-
Notifications
You must be signed in to change notification settings - Fork 4
/
index.html
1289 lines (1235 loc) · 99.1 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<!doctype html>
<html class="no-js" itemscope itemtype="http://schema.org/Article">
<head>
<meta charset="utf-8">
<title>The Geeks On The Front Lines | Rolling Stone</title>
<link href="//ajax.googleapis.com" rel="dns-prefetch">
<link href="//www.google-analytics.com" rel="dns-prefetch">
<meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1">
<script>
var __config = {};
__config.baseURL = 'http://www.rollingstone.com/feature/the-geeks-on-the-frontlines';
__config.debug = true;
__config.disqus__shortname = 'rollingstone';
(function () {
document.documentElement.className = 'js';
var supportsSVG = function () {
return !! document.createElementNS && !! document.createElementNS('http://www.w3.org/2000/svg','svg').createSVGRect;
};
if (supportsSVG()) document.documentElement.className += ' svg';
})();
</script>
<link href="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/css/style.min.css" rel="stylesheet">
</head>
<body>
<!--[if lt IE 9]>
<div class="support">
<p class="support__message">
For the best HTML5 experience, we recommend the use
of an updated modern browser.
</p>
<p class="support__outro">
Download or update one of the recommended browsers below.
</p>
<div class="support__browsers">
<a href="//www.google.com/intl/en/chrome/browser">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/support/chrome.png">
</a>
<a href="//windows.microsoft.com/en-us/internet-explorer/download-ie">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/support/ie.png">
</a>
<a href="//www.mozilla.org/en-US/firefox/new">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/support/firefox.png">
</a>
</div>
<a href="#" class="support__continue">Continue</a>
</div>
<![endif]-->
<div class="site-wrapper">
<div class="progress">
<div class="progress__bar"></div>
</div>
<div class="preloader">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/preloader-glitch.gif" class="preloader__glitch" alt="Loading">
<div class="preloader__text"></div>
</div>
<div class="intro-video full-screen js-intro-wrapper">
<div class="full-screen-video-wrapper">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/media/sequence/glitch/m/glitch_001.jpg" class="intro-video__element js-intro-sequence">
<video class='intro-video__element js-intro-video js-video-tag' id="intro-video" autoplay loop>
<source src='http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/media/video/introLoop.mp4' type='video/mp4'>
<source src='http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/media/video/introLoop.ogv' type='video/ogv'>
<source src='http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/media/video/introLoop.webm' type='video/webm'>
</video>
</div>
<div class="scroll-indicator"></div>
</div>
<div class="mobile-intro">
<div class="scroll-indicator"></div>
</div>
<div class="content-wrapper">
<header class="header">
<div class="wrapper clear">
<div class="logo">
<a href="http://rollingstone.com"
target="_blank"
onClick="ga('send', 'event', 'Head', 'Home');">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/header/logo.svg" alt="Rolling Stone" class="logo__img">
</a>
</div>
<img class="logo-mark" src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/header/rs_title_small.svg" alt="The Geeks On The Front Lines">
<div class="social-media-buttons">
<div class="social-media-buttons__label"><div class="inner">Share</div></div>
<div class="social-media-buttons__buttons">
<a class="facebook"
onClick="ga('send', 'event', 'Head', 'FB');">Facebook</a>
<a class="twitter"
target="_blank"
onClick="ga('send', 'event', 'Head', 'TW');">Twitter</a>
<a class="google-plus"
onClick="ga('send', 'event', 'Head', 'GP');">Google+</a>
<a class="pinterest"
onClick="ga('send', 'event', 'Head', 'PN');">Pinterest</a>
<a class="comment"
onClick="ga('send', 'event', 'Head', 'Comment');">Comment</a>
</div>
</div>
</div>
</header>
<div class="content wrapper clear">
<section class="geeks clear">
<div class="geeks__title">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/title/title.png" alt="" class="smallscreen">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/title/title.png" alt="" class="widescreen">
<div id="glitchy-image-1" class="glitchy-image">
<div class="glitchy-image__inner">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/glitches/1/blue-overlay.gif" alt="" class="glitchy-image__sub-image geeks__overlay">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/glitches/1/red-glitch-overlay.gif" alt="" class="glitchy-image__sub-image geeks__glitch">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/glitches/1/title-glitch.png" alt="" class="glitchy-image__sub-image">
</div>
</div>
</div>
<div class="geeks__bio">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/byline.svg" class="geeks--author">
<a href="https://twitter.com/davidkushner" target="_blank" class="davidkushner"></a>
<p class="geeks--inspired">HTML5 Article experience by the HTML5 Hub and Intel</p>
</div>
</section>
<section class="inside clear">
<div class="inside__text">
<p class="drop">
Inside a darkened conference room in the Miami Beach Holiday Inn, America’s most badass
hackers are going to war – working their laptops between swigs of Bawls energy drink as
Bassnectar booms in the background. A black guy with a soul patch crashes a power grid in
North Korea. A stocky jock beside him storms a database of stolen credit cards in Russia.
And a gangly geek in a black T-shirt busts into the Chinese Ministry of Information,
represented by a glowing red star on his laptop screen. “Is the data secured?” his buddy
asks him. “No,” he replies with a grin. They’re in.
</p>
<p>
Fortunately for the enemies, however, the attacks aren’t real. They’re part of a war game
at HackMiami, a weekend gathering of underground hackers in South Beach. While meatheads
and models jog obliviously outside, 150 code warriors hunker inside the hotel for a three-day
bender of booze, break-ins and brainstorming. Some are felons. Some are con artists. But
they’re all here for the same mission: to show off their skills and perhaps attract the attention
of government and corporate recruiters. Scouts are here looking for a new breed of soldier
to win the war raging in the online shadows. This explains the balding guy prowling the room
with an “I’m Hiring Security Engineers. Interested?” button pinned to his polo shirt.
</p>
<p>
Hackers like these aren’t the outlaws of the Internet anymore. A 29-year-old who goes by the
name th3_e5c@p15t says he’s ready to fight the good fight against the real-life bad guys. “If
they topple our government, it could have disastrous results,” he says. “We’d be the front line,
and the future of warfare would be us.”
