10
Jul 13

DEF CON To Feds: We Need Some Time Apart

facebooktwittergoogle_plusredditpinterestlinkedinmail

One of the more time-honored traditions at DEF CON — the massive hacker convention held each year in Las Vegas — is “Spot-the-Fed,” a playful and mostly harmless contest to out undercover government agents who attend the show.

defconBut that game might be a bit tougher when the conference rolls around again next month: In an apparent reaction to recent revelations about far-reaching U.S. government surveillance programs, DEF CON organizers are asking feds to just stay away.

In a brief blog post published this evening at the DEF CON Web site titled, “Feds, We Need Some Time Apart,” DEF CON owner and hacker-in-chief Jeff Moss (a.k.a. “The Dark Tangent”) suggested it was probably in the best interests of the feds to make themselves scarce at this year’s con.

“For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory. Our community operates in the spirit of openness, verified trust, and mutual respect.

When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a ‘time-out’ and not attend DEF CON this year.

This will give everybody time to think about how we got here, and what comes next.”

It’s been a while since DEF CON was a place where feds really had to watch their backs. I didn’t have the privilege to attend the first DEF CON 21 years ago, but it’s safe to say that relations between the hacker community and the feds were for many years colored by a sense of mutual antagonism and mistrust.

Much of that attitude seemed to have changed in the wake of 9/11, and for the past decade the relationship between the two camps has thawed and even warmed quite a bit. Intelligence and law enforcement agencies have come to find the conference a reliably fertile and lucrative grounds for recruiting talent. Heck, things had improved so much by this time last year that the conference’s keynote was given by none other than Keith Alexander, the director of the National Security Agency.

Now with the NSA in the hot seat over allegations of broad and intrusive electronic eavesdropping programs directed at U.S. citizens and our allies abroad, it remains to be seen whether officials from the NSA, CIA or other three-letter agencies will make any strong or sustained showing at this year’s gathering. But in any case, this announcement from DEF CON should serve as a fair warning to feds who do decide to stick around past Black Hat, a more corporate and fed-heavy conference that directly precedes DefCon: Spot-the-Fed could well turn into a hack-the-fed competition.

Tags: , ,

86 comments

  1. Yawn.

    • Agreed with yawn, all the really interesting stuff is shared in other venues anyway. If you want to have FED friends, then go to this event, or Black Hat or RSA. “They” recruit at all of them.

      FEDS are people too. We all have our own motives for what we do. No sense throwing everyone into a group so you can treat them differently.

      “Play” in the open and you get noticed and probably get what you deserve, your 15 minutes, and a nice profile record that lasts until you die.

  2. I find this to be a welcome direction Moss is taken. I hit on this topic briefly in a few of my last blog posts. http://n00bfu.com/2013/07/not-fit-for-reddit-netsec-or-google-plus/
    and
    http://n00bfu.com/2013/07/the-blog-post-were-i-talk-about-secure-operating-systems/

    The latter I hot linked the phrase “NSA Recruitment Event” to LMGTFY for a google query of “July 27th to august 4th Las Vegas 2013″ for lulz.

    But in all seriousness about a year ago I had a few to many IPA’s and ranted on this topic on the defcon sub reddit. http://mcaf.ee/agn5f
    In short, the rant consisted of something along the lines of “why would I want to go to a con that is commercialized and has NSA recruiters at every turn.”
    I think sediment and many others growing concern is what provoked Moss to post that…

    One final thought before this comment turns into a blog post itself.

    I have been having this recurring thought that the NSA’s action are going to hurt them in the long run. It is purported that there is a shortage of infosec specialist. The ongoing revelations don’t exactly encourage people to take up “cyber arms” with them. Moreover for those who do will only perpetuate the growing divide between folks who should be cool with each other. Basically, a house divided.

    Any who… plus one @thedarktangent!

    -CiphersSon

  3. Why? Wouldn’t a real-life game of whack-a-mole be educational for everyone involved?

  4. Did Moss give up his position on the DHS council too?

    • You’re obviously alluding that DT is a hypocrite for being on the DHS council. That’s not a very well thought out position.

      DT is exactly the type of person that we need to serve as our representative. How do you think it would work out if one of the few voices of reason that can bend the ears of politicians was replaced with a sycophantic NSA crony?

  5. “For over two decades DEF CON has been an open nexus of CRIMINAL culture, a place where seasoned pros, Criminals, academic Socialists etc.,, and feds can meet, share ideas and party on neutral territory. Our community operates in the spirit of openness, verified trust, and mutual respect.” God Bless America!

