When Hackers Become the Good Guys

At DefCon III in 1995, the young crowd of 470 spent their time jamming a local radio station broadcast and playing Hacker Jeopardy at midnight when they couldn't drink at the bar. "Free Kevin" stickers were plastered everywhere protesting the jailing of fugitive hacker Kevin Mitnick, and a 14-year-old ran away from home to attend the event. (I know because I was there.)

At DefCon 19 this year, plenty of the nearly 12,000 attendees had gray hair, most work as security professionals, and some even brought their children. Mitnick was there signing copies of his latest book, "Ghost in the Wires," and posing for photographs, before appearing as a guest on "The Colbert Report" last week.

A community is growing and growing up.

In the early years, DefCon founder Jeff Moss used to say "if you're 20 and you're working for The Man, you're a loser," Richard Thieme, author of "Mind Games" and a professional speaker, recounted in his DefCon talk this year and in an interview with CNET afterward. "Ten years ago, Moss said 'if you're 30 and you're not working for The Man, you're a loser.' And now he agreed that at 40 he is The Man.'"

Moss, aka "Dark Tangent," started DefCon in 1993 as a farewell party to a buddy, only to have it become the world's largest hacker conference. He sold off the more commercial Black Hat security conference, which frees him up for public service--he serves on the Homeland Security Advisory Council and was named the chief security officerfor the non-profit Internet Corporation for Assigned Names and Numbers (ICANN) earlier this year.

Another hacker role model who is having a very direct impact on U.S. cyber security policies and funding is Peiter Zatko, who was better known as "Mudge" when he was a member of The Cult of the Dead Cow (CDC) and L0pht hacker groups in the 1990s. He presented at a session on password cracking and holes in Microsoft software at DefCon in 1996. This year, he gave a keynote talk at Black Hat about his plans as program manager for the information innovation office at the Defense Department's DARPA (Defense Advances Research Projects Agency) to fund hacker spaces and small security start-ups.

Read more: http://news.cnet.com/8301-27080_3-20095649-245/when-hackers-become-the-man/#ixzz1WVPoCjyq

Cybersecurity Report: 84% Believe Risk is Higher than 1 Year Ago

With the annual Black Hat (Vegas) conference providing extra focus on cybersecurity this week, but also eclipsing most other news, I want to call attention to the EastWest Institute publication of their report on the Second Worldwide Cybersecurity Summit: Mobilizing for International Action.
The EWI summit, held in London at the beginning of June, attracted more than 450 government, industry and technical leaders from 43 countries to craft new cybersecurity solutions.
CSOs, CIOs, IT professionals, academics, and international policy-makers working to maintain a healthy Internet and guarding resources against cyber threats may went to take a look at the wide range of topics covered in the the EWI summit report. Fortunately, the report is readable from the web, with a solid table of contents and lots of quotes and graphics to help you navigate through the information and find areas of special interest.
EWI held their first Cybersecurity Summit in 2010, and EWI’s cybersecurity initiative has gained participation from the United States, Chinese, Russian and Indian governments, along with other members of the Cyber40 (an informal grouping of the world’s most digitally-advanced nations), academic leaders, and industry professionals.
“The largest roadblock to cyber solutions is a lack of trust,” says John Mroz, EWI President. “EWI’s trademark for three decades has been bringing the people who need to work together into the same room to craft solutions to particular issues of common concern. Nowhere is this needed more than in the cybersecurity arena.”
To highlight how participant’s see the cybersecurity challenge, the report shares (flip to page 7) some interesting survey data from the 2010 and 2011 summits:

• 84% think that the cybersecurity risk we face today is higher than one year ago
• 61% doubt that their country could defend against a sophisticated Cyber attack
• 54% doubt their <business, organization, agency> could defend against a sophisticated Cyber attack
• 70% believe that international policy and regulations lag far behind technology advances
• 81% agree that bold steps are needed immediately to address lack of trust in ICT development and supply chain integrity

That last point, which I sometimes refer to as “Trusted Supply Chain” issues, was also one of the key areas of focus for Microsoft participation at the summit and in the recent post by Eric T. Werner, Global Cyber Supply Chain Management a Principal Security Strategist with the Trustworthy Computing group here at Microsoft.
The 50-page report includes information from the keynote presentation on Supply Chain Risk Management delivered by Scott Charney, Corporate Vice President, Trustworthy Computing, including his observation that: “The Internet is different in the sense that you don’t have to put assets at risk to engage in espionage. Spies can sit in their home country and exfiltrate terabytes of data quickly.”