</p>
<p>
After decades of seeming like a sci-fi fantasy, the cyberwar is on. China, Iran and other countries
reportedly have armies of state-sponsored hackers infiltrating our critical infrastructure. The
threats are the stuff of a Michael Bay blockbuster: downed power grids, derailed trains, nuclear
meltdowns. Or, as then-Defense Secretary Leon Panetta put it last year, a “cyber-Pearl Harbor... an
attack that would cause physical destruction and the loss of life, paralyze and shock the nation and
create a profound new sense of vulnerability.” In his 2013 State of the Union address, President Obama
said that “America must also face the rapidly growing threat from cyberattacks.…We cannot look back
years from now and wonder why we did nothing in the face of real threats to our security and our economy.”
</p>
<p>
The pixelated mushroom cloud first materialized in 2010 with the discovery of Stuxnet, a computer worm
said to be designed by the Israeli and U.S. governments, which targeted uranium-enrichment facilities
in Iran. Last fall, Iranian hackers reportedly erased 30,000 computers at a Middle Eastern oil company.
In February, security researchers released a report that traced what was estimated to be hundreds of
terabytes of stolen data from Fortune 500 companies and others by hackers in Shanghai. A leaked report
from the Department of Homeland Security in May found “increasing hostility” aimed online against “U.S.
critical infrastructure organizations” – power grids, water supplies, banks and so on.
</p>
<p>
Dave Marcus, director of threat intelligence and advance research at McAfee Federal Advanced Programs
Groups, part of McAfee Labs, a leading computer-security firm, says the effects would be devastating.
“If you shut off large portions of power, you’re not bringing people back to 1960, you’re bringing them
back to 1860,” he says. “Shut off an interconnected society’s power for three weeks in this country, you
will have chaos.”
</p>
<p>
Hence, events like HackMiami, where the competition to hire cyberwarriors is increasingly intense. “There’s
too much demand and not enough talent,” says Jeff “The Dark Tangent” Moss, founder of the largest hacker
convention, DefCon, held annually in Las Vegas. Despite the threats, a report by the Commission on the
Theft of American Intellectual Property, a group comprised of former U.S. government, corporate and academic
officials, recently concluded that so far the feds have been “utterly inadequate [in dealing] with the problem.”
While Uncle Sam is jockeying for the Internet’s best troops, private security firms are offering way more pay
and way less hassle. Charlie Miller, a famous hacker who exposed vulnerabilities in the MacBook Air and
iPhone, spent five years with the National Security Agency before joining Twitter’s security team. Earlier
this year, the DHS lost four top cybersecurity officials. In April, Peiter “Mudge” Zatko, a renowned member
of the pioneering hacker collective Cult of the Dead Cow who was working at the DOD’s Defense Advanced
Research Projects Agency, split for Silicon Valley to join his former DARPA boss, Regina Dugan. “Goodbye
DARPA,” he tweeted. “Hello Google!”
</p>
<p>
As a result, there’s a metawar taking place: one between government and industry to score the country’s
toughest geeks – like the ones here this weekend – to join their front lines before it’s too late. “We
need hackers,” Janet Napolitano, secretary of the Department of Homeland Security, told <em>Rolling Stone</em> in
June, “because this is the fastest-growing and fastest-changing area of threat that we’re confronting.”
A month later, however, she announced that she was leaving DHS too – stepping down from her post to head
the University of California system.
</p>
</div>
<div class="inside__waterfall">
<div class='inner'>
<a class="swipebox-waterfall intro-img-1" href="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/intro/intro-large.jpg">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/intro/intro.jpg" alt="">
</a>
<a class="swipebox-waterfall intro-img-2" href="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/intro/intro-1-large.jpg" >
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/intro/intro-1.jpg" alt="">
</a>
<a class="swipebox-waterfall intro-img-3" href="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/intro/intro-2-large.jpg">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/intro/intro-2.jpg" alt="">
</a>
<a class="swipebox-waterfall intro-img-4" href="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/intro/intro-3-large.jpg">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/intro/intro-3.jpg" alt="">
</a>
<img class='photo-credits' src='img/intro/photocredit-waterfall.svg' alt='Photos by Charles Ommanney/Reportage by Getty' />
</div>
</div>
<div id="glitchy-image-2" class="glitchy-image">
<div class="glitchy-image__inner">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/glitches/2/1.gif" alt="" class="glitchy-image__sub-image">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/glitches/2/2.gif" alt="" class="glitchy-image__sub-image">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/glitches/2/3.gif" alt="" class="glitchy-image__sub-image">
</div>
</div>
</section>
<section class="bonvillian clear">
<div class="bonvillian__img">
<img alt="" class="bonvillian__img__background" src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/bonvillian/bonvillian.jpg" />
<img alt="" class="bonvillian__img__cutout" src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/bonvillian/bonvillian-cutout.png" />
</div>
<img alt="" class="bonvillian__img--mobile mobile" src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/bonvillian/bonvillian--mobile.jpg" />
<div id="glitchy-image-12" class="glitchy-image">
<div class="glitchy-image__inner">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/glitches/12/1.jpg" alt="" class="glitchy-image__sub-image">
</div>
</div>
<div class="bonvillian__quote">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" alt="" class="bonvillian__text widescreen" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/quotes/quote-bonvillian.svg">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" alt="" class="bonvillian__text smallscreen" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/quotes/quote-bonvillian-m.svg">
</div>
<div class='rectangle-graphic'></div>
</section>
<section class="ferrari clear">
<div class="ferrari__img">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" alt="" class="ferrari__img__img" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/ferrari/humperdink.jpg">
<div id="glitchy-image-4" class="glitchy-image">
<div class="glitchy-image__inner">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/glitches/4/1.jpg" alt="" class="glitchy-image__sub-image">
</div>
</div>
<img class='photo-credits' src='img/photo-credits.svg' alt='Photos by Charles Ommanney/Reportage by Getty' />
</div>
<div id="glitchy-image-3" class="glitchy-image">
<div class="glitchy-image__inner">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/glitches/3/1.gif" alt="" class="glitchy-image__sub-image">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/glitches/3/2.gif" alt="" class="glitchy-image__sub-image">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/glitches/3/3.gif" alt="" class="glitchy-image__sub-image">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/glitches/3/4.gif" alt="" class="glitchy-image__sub-image">
</div>
</div>
<div class="ferrari__text">
<img class='photo-credits' src='img/photo-credits.svg' alt='Photos by Charles Ommanney/Reportage by Getty' />
<p class="drop">
Hey, dude!” says David Bonvillain. “Let me buy you a mojito!” It’s not even noon at the Holiday
Inn bar, but Bonvillain, head of the Denver-based Accuvant LABS, one of the most elite and flashiest
computer-security firms, is already working the crowd because, as he puts it, the competition is
“feverish.”
