General Keith Alexander stresses common ground between US officials and hackers at Def Con gathering in Las Vegas

This article is more than 8 years old

This article is more than 8 years old

The head of the American government's secretive National Security Agency has taken the unprecedented step of asking a convention of computer hackers to join him in an effort to make the internet more secure.

In a speech to the 20th annual Def Con gathering in Las Vegas, the four-star general Keith Alexander stressed common ground between US officials and hackers, telling them privacy must be preserved and that they could help by developing new tools.

"You're going to have to come in and help us," Alexander told thousands of attendees.

The conference founder, Jeff Moss, known in hacking circles as the Dark Tangent, told the conference he had invited Alexander, who rarely gives speeches, because he wanted them to learn about one of the world's "spookiest, least known" organisations.

Attendees were respectful and gave modest applause, though several said they were concerned about secret government snooping and the failure of authorities thus far to stop foreign-backed attacks.

"Americans pay taxes so that federal agencies can defend them," said a researcher who asked not to be named. "I see it as a hard sell asking a business entity to spend money for the common good."

Alexander won points by wearing the hacker "uniform" of jeans and a tee shirt, wandering the halls and praising specific hacking efforts, including intrusion detection tools and advances in cryptology.

He also confronted civil liberties concerns that are a major issue for many researchers devoted to the internet.

Taking questions screened by Moss, Alexander denied that the NSA had dossiers on millions of Americans, as some former employees have suggested.

"The people who would say we are doing that should know better," he said. "That is absolute nonsense."

Alexander used the speech to lobby for a cyber security bill moving through the Senate that would make it easier for companies under attack to share information with the government and each other as well as give critical infrastructure owners some reward for adhering to future security standards.

"Both parties see this as a significant problem," he said, adding that the experts like those at Def Con should help in the process. "What are the standards that we should jointly set that critical networks should have?"

In addition to conducting electronic intelligence gathering, primarily overseas, the defence-department-controlled NSA is charged with protecting the American army from cyber-attacks.

Increasingly, it has been sharing its findings with the FBI to aid in criminal cases and with the department of homeland security, which warns specific industries of new threats.

Displaying a slide with the logos of several dozen of companies breached by criminals or spies in the past two years, Alexander said only the most competent even knew they had been hacked.

"There are 10 times, almost 100 times more companies that don't know they have been hacked," he said.