The DEFCON annual hacker conference is 15 years old. In technological time, 15 years is several generations, and in popular culture terms -- it's an eternity. As the founder of DEFCON and its sister conference Black Hat, I've had a ringside seat for many of the major events in the world of digital security, and I've watched how the media perceives our culture up close.
Dateline NBC sent reporter Michelle Madigan to our DEFCON 15 convention in Las Vegas this past August. You might be one of the million or so viewers who saw the
YouTube Inc.video of the reporter fleeing the scene. You might have seen some of the coverage that reveled in the schadenfreude of the undercover reporter being outmaneuvered by her quarry.
Madigan was apparently trying to do a shock piece for NBC Dateline by taping underground hackers admitting to breaking the law and then attempting to tie them to federal agents who also attended the show.
Since she fled at the prospect of being "outed," we'll never know what the finished piece would have looked like. Still, extrapolating from the promotional clips Dateline usually runs, it's easy to imagine the juicy teaser that would have accompanied the story -- the faux night-vision, the blurry code on a monochrome monitor, the ominous voice-over, the modem tones from the network's SFX library.
I won't deny that it was fun to see the tables turned on a morally gray enterprise like sting journalism. The video is pretty funny, too, in a lo-fi, citizen's arrest sort of way. Still, all the coverage misses the real point. Fifteen years after I started DEFCON, 21 years after the publication of "The Hacker Manifesto," TV news still doesn't seem to have any idea who we are -- either as a conference or as a culture.
First, Madigan wanted to sneak into an underground culture to expose it to Dateline's viewers in Kansas. In this case "underground" is a pretty relative term. DEFCON 15 had about 7,000 paying attendees. It was covered well in the business and tech press -- two branches of the media that it pleases us to report are increasingly "clueful" about our scene. International press was in attendance and, as always, there was a very significant Federal and law enforcement presence. Further, the event was held in a Vegas casino -- it's hard to imagine a place with more cameras per square foot.
Second, there are big stories brewing in the world of data security and information warfare that TV news still doesn't get. These stories need to be told outside the ghetto of tech and business magazines. From Fast Flux DNS, used to make botnets harder to stop, to commoditized Web exploit packs, such as Webattacker and Impact, there are big and difficult problems to solve out there.
The new class of mega-botnets is set to harness the power of millions of unsuspecting users to deny service and commit crime on a truly unsettling scale. The fee-for-service, highest-bidder nature of modern malware can lead to DOS attacks that are meant for international aggression rather than coder's glory. The fact that online users are less and less required to participate in the infection of their machines and networks is also worrisome -- without awareness and intervention, cross-site scripting, and hidden iFrame, exploits could make identity theft a wholesale, invisible process from which few are safe. That is, of course, saying nothing of the potential effects on the economy created by customers losing faith in online commerce.
As our world becomes smaller and the digital ties that bind us grow stronger, there are going to be more stories like these, and an informed citizenry is our best defense. By declining the press credentials we repeatedly offered, Dateline missed an opportunity to talk to some of the world's best-informed information security minds, and missed it to pursue a trivial (and probably imaginary) scandal.
In some important ways, however, Madigan was right. The people in Kansas probably would have been interested in what is going on at DEFCON, and with the world of hackers in general.
They might have been very interested in the level of trust that has developed between the DEFCON community, the press, and law enforcement over the years. In fact, it was partly to protect undercover agents that Madigan was outed. Far from being the seedy back alley of overheated media fantasy, DEFCON is a model of the way transparency defuses mistrust and creates a safe place to exchange ideas.
The people of Kansas might well have been interested in the crucial role that hackers play in puncturing the claims of security snake oil salesmen. Where else could you watch a 12-year-old girl break into the latest in high-tech burglarproof locks? Where else would you learn the massive vulnerability that lurks in all those prox-card security buildings? RFID tags, WiFi, malware -- all of these are likely to be of great interest to America, middle and otherwise.
The headlines are full of stories that touch on the issues of liberty and security that animate our community. In the era of warrantless wiretapping and identity theft, the hacker's concerns are truly universal.
The world of hackers hasn't been "underground" in the classical sense for a long time. The Internet has brought the frontier into everyone's home. And DEFCON continues to welcome reporters who aren't afraid to declare themselves -- it's always been part of our mission to help the world understand the importance of digital literacy. TV news needs to catch up to its peers in the business and tech press and update its idea of us if it wants to understand the wired world we are all living in.
For the record, among the goths, cops, slackers, and nerds were more than a few people from Kansas.
We've come a long way from the MIT model railroad society.
Hacking is not limited to computers, it is a way of life. It's taking a tool and finding a way to make it useful.
I really resent the media and others attributing the term to the criminal element. Are there criminal hackers, you bet. Are there good hackers, more than you know.
To use a geometric parallel. A square is a rectangle but all rectangles are not squares.
A criminal hacker is a hacker, but all hackers are not criminals.
I've given up with personally trying to educate people on the topic, and the term "hacker" vs. "cracker".