</p>
<p>
A brash, Ferrari-driving 40-year-old who chain-puffs an e-cigarette and is sleeved with tattoos,
Bonvillain is among the country’s top hacker scouts. While the feds try to recruit hackers on the
glory of public service, Accuvant has honed a sexier pitch. “We built an environment that allows
people to legally do the things that would put them in jail,” Bonvillain says, exhaling vapor, “and
we have a great time and make a good living doing it.”
</p>
<p>
Accuvant represents an upside to cyberwar: a booming market. Corporations spent $60 billion worldwide
on information-security services last year, according to a report by Gartner, a technology-research
firm, and are expected to shell out a whopping $86 billion in 2016. To the consternation of businesses
around the world, entrepreneurial hackers hunt for security flaws, then sell the technical info to
governments from Russia to North Korea, as well as the National Security
Agency here. Google and Microsoft are among those who pony up as well, hoping to improve their products.
Technical details on a single vulnerability go for as much as $150,000.
</p>
<p>
Accuvant specializes in attack and penetration, or “attack and pen” for short, infiltrating their
clients’ computer systems to expose and improve weaknesses. Their clients include everyone from banks
and hotels to federal agencies, which can pay upward of $100,000 for a single test of their services. To
maintain integrity during a penetration test, the client’s underlings aren’t told they’re being targeted.
A Minnesota casino hired Accuvant to try to break into its computer room and access its most sensitive
data. Not only did the team succeed – convincing workers they were tech-support staff – they walked out
the door carrying the casino’s computer servers. They then posed with their bounty by the slot machines,
flipping off the camera for a picture they sent to the casino’s boss. Another time, they hacked a
Department of Defense contractor by parking a rental car outside a warehouse and scanning the wireless
network with laptops and antennas. “It’s sad, honestly, how vulnerable they are,” Bonvillain says.
</p>
<div class='rectangle-graphic'></div>
<div class="ferrari__img--mobile">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" alt="" class="ferrari__img__img" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/ferrari/humperdink.jpg">
<div id="glitchy-image-4b" class="glitchy-image">
<div class="glitchy-image__inner">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/glitches/4/1.jpg" alt="" class="glitchy-image__sub-image">
</div>
</div>
<img class='photo-credits' src='img/photo-credits.svg' alt='Photos by Charles Ommanney/Reportage by Getty' />
</div>
<p>
Accuvant understands the talent better than most, because they rose from the hacker underground themselves.
Bonvillain, a metal guitarist who spent a night in jail in high school after getting busted riding his
motorcycle over 100 mph, started hacking computers and phone phreaking while at James Madison University
in Virginia in the mid-Nineties. “I wanted to break into stuff,” he says. “I thought it was the coolest
thing.” Inspired by the movie <em>War Games</em> but eager to stay out of trouble, he eventually put his skills
to use as a professional hacker testing security for companies that paid him. “As soon as I found out
that information security was actually a job and, even better, a job you could make some good cash at,
that was all I wanted to do,” he says.
</p>
<p>
Jon “Humperdink” Miller, a hulking, goateed 31-year-old in a backward baseball cap and shorts, who, as
head of research and development, oversees Accuvant’s military clients, is like a supersmart Chris Farley.
He started attending hacker conventions at age 13 and became notorious when he appeared at DefCon with no
shirt and a vanity license plate of his nickname around his neck. He jokes that his greatest hacker skill
is “drinking,” for which he has an award named after himself at the Vegas confab. When he was in high school
in San Diego, he says, he made $80,000 a year doing his own attack-and-pen operations. At 17, the National
Security Agency offered him a college education, a company car and a substantial stipend if he agreed to
work for them after graduation. But he passed on the offer. “Guys like me refuse to get clearance,” he says,
gulping a beer. “You have to be professional. You have to be reserved. Here, like, if you’re a loud asshole
and you’re smart, sweet! We know a lot of loud assholes.”
</p>
</div>
</section>
<section class="ferrari-lower clear">
<div class="ferrari-lower__text">
<div class='rectangle-graphic'></div>
<p>
Bonvillain balks over security clearance too. “If you’ve smoked pot more than six times, you can’t join
the FBI,” he says. “When they interviewed me, I asked, ‘In one day?’” The drug test is no small issue.
A three-year no-use policy eliminates a huge slice of the young hackers coming out of school into the
workforce. “That disqualifies a bunch of people that would be perfectly skilled and trustworthy,” says
Moss, “just because they smoked pot in college.”
</p>
<p>
Attracting and keeping cyberwarriors is as much about marketing a lifestyle as it is offering big bucks.
(The money is good, though, with salaries for top contractors at firms like Accuvant easily topping
$200,000 a year.) “Look at Alex,” Bonvillain says, pointing at Accuvant’s head of
security architecture, Alex Kah, a tatted-up Kentuckian with a slacker drawl. “Could you imagine
him trying to go into the NSA with ‘Louisville’ tattooed across his neck?” Accuvant
hires electronic-music duo the Crystal Method for its parties and makes the hippest swag in the business:
bootleg Adidas tracksuits, stickers and T-shirts modeled after Iron Maiden’s “The Trooper.”
To score one notorious hacker, they agreed to buy him his own gold-plated, $1,000 espresso machine.
“The reason we’re successful is because we market this like a metal band,” Bonvillain says.
</p>
<p>
And they’re fired up by the enemy. Humperdink grows red in the face when he starts ranting about how China
gives a pass to its rogue army of hackers. “If you’re a lone Chinese hacker not employed by the Chinese and
you want to hack Charles Schwab, go for it,” Humperdink says. “Consequence-free. Do whatever you want.
