Federal law-enforcement agents haven’t been exactly welcome at Black Hat, the security conference that approaches large-scale IT security from the cracker’s point of view.
This year they’re not welcome at all, at least at the larger Def Con conference that spawned Black Hat and is usually held in conjunction with it. The reason? The ever-growing scandal over revelations of NSA surveillance programs that allegedly capture data on millions of phone calls and emails by tens of millions of Americans.
The resulting hostility toward the NSA and other government intelligence or law-enforcement agencies could ruin the carefully non-confrontational atmosphere at the conferences.
Def Con and the feds who attend the annual hacker gathering “need some time apart,” according to a post from Def Con/Black Hat founder Jeff Moss, who is also known as Dark Tangent. “For over two decades Def Con has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics and feds can meet, share ideas and party on neutral territory.”
He added: “When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a ‘time-out’ and not attend Def Con this year. This will give everybody time to think about how we got here, and what comes next.”
The note is a request, not an outright ban, and refers only to Def Con (which Moss oversees) and not Black Hat, which he sold seven years ago to tech-publishing giant UBM Plc.
Though they embody hacker culture more than most tech events, neither Def Con nor Black Hat is dominated either by full-time hackers or genuine criminals. Most attendees are security professionals from end-user companies, security or research firms, IT consultants or academics. Even Dark Tangent is better known these days under his proper name and title as chief science officer at Internet-domain authority ICANN. He is also a member of the U.S. Homeland Security Advisory Council, which was formed in 2009 to advise top-level federal law-enforcement officials on IT security.
Moss even invited feds to the first Def Con, because he thought they’d come anyway, he told Reuters. Federal agencies officially declined to participate, but feds working in them showed up incognito, and have been part of the community ever since. “We created an environment where the Feds felt they could come and it wasn’t hostile,” Moss said to the newswire in a 2012 interview. “We could ask them questions and they wanted to ask the hackers about new techniques.”
NSA chief (and four-star general) Keith Alexander spoke at the conference in 2012, and is scheduled to speak at Black Hat this year as well. He will even take questions from the audience, according to Black Hat General Manager Trey Ford.
Even as mainstream as Def Con has become, however, the community it serves is a little shocked and very offended by revelation of the scope and persistence of federal surveillance programs, Moss said. The community is still highly suspicious of government efforts at clandestine surveillance and penetration, which many regard as violations of both their personal ethos and of the laws the feds are supposed to enforce.
“There’s nothing political in his message,” according to Robert Graham, founder and CEO of Errata Security, blogging in support of Moss’ request.
“A highly visible fed presence is likely to trigger conflict with people upset over Snowden-gate. From shouting matches, to physical violence, to ‘hack the fed’, something bad might occur. Or, simply attendees will choose to stay away,” Graham added.
The ban on feds has also generated controversy. Network security consulting firm Secure Ideas, for example, cancelled a presentation on SharePoint security. “The issue we are struggling with, and the basis of our decision, is that we feel strongly that Def Con has always presented a neutral ground that encouraged open communication among the community, ” CEO Kevin Johnson wrote in a blog explaining the move. “We believe the exclusion of the ‘feds’ this year does the exact opposite at a critical time.”
The ban is unlikely to keep many feds away from Def Con, but it certainly reflects a more sober approach to the adversarial relationship between hackers and feds. Def Con is unlikely to repeat acts of dark whimsy such as last year’s decision to place the NSA’s recruitment table next to that of the Electronic Frontier Foundation, which has an adversarial relationship with the agency.
“Here’s the thing,” wrote Errata Security’s Graham. “[Def Con is] not a fed convention but a hacker party. The feds don’t have a right to be there– the hackers do. If bad behaving hackers are going to stir up trouble with innocent feds, it’s still the feds who have to go.” Or not go, as the case may be.
Image: Black Hat USA