The origins of Black Hat and Defcon, two influential conferences dedicated to counterculture, hacking and security, can be traced back to a man called Jeff Moss – in some circles, better known as The Dark Tangent.
He is a hacker, entrepreneur and cybersecurity adviser to the US government – all at once. In person, Moss is youthful and enthusiastic. Beer in hand, he takes half an hour from his schedule to chat about the conferences and why they remain unique – even as cyber goes mainstream.
I think whats happened is the people who came to Black Hat earlier, they have grown up, he tells IBTimes UK as the second day of Black Hat Europe in London comes to a close. Now they are in management, not just IT, they are directors.
Reflecting on the changes, he adds: Its getting to the point where Im hoping that pretty soon the term cyber kind of goes away. Its part of manufacturing, part of automotive, part of safety, part of medical – its part of everything and we cant prefix it all. Its becoming so pervasive, its just, security.
Four years after founding Defcon, Black Hat emerged as an experimental enterprise-facing conference. This, Moss said, was largely due to attendees having to justify their tickets to their employers. In 2016, it takes place across Las Vegas, London, Washington DC and Abu Dhabi.
If Defcon was the hacking conference, Black Hat became the enterprise conference – before there was an enterprise, Moss explained. All my hacking and security buddies, we got together and I got them to talk about what they found interesting, what were their security research projects and what were they thinking of.
It turned out that people wanted to come along and hear what they had to say. Over the years, I realised that what Black Hat had turned into what sort of a crystal ball because [...] it turns out that the people who got their hands deep in the mud, they can see whats coming.
Hackers and the three-letter agencies
Deep down – at its core – Defcon has always had a proud streak of rebellion. It remains to this day a place where hackers can brush shoulders, and sometimes be recruited, by a slew of secretive government agencies, usually with three letters to their name.
I love Defcon because its different. Its got a sense of fun but its really about individual discovery, Moss said. They are different, one is more self-exploration, joy of discovery and puzzle-solving and the other one is about professional development and future trends and training. They are complementary.
In some ways it seems that hackers and the government should not get along. After all, federal agencies and judges are after accused of handing down tough sentences to hackers and online activists, from Jeremy Hammond to Bradley Manning.
Moss acknowledges there is a conflict of interest and admits that – in a post-Snowden world – things have changed. Before the former NSA analyst released troves of classified data he said G-men were tolerated and, in turn, they put up with us.
He elaborated: After the Snowden leaks there was sort of a disconnect where trust was broken and I think its going to be a while before its repaired. Interestingly, Moss believes the ongoing hacks against the US government by suspected Kremlin-affiliated groups is mending this relationship.
I think one way or the other though the attacks of Russian against the United States in this election cycle is in a weird way repairing a lot of that, he said. Its made it more concrete, its oh, thats why we need an intelligence agency because there is actually bad people out there.
For nearly a decade, Moss has worked alongside the US government rather than against it. His other accolades include jobs with Internet Corporation for Assigned Names and Numbers (ICANN), the Council on Foreign Relations (CFR) and the Atlantic Council.
So, it turns out he holds a more nuanced view on hackers vs. the government. As he explains to IBTimes UK, its a complex situation the intelligence agencies find themselves in. Or as he puts it: Its just a big ball of conflicted emotion.
On the topic of should government store zero-days – the same type of alleged NSA exploits recently leaked into the public domain by a group called The Shadow Brokers – Moss said previously abstract concepts (do they use them or tell the companies about them?) are now commonplace.
Will it make things better? he pondered out loud. It might make the military or intelligence jobs harder. If its their job to protect the country does that mean they we are now basically giving bullets away to our enemy? Why would you do that if nobody else is?
The future of Black Hat
Yet even as cybersecurity goes mainstream – and as hacks and breaches are more widespread than ever before – Moss still believes that hackers and academics are the only ones who are telling you whats really happening with technology.
Looking ahead, he remains passionate about the continued growth of both the conferences – but also maintaining the spirit of those early days.
My philosophy is that Black Hat and Defcon are platforms and we provide audiences with an opportunity for new researchers to show off how smart they are, what they found, compete with each other, he said. What I hope to see is that sort of friendly rivalry continue and instead of people turning it into a purely professional development platform I want them to still have fun.
This is a chance where I want to make it a safe haven for these people to recharge, get excited about something new and look at the problems in a different way instead of just taking it for granted.