You’re fighting the great Satan. They’re completely covert about operational security. They don’t talk
about active hacks against the U.S. That’s completely off the record. That shit happens every day.”
</p>
<p>
Their outrage makes them even more patriotic. Humperdink comes from a family of Marines and law enforcement.
Bonvillain draws inspiration from his dad, a retired lieutenant colonel in the Army, who now works as an
intelligence officer for the Defense Intelligence Agency – serving posts in the Balkans, Afghanistan and
Iraq – and has been nominated for the counterintelligence’s hall of fame. “I’m deeply patriotic,” Bonvillain
says. It’s the same blend of working-class blues and American pride that fueled the old military. “Every
serious hacker that I know came from very, very blue-collar or underprivileged backgrounds,” he says. “It
made them hungry. They’re willing to do whatever it takes.”
</p>
</div>
<div class="ferrari-lower__text accordion--ferrari">
<div class="ferrari__accordion">
<p class="ferrari__accordion__title">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/nightmarescenario-title.svg" alt="">
</p>
<dl class="ferrari__expand">
<dt data-expand="1">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/nuclearplants-thumb.png" alt="" class="ferrari__accordion--img">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/nuclearplants.svg" alt="" class="ferrari__accordion--title">
</dt>
<dd data-content="1">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/nuclear-plants.png" alt="" class="ferrari__accordion--main-img">
<p>
<span>Scenario:</span> Hackers use a computer worm to take command of controls at a
nuclear power plant, causing a Chernobyl-style meltdown.
</p>
<p>
<span>Reality:</span> Stuxnet, which targeted a uranium-enrichment facility in Iran in 2010, proved this possible. Though Iran has not confirmed whether the worm successfully damaged the centrifuges, one Iranian scientist later reported that a hack forced computers to play AC/DC’s “Thunderstruck” at full volume on random machines in the middle of the night – just to drive them nuts.
</p>
</dd>
<dt data-expand="2">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/powergrids-thumb.png" alt="" class="ferrari__accordion--img">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/powergrids.svg" alt="" class="ferrari__accordion--title">
</dt>
<dd data-content="2">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/power-grids.png" alt="" class="ferrari__accordion--main-img">
<p>
<span>Scenario:</span> A worker at a power plant clicks on an e-mail link, unleashing
malicious software, which crashes electricity for an entire city.
</p>
<p>
<span>Reality:</span> A 2013 congressional report on Electric Grid Vulnerability
found more than a dozen of utilities report “daily,” “constant,” or “frequent” attempted
cyberattacks on their systems – one utility reported 10,000 in a month. “We know that foreign cyberactors
are probing America’s critical infrastructure networks,” then-Defense Secretary Leon Panetta said in October 2012.
“They are targeting the computer control systems that operate chemical, electricity and water
plants and those that guide transportation throughout the country.... We also know that they
are seeking to create advanced tools to attack these systems and cause panic, destruction
and even the loss of life.”
</p>
</dd>
<dt data-expand="3">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/trains-thumb.png" alt="" class="ferrari__accordion--img">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/trains.svg" alt="" class="ferrari__accordion--title">
</dt>
<dd data-content="3">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/trains.png" alt="" class="ferrari__accordion--main-img">
<p>
<span>Scenario:</span> Hackers take over train systems, derailing locomotives across America.
</p>
<p>
<span>Reality:</span> In 2008, a 14-year-old boy in Poland proved how easy this is to do. He built a device to control track points in the city of Lodz, causing four trams to jump tracks. "He treated it like any other schoolboy might a giant train set,” police said, “but it was lucky nobody was killed.” In December 2011, a rail company in the Pacific Northwest was attacked by hackers who disrupted train signals for two days. "Cyberattacks were not a major concern to most rail operators” until this time, the TSA stated in an internal memo obtained by Nextgov.com. “The conclusion that rail was [affected] by a cyberattack is very serious."
</p>
</dd>
<dt data-expand="4">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/waterplants-thumb.png" alt="" class="ferrari__accordion--img">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/waterplants.svg" alt="" class="ferrari__accordion--title">
</dt>
<dd data-content="4">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/waterplants.png" alt="" class="ferrari__accordion--main-img">
<p>
<span>Scenario:</span> Attackers hack into a water utility system, shutting off the
water supply for an entire city.
</p>
<p>
<span>Reality:</span>
In 2011, hackers breached a water plant in Springfield, Illinois, toggling the system on and off until one water pump burned out completely. Later that year, a hacker claimed to have used a simple three-character password to access the infrastructure system for South Houston – posting screenshots online to prove it. "I'm sorry this ain't a tale of advanced persistent threats and stuff,” he said, “but frankly most compromises I've seen have been a result of gross stupidity, not incredible technical skill on the part of the attacker. Sorry to disappoint."
</p>
</dd>
<dt data-expand="5">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/satellites-thumb.png" alt="" class="ferrari__accordion--img">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/satellites.svg" alt="" class="ferrari__accordion--title">
</dt>
<dd data-content="5">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/satellites.png" alt="" class="ferrari__accordion--main-img">
<p>
<span>Scenario:</span> Phone systems get disabled. Missile launches can’t be
monitored. Radio distress signals go unnoticed.
</p>
<p>
<span>Reality:</span> In 2011, the annual report of the U.S.-China Economic and
Security Review Commission revealed that two U.S. government satellites had been
hacked in 2007 and 2008 by hackers believed to be in China. “Such interference has the potential to pose
numerous threats, particularly if achieved against satellites with more
sensitive functions,” according to the report. “Access to a satellite‘s controls
could allow an attacker to damage or destroy the satellite.”
</p>
</dd>
<dt data-expand="6">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/wallstreet-thumb.png" alt="" class="ferrari__accordion--img">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/wallstreet.svg" alt="" class="ferrari__accordion--title">
</dt>
<dd data-content="6">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/wallstreet.png" alt="" class="ferrari__accordion--main-img">
<p>
<span>Scenario:</span> Hackers take over social media, posting messages from news
organizations on Twitter, Instagram and Facebook saying that Obama has been
assassinated – causing Wall Street investors to panic and sell off their goods.
