Uncle Sam was in plain sight at this year’s iteration of the massive “hacker” gathering known as DEF CON, in effect holding a “we love hacking” sign with the subtlety of a Vegas marquee.
The annual tech event, which drew more than 30,000 people to Sin City this year according to organizers, has long been a target for domestic intelligence and law enforcement agencies, according to reported FBI documents. Organizers have told of alleged foreign spies posing as documentary crews and trying to blend in with the DEF CON crowd.
But this year’s event saw an increased presence of DC lawmakers, most of whom were extending obvious olive branches, if not pleading for hackers’ help. And they seemed to be mostly well-received.
“White-hat hackers are absolutely irreplaceable in the technological age,” Senator Ron Wyden, D-Oregon, told an audience of hundreds, which erupted into thunderous applause at that and many other moments during his remarks.
“If we don’t work now to translate between the traditional silos of our two communities, then we will miss opportunities,” declared former Rep. Jane Harman, D-Calif. Harman advertised herself in the DEF CON schedule with an apparent internet alias, “Surfer Jane.” Her panel discussion included two current members of Congress, one of them a “DEF CON repeater” (Rep. Jim Langevin, D-R.I.) and the other a computer science degree holder (Rep. Ted Lieu, D-Calif.).
Next to the current and former lawmakers were two hackers-turned-security experts, one of whom testified before Congress in the late ‘90s using his alias, “Space Rogue.”
Wyden conceded that hackers “don’t hear people with election certificates say ‘thank you’ often, if at all.” But the growth of DEF CON, now in its 27th year, and the collaborations it has inspired are readily apparent outside the convention halls.
I previously reported that DEF CON’s “Voting Village,” a corner of the conference where election hacking is the name of the game, was attended this year by U.S. lawmakers, more than a dozen Congressional aides from both sides of the aisle, state and local election officials, and some companies that are already working on technology for DARPA, the DoD’s Advanced Research Projects Agency. The relationship between Washington and so-called “white hat” hackers has addressed concerns that go well beyond more than just election security, though.
Representatives from the FDA, also in attendance at this year’s DEF CON, have been working for years with the grassroots hacktivist group “I Am The Cavalry” that helped organize the “Biohacking Village,” an area that focuses on the vulnerabilities of medical devices, among other DEF CON attractions. The agency helped the group exponentially grow the number of devices on-hand for experimentation this year, and it seems to be a two-way street.
“Forums like DEF CON, because of the presence of researchers, hackers, manufacturers, clinicians, patients… really fosters the kind of dialogue, and that sense of collaboration, of needing to work together towards a common goal, that is hard to find in other places,” one FDA representative told Fox News.
Another popular corner of the DEF CON experience is called “r00tz Asylum,” where children can learn everything from lock-picking (an essential skill for modern-day security consultants) to digital hacking of simulated government websites. And this is yet another area where the U.S. government appears to be playing a big role behind the scenes.
Nico Sell, co-chair of Workforce Acceleration for the Trump administration’s CSI Cyberpolicy Committee, is a r00tz Asylum organizer. She admits the key to convincing children to get into the field of cybersecurity, and thus boost the U.S. cyber workforce (which is her primary goal), is to make the curriculum seem more “cool.”
Sell tells Fox that instead of spreading the gospel of “security” among young students, she told the administration that “we need to teach kids hacking. That’s how we’re going to solve the workforce acceleration problem.”
Aside from the lawmakers seated onstage next to world-famous hackers, another obvious sign of the growing effort to increase the symbiosis between the two communities was the last-minute arrangement of a 9 a.m. panel talk on the first full day of DEF CON this year.
“#DEFCON Wants to Help Hackers Anonymously Submit Bugs to the Government: Let’s Discuss” featured the likes of Moss and Krebs.
“White-hat hackers are absolutely irreplaceable in the technological age.”
“Thanks for getting up, we’ve never done one of these this early before,” Moss said to a bedraggled but surprisingly large early-morning crowd. “Those of you in the audience with the Twitters and the Facebook, can you maybe announce that this thing is starting so we can get more people here? We are really hoping to have a community question and answer session later on,” he added.
The crowd eventually filled out to at least a few hundred people, and Krebs seemed eager to sell the benefits of working with his agency to a crowd that could clearly help his efforts, while trying to figure out why there is still some reluctance among hackers to do so. There were even some DHS folks at the conference with a full table set up for recruitment.
“We are the advocate within the government for the researcher community, the private sector, kind of ‘team internet,'” Krebs said. “There are still clearly… some that still have reluctance to engage with the government,” he admitted. “So what are the impediments or challenges that the community sees?” he asked.
To be sure, an annual gathering of hackers this large has caught the eye of law enforcement once or twice. And the FBI has reportedly bristled in the past at descriptions of the fabled DEF CON “Spot The Fed” contest, in which attendees could win a t-shirt if they spot someone in the crowd that is decided to be a member of a federal agency.
Not everyone at DEF CON has been supportive of the increasing government involvement at their beloved conference. In 2012, Moss (the founder) even asked the feds to take a “time out” on attending DEF CON that year due to the unfolding controversy over Edward Snowden. Intelligence & law enforcement agencies have generally been welcomed at DEF CON throughout its history, and even during the 2012 “time out’ from DEF CON, they were still welcomed at other related security events like Blackhat.
And what becomes clear to anyone who has ever attended DEF CON, civilian or otherwise, is the idea that fixing problems together is truly the driving force.
“DEF CON is about building community,” Moss told this year’s crowd. “And I’m always looking for another opportunity to either build bridges, build relationships, or solve problems,” he added.
Got a tip for me, DEF CON-related or otherwise? Send me a DM on Twitter, @_gonzoAD, or find me on Signal – alexdiaz36.