    • Hacker != Criminal.

      • (2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains—
        (A) information contained in a financial record of a financial institution, or of a card issuer as defined in section 1602 (n) [1] of title 15, or contained in a file of a consumer reporting agency on a consumer, as such terms are defined in the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.);
        (B) information from any department or agency of the United States; or
        (C) information from any protected computer;

        According to the CFAA pretty much anything taking place on a machine you don’t own is a crime.

        • That’s nice, but the word hacker doesn’t mean what you think it means. Leave popular culture behind and learn its true definition, which is to explore the entire world of hardware and software – typically using hardware that you own, more typically using hardware that you’ve built yourself (and, no, putting a whitebox PC together is not “building” hardware).

        • And what does that say about PRISM and the NSA? Breaking dozens of laws in Europe.

  6. I suspect this is more about keeping down potential animosity and incidents during panels. It will probably have all blown over by next year .

    The news media are concentrating on burying the NSA leak stories by focusing on the Egypt coup – and no doubt something else next week. Once Snowden has his sanctuary in South America, the story will vanish from the media – because that’s what the Administration wants.

    This is not to say that hackers SHOULDN’T be concerned about what their talents are being used for by the US intelligence community. I believe there have been some infosec conference talks along those lines in recent years – the “dark side” of infosec, particularly after the HBGary Federal case. The recent revelations from a Federal “cyberwar” employee about “thousands of zero days” and thousands of Fed hackers using them only brings that further into clarity.

    OTOH, the hacker community is going to find it difficult to commit to a “separation” if the intelligence community doesn’t want it. Too many hackers have revealed themselves now to just walk away. It would be interesting to find out just how many people in the infosec community are on the short list for “targeting” by the NSA already – with every phone call and email being shunted into a “potential cyberwar threat” database.

    Personally I’d love to see the hacker community go back to treating the Feds with hostility and suspicion – it’s what the Feds deserve. But I doubt this will occur, at least for the above ground infosec community. There are a number of people in the infosec community – even excluding Richard Bejtlich’s really absurd Twitter posts – who condemn Edward Snowden as a traitor and spy. These people will go where the bread is buttered regardless of any ethical qualms.

    • Um … couldn’t it just be that it’s no longer news and not media control by “them” whoever “they” are?

      That makes more sense to me given that you appear to be implying that there was reporting of the recent NSA activity in the first place. If there was control then why did this happen?

      In any case I think the internet has in it’s collective wisdom gone hysterical over the issue (again) whilst actual behaviour indicates that it isn’t that important to people.

      For example I recently read an article by a certain Moxie Marlinspike which insisted that he didn’t have a choice in the matter as to whether he was “surveilled” when clearly he can choose to not use any service providers or devices that are complicit in “surveilling” him. Apparently the convenience and entertainment provided by Gmail, Facebook etc and his mobile device is more important than avoiding surveillance.

      • The point is it SHOULD be news. And specifically news about the illegal monitoring, not about Snowden’s movements in seeking sanctuary.

        Of course it was a story for a while – it had to be because the Guardian broke it. In fact, much of the Washington Post team are busy complaining about the coverage while others in WaPo are also covering the actual news. But there’s no doubt that the MSM wants the story to go away because that’s what the Administration wants.

        The notion that because most people don’t seem concerned over this illegal spying is irrelevant. Most of the US electorate is totally ignorant about almost every issue of importance in the world outside of the latest celebrity meltdown.

        The notion that since no one wants to give up Gmail because they don’t mind being surveilled that there isn’t an issue is moronic. The fact is the Internet is an essential tool for everyone. People CAN’T give it up and go back to snail mail (which is ALSO surveilled if you’ve been paying attention to that part.)

        The real problem is that the US government is out of control (if it ever was in control, which I doubt.) THAT is why the electorate doesn’t care – because they know they can’t do anything about it short of outright revolution – which virtually no one has the balls to try.

        • “Most of the US electorate is totally ignorant about almost every issue of importance in the world outside of the latest celebrity meltdown.”

          That is only partially true. You are a perfect example of another reason for the above, as you choose to believe one narrow slice of Internet news, especially on the subject of Iran. You are no different than the hillbillies who exclusively watch Fox News or the politically-correct types who exclusively watch MSNBC, to cover righties and lefties. If one does not read a variety of sources, one will understand only partial truth.

          “The notion that since no one wants to give up Gmail because they don’t mind being surveilled that there isn’t an issue is moronic. The fact is the Internet is an essential tool for everyone.”