</p>
<p>
<span>Reality:</span>
Something like this happened for real in April, when hackers hijacked the Associated Press Twitter feed, posting the phony message "Breaking: Two Explosions in the White House and Barack Obama is injured." A group called the Syrian Electronic Army took credit for the hack, which caused a momentary $200 billion drop in the Dow.
</p>
</dd>
</dl>
</div>
</div>
</section>
<section class="wrecking clear">
<div class="wrecking__img widescreen">
<div class="wrecking__img__img parallax"><!-- allows for parallax -->
<div class='parallax__inner'>
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" alt="" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/wrecking/jayson-hallway.jpg">
<div id="glitchy-image-13" class="glitchy-image">
<div class="glitchy-image__inner">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/wrecking/jayson-hallway-lights.png" alt="" class="glitchy-image__sub-image">
</div>
</div>
<div id="glitchy-image-5" class="glitchy-image">
<div class="glitchy-image__inner">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/glitches/5/1.gif" alt="" class="glitchy-image__sub-image">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/glitches/5/2.gif" alt="" class="glitchy-image__sub-image">
</div>
</div>
</div>
<div class="wrecking__caption widescreen">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" alt="" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/jayson/jayson-caption.svg">
</div>
</div>
</div>
<div class="wrecking__img smallscreen">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" alt="" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/wrecking/jayson-hallway-m.jpg">
<div class="wrecking__caption">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" alt="" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/jayson/jayson-caption-m.svg">
</div>
</div>
</section>
<section class="jayson clear">
<img class='photo-credits' src='img/photo-credits.svg' alt='Photos by Charles Ommanney/Reportage by Getty' />
<div class="jayson__text">
<p class="drop">
To get a sense of just how weak our cyberdefenses are, I take a trip with Jayson Street, Chief
Chaos Coordinator for another firm, Krypton Security, into the basement of a hotel in South Beach.
We breeze past an open door with a taped sign that reads, “Doors must be closed at all
times!!!” This is where the brains of the building live – the computer network, the alarm system,
the hard drives of credit-card numbers – but, as Street tells a brawny security guard, he’s here
on the job, “doing a Wi-Fi assessment.” Street, a paunchy, 45-year-old Oklahoman in a black T-shirt
and jeans, flashes the hulk some indecipherable graphs on his tablet and says, “We’re good,” as he
continues into another restricted room.
</p>
<p>
The doors aren’t locked. No one seems to be monitoring the security cameras. The wires for the burglar-alarm
system are exposed, ready for an intruder to snip. We make our way to the unmanned computer room, where, in
seconds, Street could install malware to swipe every credit-card number coming through the system if he wanted
to. “They’re like every other hotel I’ve tried to go into,” he tells me. “They fail.”
</p>
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" alt="" class="jayson__img widescreen" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/quotes/quote-jayson.svg">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" alt="" class="jayson__img smallscreen" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/quotes/quote-jayson-m.svg">
<p>
Government agencies and corporations fly Street around the world to see if he can bullshit his way into their
most sensitive data centers. He has scammed his way into a bank in Beirut, a financial center across from Ground
Zero, a state treasury department. He usually records his infiltrations on a spy watch, a 16-gigabyte HD video
recorder with infrared lights, then turns over the footage to his clients. When I ask Street the tricks of his
trade, he tells me there are two keys to stealing data in person: act like you’re supposed to be there and carry
a tablet PC, which convinces victims he’s a tech-support worker. “People see this thing,” he says, waving his
tablet, “and think it’s magical.”
</p>
</div>
<div class="jayson__text">
<div class="jayson__text--video clear">
<div class="jayson__video-wrap">
<a href="http://ooyala.com/123"
rel="ooyala"
class="swipebox"
onClick="ga('send', 'event', 'Video01', 'Play');">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" alt="" class="jayson__video" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/jayson/streetvideo-thumb.png">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" alt="" class="jayson__video--arrow" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/arrow.png">
</a>
</div>
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/jayson/jaysonstreet-videocaption.svg" alt="" class="jayson__video--text">
</div>
</div>
</section>
<section class="government clear">
<div id="glitchy-image-6" class="glitchy-image">
<div class="glitchy-image__inner">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/glitches/6/1.jpg" alt="" class="glitchy-image__sub-image">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/glitches/6/2.jpg" alt="" class="glitchy-image__sub-image">
</div>
</div>
<div class="government__text">
<p>
Street, who has authored a book about security flaws called <em>Dissecting the Hack</em>, is a highly sought-after speaker
at hacker conventions from ones in China to this weekend’s in Miami, and has consulting gigs in Cyprus, Jamaica
and Germany. “I am not an American hacker,” he says. “I am not a Oklahoma City hacker. I am a hacker. I don’t
care what country you’re from. If you’re trying to defend yourself and you’re trying to work to better protect
your company or your country, I’m all for it. I’m here trying to help secure the Internet.”
</p>
<p>
But there’s one job he’ll never take: working for the feds. “The American government has to understand that to
get someone who thinks outside the box to work for you, you can’t immediately put them in a box,” he says. “And
that’s the problem.”
</p>
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" alt="" class="government__quote widescreen" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/quotes/quote-government.svg">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" alt="" class="government__quote smallscreen" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/quotes/quote-government-m.svg">
<p>
Street is among the many who cite the legacy of the late hacktivist Aaron Swartz as a cautionary tale. A research
fellow at Harvard, Swartz accessed the MIT computer system and downloaded millions of academic-journal articles.
He was charged with violating the Computer Fraud and Abuse Act and, facing decades in prison and $1 million in
fines, committed suicide in January. “The government says, ‘Hey, we really need your help, can you hack for us?’”
Street says of Swartz. “And then, on the other hand, it’s like ‘Oh, you’re a hacker, you’re going to jail! We’re
going to hound you until you kill yourself.’”