Without really dating myself, I started programming when "hacker" was a badge of honor. It meant you were a wizard of a programmer, whose code was fit to be admired and emulated.It did NOT mean you were a criminal.
Then a few sensationalist in the media got to playing with the term, and suddenly hacker is equal to what the rest of us used to call "Crackers" - people who would deliberately, maliciously disrupt other people's code, or steal CPU time from other people.
People that nobody liked knowing.
Then groups like the Russian Mafia got involved in malware, and suddenly "Hackers = Criminals"
So what does that leave for us "white-hat-hackers" to call ourselves?
My expectation to be in Blackhat and DefCon are to getting out-of-the-box ideas in security and trend, I have achieved indeed from meeting the speakers like Johnny Long and HD Moore and various audience. Most of them are from vendors, research team and consulting firms. It is great to have Technical and life sharing
From DefCon, there was an international event like CTF to defense and attack other team's server and maintain system service level and intereting booth. Lockpicking makes people with fun and with awareness on physical security (at least, I back to home and check my lock, getting to know what is Lock Bumping)
Most of our topics are about what is the next wave of security risk and threat during our mid-night talk in pub and share the tricks in our jobs as well as possible extension. Meanwhile, as I come from Hong Kong, I could share kinds of trend and ideas from China with professionals from US and Europe.
I understand news and presses would like to emphasize "Dark Side of DefCon". Hopefully, is it readily rather positive to report "Bright Side of Hacker Community" (like Johnny Long has raised concern from hacker community to travel to 3rd country to help simple IT stuff - Networking and Installation)?
Undeniably, "Hackers" always impress public kinds of "stealing", "damaging" and "stealthy". The presentation of "Hacker" is readily individual. Some are determined hacker to make money from dark side and some would like to help the world. However, I could confirm the world has been changing, this concept is no longer valid and, hopefully, our press and news media also grow with the world.
Mostly to hounhosp, but also to anyone new to digital life:
Part 1, Re: Defcon
Defcon is legal. There are no laws being broken there that are not also being broken at, let's say, a shoe salesman convention.
Black hat is overrun with corporate IT type hackers, and tailored to their needs. Defcon is overrun with individual autonomous hackers, and is tailored to their needs. Both are well run and are succussful because DT has the sense to not try to be all things to all people (ala SANS).
Part 2, Re: Hacking:
I maintain many aliases, I keep a low profile, and I'm not the only one. I avoid law enforcement entanglements and press contacts scrupulously.
The sensationalist press makes no effort to get the story right, so we must avoid (even accidentally) feeding them some bit of data that they can spin into sellable crap. Any speck of information you give them will come back to haunt you in a barely recognizable form.
The law enforcement individuals are mostly very good (particularly the FBI foot soldiers), but there are some idiots out there (think Barney Fife) who believe what the mainstream press writes. They already know you are guilty. Once you are in the legal system there is no way out. The computers have your personal info and they are constantly connecting the dots. It takes years to get out of the system. It is better to be completely unnoticable.
A hacker from kansas. (Wow, that's more personal disclosure than I have done in 10 years.)
*Fifteen years after I started DEFCON, 21 years after the publication of "The Hacker Manifesto," TV news still doesn't seem to have any idea who we are -- either as a conference or as a culture*
Do you really need it? Do you need TV news and the general public have an idea who are hackers.I mean if you start to study Internet, every single book notices the difference between hackers and crackers and glorify the contribution of hackers in WWW and Internet development and gives a definition on hackers...bla bla bla. But most of the TV news ( i really think almost every tv channel) are not interested in searching how the things really look like or what the culture is of that "strange computer people".They are interested in public's attention.And it is easier to follow "hollywood hacker's image" than to find how it works in fact. ( IMHO:)
In early '94 I was almost 13 and it was the first time I found myself dialed into a system I technically had no reason to be in.
It was some small beauty supply shop -- I went there earlier in the day with my mother, wrote the phone # on top of the modem down on a sticky I grabbed from the counter. When my mother went to make her purchase, the clerk needing to log in, I positioned myself between the wall and monitor just so...and bam clear as day; I don't remember what the user/pass was but I do remember it being rather simple and common.
...and I also remember never needing it. I was Guest and I was in some flatfile staring at purchases of nail glue.
Why? Well I was just learning to use a modem I had liberated from a closet in my school's computer room.
And that came about because one of my mother's 'male friends' was a wizard and showed me some legit stuff...he was only around for a few months but in that time I learned enough to know I wanted to learn more. I mean, he had companies calling him up in the middle of the night...emergency priority stuff and he would go. To my young mind he was like a special agent or something -- no doubt I was awed and soaked up everything he threw at me. Computer monitor manuals were fair game.
It started with a beauty supply shop and went further. I take pride in helping AOL to realize there needed to be a 'we never ask for personal information' label on every IM window...in red nonetheless. To be sure, phishing then was like shooting fish in a barrel but that was how I learned programming for windows which was much different than the dialer/scanner/intrusion scripts I was writing before that.