          The second sentence is true, but the first is moronic. The Internet is essential, but Google is not remotely so.

          If people do not want to be watched and recorded, they should use Duckduckgo or Ixquick for a search engine. However, most people do not; they use Google or Bing, companies which record a user’s every movement, especially Google. The conversations regarding Glass — and Glassholes — tell us all we need to know, with Google-philes declaring that “everyone” uses Google so there is no problem in their juvenile opinion.

          • Then I take it you don’t work in an office setting… why, because all I hear around me is about the previous nights sports game, or what is going on with the “reality” shows. And one time I sighed heavy about something in the break room that has news running on the TV, and one of the co-workers asked why I sighed, I told them and they did the deer in headlights look. Then stated they had no idea what I was talking about, and I quote “As long as they don’t mess with my reality shows, I don’t care what they do.” And yes that is a direct quote. And yes she WAS serious.

            So Richard’s “Most of the US electorate is totally ignorant about almost every issue of importance in the world outside of the latest celebrity meltdown.” is mostly right…

            Prob should be –
            “Most of the US electorate is totally ignorant about almost every issue of importance in the world outside of the latest celebrity meltdown or latest sports game.”

            • The reason why noone cares is because it was made public since the patriot act, and in 2006 and then again in 2008, and in the past 12 years, nobody has noticed any changes in their lives, or their friends and families lives.

              The only thing affecting every bodies life is terrorists virusing their laptops, stalking their kids, stealing peoples credit cards and identities, or blowing people up and mass shootings. All of the above is getting out of control…. And if the NSA has to collect metadata to catch them, like every single other country in the world is doing also, some even better then us, then we are going to support them.

              • Except anyone who believes that this sort of mass collection of private individual data is actually effective to deterring terrorism is a moron.

                The entire cost-benefit analysis of these programs has repeatedly proven that they don’t work. There are innumerable other ways to deter terrorism which are far more effective and don’t require mass invasion of privacy.

                Privacy trumps security in a society and should.

                • In what society is that? And what proof do you have it isn’t? I think statistics since 2008, especially in Europe(where they do this on massive scales), prove you wrong.

                  And Imo, Cyberspace is no diff then being outside where there is cops and cameras everywhere. If you want privacy stay in doors. Or If you want your traffic totally private, keep it on Lans or on private encrypted channels. And then your argument is the cost? I’d argue they actually don’t have enough manpower.

                • I’m pretty sure they’ve done all sorts of cost-benefit analysis for how much they’re paying. Just the benefit isn’t less terrorists but of a much more corporate nature.

                  • So you don’t agree there has been less terrorism in Europe in General, now that all of the EU has adopted these measures?

                    • Nobody has adopted those. They were forced without asking the people (which in a Democracy are the Sovereign). And besides were are the numbers + PROOF that anything was prevented?

                    • And no there isnt any less terrorism in Europe.

          • I don’t “choose to believe” anything. I read news from the MSM as well as alternative sites. I make decisions based on what makes sense. The reporting on Iran in the MSM is pathetically bad, biased and consists mostly of government talking points. If you’d read the information available, you’d see that – unless of course you’re conditioned to believe whatever the MSM tells you.

            The polls show that the vast majority of the US electorate believe two things: 1) that Iran is “a threat” to the US (100 percent of the population), and 2) that Iran already HAS nuclear weapons (at least seventy percent of the population.) The first is not true – Iran has no capability to project military power against the US – and the latter is laughable as every single intelligence agency in the world admits including Israel.

            This degree of ignorance on the part of the US electorate is the direct result of poor journalism and government propaganda working hand in hand to project a consensus reality beneficial to the people who want another Mid-East war.

            As for Google not being remotely essential, while there are competing services, it’s hardly rational to suggest everyone will suddenly dump them. And if they did, who’s to say the next in line – or the tenth in line – won’t be in the same boat. It’s naive to suggest that any US-registered corporation is going to buck the US government. For that matter, it’s naive to believe any corporation in any country will buck its government in this regard.

            The people of a country either force their government to behave or they get screwed. It’s that simple.

            • Its about terrorist attacks, not nukes. all it takes is a plane in a building to rock us , or have you forgot already. What if Iran was involved in Boston? I didn’t want to believe they were radical muslims but they are. I was criticizing the news too and the police profiling. But I guess I was half right when i said they were probably white.

              BK is the only one I know that reports on cyber news. I never see much of that anywhere else so no need to look for it especially on commercial media. What you need to do is just look around at your own environment and report your own news to yourself instead of listening to the news.