</p>
</div>
</section>
<section class="mobman clear">
<div class="mobman__full">
<div class='mobman__img widescreen'>
<div class="mobman__caption">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" alt="" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/mobman/mobman-caption.svg">
</div>
<div class="mobman__full__img parallax"><!-- allows for parallax -->
<img class='parallax__inner' src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" alt="" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/mobman/mobman.jpg">
</div>
<div id="glitchy-image-7" class="glitchy-image">
<div class="glitchy-image__inner">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/glitches/7/1.gif" alt="" class="glitchy-image__sub-image">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/glitches/7/2.gif" alt="" class="glitchy-image__sub-image">
</div>
</div>
</div>
<div class='mobman__img smallscreen'>
<div class="mobman__caption">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" alt="" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/mobman/mobman-caption-m.svg">
</div>
<img class='' src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" alt="" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/mobman/mobman-m.jpg">
</div>
</div>
</section>
<section class="mobman__lower clear">
<div class="mobman__text">
<img class='photo-credits' src='img/photo-credits.svg' alt='Photos by Charles Ommanney/Reportage by Getty' />
<p>
Gregory “Mobman” Hanis kicks back with his laptop on a florally upholstered couch in the Holiday Inn lobby,
ready to annihilate another 45 million people. He’s not doing it in warfare, though: He’s hacking <em>Candy Crush
Saga</em>, the most popular game on Facebook. As rows of sparkly treats fill his screen, he opens a second window,
which contains a program he wrote. With a few deft strokes, he casually cranks his <em>Candy Crush</em> score to 10
million, earning the high score and swiftly crushing the dreams of players who devote hours a day – not to
mention real money, which they use to buy extra lives – to the game. “It’s literally taking candy from babies,”
he says, with a sigh.
</p>
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" alt="" class="mobman__quote widescreen" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/quotes/quote-candy.svg">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" alt="" class="mobman__quote smallscreen" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/quotes/quote-candy-m.svg">
<p>
There’s a reason he sounds so weary. Mobman is a 32-year-old wizard who can hack just about anything but has
to settle for a job as a network admin for an online-poker company. That’s because he’s a convicted felon, a
black hat who, because of one major fuck-up as a teen, can’t get hired directly by the feds or most private
companies. His story represents another hitch in the cyber-recruitment race: the brilliant hackers who’ve crossed
the line earlier in life. “I’ve been in there. I know it, and I’ve done it,” he says. “That’s what you would get
from me.”
</p>
<p>
Like Street and the others, Mobman fits Bonvillain’s bill of being damaged and hungry. The son of a U.S. Marshall
mother and an absentee father, he got A’s in schoolwork but F’s in conduct. “I was bored,” he says. “They didn’t
push me.” Instead he pushed himself, writing a program that let him cheat in his favorite game, <em>Ultima Online</em>.
Mobman just wanted to steal virtual weapons and gold to get an edge. But when the program, Sub7, leaked
onto the Net, black hats around the world discovered it could be used to steal all kinds of things, including
AOL accounts and credit-card numbers. Sub7, the first hacking tool of its kind, went viral. “I was like, ‘Holy
shit,’” he recalls, “‘I’m gonna get in trouble.’”
</p>
<p>
Sub7 itself wasn’t illegal; it was the criminal use of it that was a problem. But in 1999, when Mobman was 19,
after getting pissed at AT&T for refusing to fix his overcharged cellphone bill, he hacked into the company to
change it himself. Instead, he says, he accidentally took down the entire AT&T network in California and Nevada
for almost two days. (An AT&T spokesperson won’t confirm or deny the attack.)
</p>
<p>
After pleading to a charge of “modification of intellectual property,” Mobman spent seven
months in jail awaiting trial before receiving five years' probation – and then spent months
living on the streets after his mom refused to take him back in. The experience left him changed and
determined to put his skills to good use. “That’s why I want a job,” he tells me.
“So I can do it legally.”
</p>
<p>
The federal cyberforces, though, generally don’t hire felons. But private contractors like Accuvant are technically
free to employ whomever they want. “For me – it depends on the felony :),” Bonvillain writes me in an e-mail.
“There was a day (10 years back or so) that such a conviction would have prevented his employment. Today, that’s
not as strict of an unwritten rule.” Though a felon would have trouble getting security clearance for more
hands-on jobs, he could still contribute as part of the security team.
</p>
<p>
For now, this leaves guys like Mobman to hustle work on the private side, which he’s busy doing here this weekend.
To help amp up his image, Mobman has been conducting his own security research at home, sometimes involving a bit
of hacking. He gives companies the opportunity to fix bugs, then posts his findings in white papers online. One
was about how hacking a single computer could take the entire country of Australia offline. Another one detailed
security holes in the popular Web-page-programming software Joomla. However, a few days after he posted the former,
he got a letter from the Department of Homeland Security. They weren’t impressed. They were informing him they’d
taken the paper down.
</p>
</div>
<div class="mobman__text mobman__text--accordion">
<div class="mobman__accordion">
<div class="mobman__expand">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/mobman-title.svg" alt="">
</div>
<dl class="mobman__expand">
<dt data-expand="1" class="timeline--left">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/timeline/timeline_01.svg" alt="" class="mobman__timeline--img">
<span class="mobman__circle"></span>
</dt>
<dd data-content="1">
<div class="mobman__expand__title">
<p class="mobman__expand--heading">
The Biggest Military Hack Ever
<i class="mobman__expand--icon"></i>
</p>
<p>
March 2002
</p>
</div>
<p class="mobman__expand--content">
For about a year, a single hacker had access to dozens of computers within the U.S.
Army, Navy, Air Force, NASA and the Department of Defense. The hacker turned out to
be Gary McKinnon, a man in London, later diagnosed with Aspergers, who claimed that he was merely looking
for evidence of UFO technology. No matter, McKinnon’s hack exposed the absurd vulnerability
of our military systems, which he accessed because they had miserably poor password
protection. United States attorney Paul McNulty called McKinnon’s feat "the biggest
military computer hack of all time."
