unexplained loss of Barnaby Jack, was once again left without closure.