...and then WaReZ...that taught me reverse engineering. I learned network programming by writing crackers and phishers that talked to each other. Social engineering by spending hours writing canned reasons why you should give me your info, images that mimicked login screens and eventually web pages that looked legit.
Sure, to my young mind I felt there was a war going on between us trying to get 'in' and those trying to keep us out. Sure, there was pride when one got 'in' because we were always at a disadvantage. It was a self-enforcing intellectual high.
While most of it was mischief it was mischief that taught me a hell of a lot. Yet, not all of it was mischief...in the course of it I became a hacker and I learned it wasn't this exploit or that exploit or that byte or the other...mailboxes jammed with info...etc.
It was the idea that I was taking a challenge either alone or through collaboration and overcoming it.
As I grew older I realized there are many problems and by solving them you can actually help a lot of people rather than piss them off...
So sure it was the mischief that propelled me when I was younger but that wasn't hacking. The hacking was in the learning and creating.
I sometimes get really worked up over media sensationalism and the public's drooling captivation...
But then I think about sensationalism in the media and how it's like the dying apple tree in my backyard that produces a bumper-crop of piddly little apples (nearly worthless bless it's heart) only because it doesn't have many years left.
It soothes me to think of Dateline in the same light.
My comment mainly concerns hounhosp's comment on Jeff's post. First of all, I think it might be worthwhile to discuss how to define hacking. There seems to be a narrow definition fueled by popular media in which hacking is regarded as a negative phenomenon exclusively: hackers in this sense are mindless demolishers who cause a lot of ordinary people a lot of trouble.
Indeed, hackers may be responsible for some serious issues in terms of online security for instance. Nevertheless, I think that a broader definition of hacking would more precisely reveal what hacking actually concerns. Strictly speaking, hacking involves manipulation of software – nothing more and nothing less. Every coder does it: bending the rules to get a chunk of code to work and thus further develop the overall infrastructure. Hacking in this sense is a kind of creativity, and programming languages depend on the 'creative' work of hackers.
Furthermore, you have to keep in mind where hackers stand in the overall spectrum. Arguably, we commute in an online society that reveals itself to be less and less of the 'free' and 'open' society that some envisioned it to be. Increasingly, the internet is governed by interwoven structures of media ownership. As early as 1994, the infamous Critical Art Ensemble already pointed this out. Currently, prominent scholars like Lawrence Lessig have persistently tried to get this same message under our attention. Hackers in this sense function as gatekeepers in an otherwise (almost) completely corporately owned and managed online world. Not that this corporate strucure is necessarily a negative thing, yet there should also be room for disagreement, activism and dissent. The system is all but infallible –fortunately enough– and we need hackers to point that out to us.
Not that easy to hack a hacker we might say. Madigan came with the idea of finding a way to break into an "illegal" organization. As you said many people think of hacking as an "underground" activity, so do I. I may be wrong!
In your post you seem to present hacking activity as legal and praiseworthy as you "devote your life to it" for at least 15 years now. You said that "it's always been part of our mission to help the world understand the importance of digital literacy". My question is to know if the conference is legally recognized by governmental laws and what is the contribution of the hackers' conference (Community) to the digital literacy.
Losers with a grudge once had to content themselves with the flaming bag of poop on the doorstep. Now they can cripple a multinational corporation from the comfort of Mom's basement.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
If you’re a slightly gray, mid-level manager who travels a lot, you may be on the way up and worthy of professional respect, but one thing you most definitely are not is “cool.” Still, while today’s youth may think you just crawled out of a paleolithic cave, there may be hope. The iPad from Apple Inc. (Nasdaq: AAPL) (supreme arbiter of coolness) just might make you older guys (or actually old guys like me) cool.
As we well know, the online echo chamber and its increasingly viral and social components can magnify the propagation speed and distribution of stories and rumors, whether true or false.
In his recent Congressional testimony, Dennis Blair, the U.S. director of national intelligence, stated that the U.S. is "severely threatened" by cyber attacks and that the recent Google (Nasdaq: GOOG) attacks should serve as a wake-up call.
Fatal System Error, the book just released by West-coast-based journalist Joseph Menn, is really a public policy statement written as a thriller for a wider reading public. UPDATED 2:45 PM
Smarter Collaboration: How to Thrive in a Challenging Business Environment Market conditions are changing faster than ever, and organizations need to improve their agility and adaptability in order to provide better service and improve processes. The ability to work with customers, business partners, and employees as effectively as possible - while at the same time holding down costs - is a key to success. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Research shows that the youth of today like Facebook – but not blogging or Twitter. Does that mean Facebook has won, or just that it's not yet out of favor? Will all the services we see today fade into Ovaltine-or-Wheaties status in just a few years?
What kinds of companies are doing the most innovation in the data center? Turns out it's midtier enterprises that are taking the "Just Right" approach.
Digg
Del.icio.us
Reddit
Email This
TWEET THIS