</p>
</dd>
<dt data-expand="2" class="timeline--right">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/timeline/timeline_02.svg" alt="" class="mobman__timeline--img">
<span class="mobman__circle"></span>
</dt>
<dd data-content="2">
<div class="mobman__expand__title">
<p class="mobman__expand--heading">
Titan Rain
<i class="mobman__expand--icon"></i>
</p>
<p>
August 2005
</p>
</div>
<p class="mobman__expand--content">
The cyberwar with China began with Titan Rain, the U.S.’s code name for a series of attacks on government agency computers at the Defense Department, Homeland Security, as well as the State and Energy departments. "This is an ongoing, organized attempt to siphon off information from our unclassified systems,” one U.S. official said. A 2007 Pentagon report concluded that the People’s Liberation Army was stepping up its cybergame. "The PLA has established information warfare units to develop viruses to attack enemy computer systems and networks, and tactics and measures to protect friendly computer systems and networks," the report revealed. “In 2005, the PLA began to incorporate offensive [operations], primarily as first strikes against enemy networks."
</p>
</dd>
<dt data-expand="3" class="timeline--left">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/timeline/timeline_03.svg" alt="" class="mobman__timeline--img">
<span class="mobman__circle"></span>
</dt>
<dd data-content="3">
<div class="mobman__expand__title">
<p class="mobman__expand--heading">
Estonia
<i class="mobman__expand--icon"></i>
</p>
<p>
April 2007
</p>
</div>
<p class="mobman__expand--content">
After the Estonian government dismantled a Soviet World War II memorial, all hell broke loose online. Banks, news media and even government websites crashed in the wake of the most crippling cyberattack a country has ever seen. For the U.S., it was a foreboding sign of hackers’ brutally effective tools like denial-of-service attacks and botnets. Nashi, a young activist group supported by the Kremlin, later claimed responsibility, which the Kremlin denies. The hack showed how one lone hacker has the power to take down a country’s critical infrastructure with relative ease. <em>Live Free or Die Hard</em> turned from a fantasy scenario to a looming reality.
</p>
</dd>
<dt data-expand="4" class="timeline--right">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/timeline/timeline_04.svg" alt="" class="mobman__timeline--img">
<span class="mobman__circle"></span>
</dt>
<dd data-content="4">
<div class="mobman__expand__title">
<p class="mobman__expand--heading">
Anonymous
<i class="mobman__expand--icon"></i>
</p>
<p>
January 2008
</p>
</div>
<p class="mobman__expand--content">
When YouTube pulled down a leaked Tom Cruise video hyping the Church of Scientology, it unleashed
the wrath of the hacker collective Anonymous. The group attacked Scientology websites and rallied
protests of the church via social media. Over the next several years, Anonymous became a potent
political force. During 2011's Arab Spring, the group launched Operation Tunisia to fight against
government surveillance. The next year, Anons claimed to have attacked 650 websites in Israel after
the country’s latest actions in the Gaza Strip.
</p>
</dd>
<dt data-expand="5" class="timeline--left">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/timeline/timeline_05.svg" alt="" class="mobman__timeline--img">
<span class="mobman__circle"></span>
</dt>
<dd data-content="5">
<div class="mobman__expand__title">
<p class="mobman__expand--heading">
Power Grids and Fighter Jets
<i class="mobman__expand--icon"></i>
</p>
<p>
April 2009
</p>
</div>
<p class="mobman__expand--content">
Current and former U.S. officials revealed to <em>The Wall Street Journal</em> that Chinese and Russian spies hacked our critical infrastructure, including power grids. One official said that the intruders had not yet sought to destroy these systems, but had left behind software programs that would enable them to do so at the flick of a switch. “If we go to war with them,” he warned, “they will try to turn them on." Department of Homeland Security head Janet Napolitano said that “the vulnerability is something [we] have known about for years.” Reports also implicated China for hacking into the plans for the Pentagon's $300 billion Joint Strike Fighter project. The Chinese Embassy responded in a statement that China "opposes and forbids all forms of cybercrimes” and called the reports “a product of the Cold War mentality…fabricated to fan up China threat sensations."
</p>
</dd>
<dt data-expand="6" class="timeline--right">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/timeline/timeline_06.svg" alt="" class="mobman__timeline--img">
<span class="mobman__circle"></span>
</dt>
<dd data-content="6">
<div class="mobman__expand__title">
<p class="mobman__expand--heading">
North Korea
<i class="mobman__expand--icon"></i>
</p>
<p>
July 2009
</p>
</div>
<p class="mobman__expand--content">
After sanctions were imposed on North Korea following nuclear tests in late May, the U.S.
and South Korea faced days of sustained cyberattacks. In the U.S., computers at agencies
including the Defense Department, the Treasury Department, the
Secret Service, the State Department, the Federal Trade Commission and the Federal Aviation
Administration were subjected to denial-of-service attacks, along with tens of thousands of
computers in South Korea, according to that country’s National Intelligence Service. Though
North Korea was suspected of having orchestrated the attacks, the source remains unknown.
</p>
</dd>
<dt data-expand="7" class="timeline--left">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/timeline/timeline_07.svg" alt="" class="mobman__timeline--img">
<span class="mobman__circle"></span>
</dt>
<dd data-content="7">
<div class="mobman__expand__title">
<p class="mobman__expand--heading">
Operation Aurora
<i class="mobman__expand--icon"></i>
</p>
<p>
January 2010
</p>
</div>
<p class="mobman__expand--content">
Google was attacked by hackers in China. Dubbed Operation Aurora, after the type of application
the hackers used, the massive case of cyberespionage was later attributed to the Chinese government,
with U.S. companies including Adobe, Symantec, Northrop Grumman, Morgan Stanley and Yahoo
falling victim. U.S. government officials later said that the hackers breached a secret database
with what the <em>Washington Post</em> called “years’ worth of information about U.S. surveillance targets,” specifically Chinese spies
being monitored in the United States.
</p>
</dd>
<dt data-expand="8" class="timeline--right">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/timeline/timeline_08.svg" alt="" class="mobman__timeline--img">
<span class="mobman__circle"></span>
</dt>
<dd data-content="8">
<div class="mobman__expand__title">
<p class="mobman__expand--heading">
Stuxnet
<i class="mobman__expand--icon"></i>
</p>
<p>
Summer 2010
</p>
</div>
<p class="mobman__expand--content">
Cyberwar entered a dangerous new era with Stuxnet, a computer worm said to have been created by the U.S. and Israel that attacked a uranium-enrichment plant in Iran. By compromising the industrial systems-operation software, Stuxnet was capable of spying on and controlling the computers, as well as destroying centrifuges. Stuxnet, which could be installed on infected thumb drives, spread out of control to at least five other countries, including the U.S. Defense Secretary Leon Panetta warned of a possible “cyber Pearl Harbor.”
