This Is How They Tell Me the World Ends: The Cyberweapons Arms Race

David Aitel is a former NSA hacker known for authoring an influential hacking manual titled The Shellcoder’s Handbook. In 2002, he began a penetration testing company called Immunity Inc., which used an automatic exploitation tool called Canvas to test the security measures protecting a particular system. His team was also frequently hired to train security contractors on how to use zero-day exploit techniques. Aitel’s first employee was a Kurdish hacker named Sinan Eren, who had moved to the United States from his native Turkey. Eren had used hacking techniques to fight government oppression as a hacktivist in Turkey, and he frequently expressed reservations about the morality of teaching hacking techniques to government agencies—even American allies—who might then use them to spy on their own people. He outright refused to work with representatives from the Turkish military, and he eventually left Immunity Inc. in 2009 so that he could be more discerning about his clients. In 2015, Aitel left his career in offensive hacking entirely and dedicated himself to developing apps to help users evade government surveillance.

Another former NSA hacker, David Evendon, was recruited to work for an Emeriti security company called CyberPoint in 2014. He soon saw red flags in the operation of the company, which ordered him to lie about his job description and hack foreign nations such as Qatar—supposedly in pursuit of terrorist connections.