The DEFCON annual hacker conference is 15 years old. In technological time, 15 years is several generations, and in popular culture terms -- it's an eternity. As the founder of DEFCON and its sister conference Black Hat, I've had a ringside seat for many of the major events in the world of digital security, and I've watched how the media perceives our culture up close.
Dateline NBC sent reporter Michelle Madigan to our DEFCON 15 convention in Las Vegas this past August. You might be one of the million or so viewers who saw the
YouTube Inc. video of the reporter fleeing the scene. You might have seen some of the coverage that reveled in the schadenfreude of the undercover reporter being outmaneuvered by her quarry.
Madigan was apparently trying to do a shock piece for NBC Dateline by taping underground hackers admitting to breaking the law and then attempting to tie them to federal agents who also attended the show.
Since she fled at the prospect of being "outed," we'll never know what the finished piece would have looked like. Still, extrapolating from the promotional clips Dateline usually runs, it's easy to imagine the juicy teaser that would have accompanied the story -- the faux night-vision, the blurry code on a monochrome monitor, the ominous voice-over, the modem tones from the network's SFX library.
I won't deny that it was fun to see the tables turned on a morally gray enterprise like sting journalism. The video is pretty funny, too, in a lo-fi, citizen's arrest sort of way. Still, all the coverage misses the real point. Fifteen years after I started DEFCON, 21 years after the publication of "The Hacker Manifesto," TV news still doesn't seem to have any idea who we are -- either as a conference or as a culture.
First, Madigan wanted to sneak into an underground culture to expose it to Dateline's viewers in Kansas. In this case "underground" is a pretty relative term. DEFCON 15 had about 7,000 paying attendees. It was covered well in the business and tech press -- two branches of the media that it pleases us to report are increasingly "clueful" about our scene. International press was in attendance and, as always, there was a very significant Federal and law enforcement presence. Further, the event was held in a Vegas casino -- it's hard to imagine a place with more cameras per square foot.
Second, there are big stories brewing in the world of data security and information warfare that TV news still doesn't get. These stories need to be told outside the ghetto of tech and business magazines. From Fast Flux DNS, used to make botnets harder to stop, to commoditized Web exploit packs, such as Webattacker and Impact, there are big and difficult problems to solve out there.
The new class of mega-botnets is set to harness the power of millions of unsuspecting users to deny service and commit crime on a truly unsettling scale. The fee-for-service, highest-bidder nature of modern malware can lead to DOS attacks that are meant for international aggression rather than coder's glory. The fact that online users are less and less required to participate in the infection of their machines and networks is also worrisome -- without awareness and intervention, cross-site scripting, and hidden iFrame, exploits could make identity theft a wholesale, invisible process from which few are safe. That is, of course, saying nothing of the potential effects on the economy created by customers losing faith in online commerce.
As our world becomes smaller and the digital ties that bind us grow stronger, there are going to be more stories like these, and an informed citizenry is our best defense. By declining the press credentials we repeatedly offered, Dateline missed an opportunity to talk to some of the world's best-informed information security minds, and missed it to pursue a trivial (and probably imaginary) scandal.
In some important ways, however, Madigan was right. The people in Kansas probably would have been interested in what is going on at DEFCON, and with the world of hackers in general.
They might have been very interested in the level of trust that has developed between the DEFCON community, the press, and law enforcement over the years. In fact, it was partly to protect undercover agents that Madigan was outed. Far from being the seedy back alley of overheated media fantasy, DEFCON is a model of the way transparency defuses mistrust and creates a safe place to exchange ideas.
The people of Kansas might well have been interested in the crucial role that hackers play in puncturing the claims of security snake oil salesmen. Where else could you watch a 12-year-old girl break into the latest in high-tech burglarproof locks? Where else would you learn the massive vulnerability that lurks in all those prox-card security buildings? RFID tags, WiFi, malware -- all of these are likely to be of great interest to America, middle and otherwise.
The headlines are full of stories that touch on the issues of liberty and security that animate our community. In the era of warrantless wiretapping and identity theft, the hacker's concerns are truly universal.
The world of hackers hasn't been "underground" in the classical sense for a long time. The Internet has brought the frontier into everyone's home. And DEFCON continues to welcome reporters who aren't afraid to declare themselves -- it's always been part of our mission to help the world understand the importance of digital literacy. TV news needs to catch up to its peers in the business and tech press and update its idea of us if it wants to understand the wired world we are all living in.
For the record, among the goths, cops, slackers, and nerds were more than a few people from Kansas.
— Jeff Moss, Founder & Director of Black Hat