</p>
</dd>
<dt data-expand="9" class="timeline--left">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/timeline/timeline_09.svg" alt="" class="mobman__timeline--img">
<span class="mobman__circle"></span>
</dt>
<dd data-content="9">
<div class="mobman__expand__title">
<p class="mobman__expand--heading">
Operation Shady RAT
<i class="mobman__expand--icon"></i>
</p>
<p>
August 2011
</p>
</div>
<p class="mobman__expand--content">
McAfee, the security-research firm, uncovered a massive five-year wave of hacker attacks against governments, nonprofits and corporations around the world. Called Shady RAT, for the remote-access tool used by the infiltrators, the breaches hit over 70 organizations including government agencies in the U.S., Taiwan, Canada, and India, as well as the International Olympic Committee and several defense contractors. McAfee attributed the attacks to a single state actor, though didn’t name the country, which some sources believe to be China. "This is the biggest transfer of wealth in terms of intellectual property in history,” a McAfee exec said at the time. “The scale at which this is occurring is really, really frightening.”
</p>
</dd>
<dt data-expand="10" class="timeline--right">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/timeline/timeline_10.svg" alt="" class="mobman__timeline--img">
<span class="mobman__circle"></span>
</dt>
<dd data-content="10">
<div class="mobman__expand__title">
<p class="mobman__expand--heading">
U.S. Weapons Plans Hacked
<i class="mobman__expand--icon"></i>
</p>
<p>
May 2013
</p>
</div>
<p class="mobman__expand--content">
In a report prepared for the Pentagon, the Defense Science Board found that hackers
from China had accessed plans for more than two dozen of the U.S.’s most advance
weapons systems. The targets included the Patriot missile system, Aegis ballistic-missile-defense system,
Black Hawk choppers and the $1.4 trillion F-35 Joint Strike Fighter, the costliest
fighter jet ever made. “When I look at the theft of intellectual property to the tune of $1
trillion,” said Texas Rep. Michael McCaul, “that’s a serious economic issue
for the United States.” A Chinese Foreign Ministry spokesman responded by saying that
“China pays high attention to the cybersecurity issue and is firmly opposed to all
forms of hacker attacks.”
</p>
</dd>
<dt data-expand="11" class="timeline--left">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/timeline/timeline_11.svg" alt="" class="mobman__timeline--img">
<span class="mobman__circle"></span>
</dt>
<dd data-content="11">
<div class="mobman__expand__title">
<p class="mobman__expand--heading">
Iran Hacks U.S. Energy Companies
<i class="mobman__expand--icon"></i>
</p>
<p>
May 2013
</p>
</div>
<p class="mobman__expand--content">
Hackers, with the support of the Iranian government, were exposed for targeting oil
and gas companies in the U.S. "This is representative of stepped-up cyberactivity
by the Iranian regime. The more they do this, the more our concerns grow," one U.S.
official said. "What they have done so far has certainly been noticed, and they should
be cautious."
</p>
</dd>
<dt data-expand="12" class="timeline--right">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/accordion/timeline/timeline_12.svg" alt="" class="mobman__timeline--img">
<span class="mobman__circle"></span>
</dt>
<dd data-content="12">
<div class="mobman__expand__title">
<p class="mobman__expand--heading">
U.S. Goes on the Cyberoffensive
<i class="mobman__expand--icon"></i>
</p>
<p>
June 2013
</p>
</div>
<p class="mobman__expand--content">
An unpublished presidential directive from Obama leaked, showing that the U.S. is going on the cyber offense. “Offensive Cyber Effects Operations,” the report stated, “can offer unique and unconventional capabilities to advance U.S. national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging.” Among other things, the report authorized cyberwar attacks when “U.S. national interests and equities” were at stake, but also left room for “anticipatory action” just in case. Adding fuel to the fire, National Security Agency leaker Edward Snowden claimed that the U.S. has already hacked thousands of targets, including computers in China.
</p>
</dd>
</dl>
</div>
</div>
</section>
<section class="miami-slider clear">
<img class='slideshow-photo-credits' src='img/miami/photocredit-slideshow.svg' alt='' />
<!-- slides -->
<div class="flexslider">
<ul class="slides">
<li>
<img alt="" class="miami-slide__img" src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/miami/slide-1.jpg">
<div class="miami-slide__caption">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/miami/hackmiami-caption-1.svg" alt="Caption">
</div>
<div id="glitchy-image-8a" class="glitchy-image">
<div class="glitchy-image__inner">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/glitches/8/a/1.gif" alt="" class="glitchy-image__sub-image">
</div>
</div>
</li>
<li>
<img alt="" class="miami-slide__img" src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/miami/slide-2.jpg">
<div class="miami-slide__caption">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/miami/hackmiami-caption-2.svg" alt="Caption">
</div>
<div id="glitchy-image-8b" class="glitchy-image">
<div class="glitchy-image__inner">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/glitches/8/b/1.jpg" alt="" class="glitchy-image__sub-image">
</div>
</div>
</li>
<li>
<img alt="" class="miami-slide__img" src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/miami/slide-3.jpg">
<div class="miami-slide__caption">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/miami/hackmiami-caption-3.svg" alt="Caption">
</div>
<div id="glitchy-image-8c" class="glitchy-image">
<div class="glitchy-image__inner">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/blank.gif" data-echo="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/glitches/8/c/1.jpg" alt="" class="glitchy-image__sub-image">
</div>
</div>
</li>
<li>
<img alt="" class="miami-slide__img" src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/miami/slide-4.jpg">
<div class="miami-slide__caption">
<img src="http://cdn.rollingstone.com/feature/the-geeks-on-the-frontlines/img/miami/hackmiami-caption-4.svg" alt="Caption">
</div>
<div id="glitchy-image-8d" class="glitchy-image">
<div class="glitchy-image__inner">