              If I even believed the independent local and public media about cyber space(which i have my own experience in), I would believe the only criminals online are the NSA, and Hong Kong and Russia have more internet freedoms then us…lmao. Which is ironically completely the opposite. When the truth is the internet is so infested with viruses and malicious hackers its becoming un-useable!!! and Its every other country spying and robbing us, with the help of a few traitor Americans that negatively affect most peoples daily lives. And still not even whispered by reporters….because they have all become tools for these hackers who they now rely on for information, who are playing the games of nations.

              I agree no one is dropping google, because they dont’ care. They already put all their info on twitter and facebook voluntarily.

            • “I read news from the MSM as well as alternative sites.”

              In a previous column, you mentioned that you only read three sources on Iran, with all three being rather obscure. Did I misunderstand you before?

              “The reporting on Iran in the MSM is pathetically bad, biased and consists mostly of government talking points.”

              That is usually true of every subject. I eschew Fox News, MSNBC, and other sources with an agenda. I read a few American sources, but even more from Europe. If they all agree, chances are that what they are saying is valid.

              “Iran has no capability to project military power against the US”

              That may be true today, but Iran is known to have worked with North Korea on nuclear and missile technology. I know this, not because I follow Iran closely, but because I follow North Korea closely. North Korea needs money to pay for lobster and French wine for the elite, so it sells its expertise to any bidder. But why does Iran need nuclear and missile technology if it is not building missiles capable of carrying nuclear weapons?

              “This degree of ignorance on the part of the US electorate”

              You and I disagree here. Our school system is a joke and has been a joke since around 1970, with righties wanting to force religion down our throat, lefties wanting to force politically-correct beliefs down our throat, and parents ready and willing to sue anyone who complicates the life of their little monster. Most Americans cannot think their way out of a paper bag. If you want a real laugh, read some of the comments on CBS News articles.

              “It’s naive to suggest that any US-registered corporation is going to buck the US government”

              Ixquick is not a U.S. corporation.

              • “In a previous column, you mentioned that you only read three sources on Iran, with all three being rather obscure. Did I misunderstand you before?”

                You have misunderstood almost everything in your life as far as I can tell.

                Simple English comprehension would have told you that the fact that I cite three sources of reliable information on Iran says absolutely nothing about how many sources of information I view daily.

                If you can’t even comprehend that simple logic you have no business discussing anything except maybe what you had for dinner.

                • Your exact words were, taken from “Iranian Elections Bring Lull in Bank Attacks” were: “People wishing to understand the situation should follow the goingtotehran.com site, as well as campaigniran.org, Asia Times (atimes.com) and Antiwar.com.”

                  This proves quite clearly that you trust these four (sorry, not three) obscure websites more than any other websites. Trying to deny it only makes you look like a child throwing a tantrum. You only read news sources which reinforce your preexisting notions.

                  Your fourth website was reviewed at Wikipedia as follows: “Their stated motivation is, ‘to show how the imperialistic tendencies of the American government lead to a loss of civil liberties and a centralization of political power.'”

                  Any source which uses a phrase like “imperialistic tendencies” has a fatal bias, but you clearly lack the intelligence to comprehend that.

                  Better put on your aluminum foil hat before any stray radio waves enter your empty skull!

    • Good points. You and others are missing another angle of this, though. Allowing the NSA people to mingle with hackers is an aid to people opposing them. It gives greater, legit-looking opportunities for insiders to leak information to varying degrees with less risk of detection. It also gets the insiders out of the Reality Distortion Field they live in, letting them see outsiders viewpoints. This might plant a seed of disallusionment that turns into a person willing to fight a given program from the inside.

      Total separation is as pointless an idea with feds and hackers as it is with modern computers. ;)

  7. When you dance with the Devil, the Devil doesn’t change – you do.

    Look up Smedley Butler. He joined for patriotism, he was decorated for bravery and then he was used to murder civilians for agribusiness. Here we are a century later and the game is the same. Young men join for patriotism and end up murdering civilians for the profits of the 1%

  8. People want to be protected against the like of 9/11. How can the Governments protect the people without monitoring all emails etc. They can not tell the difference between a good guy and a bad guy depending on where the email came from. As long as the monitoring is restricted to terrorist protection I feel we must accept. All other communication must be treated as extremely private as in confession with a prest.

    • Baaaaaaaa.

    • This is utter nonsense. If you add all the terror attacks on US soil for the past 20 years, the number totals to around 3200. That includes 9/11, the Oklahoma federal building, the Boston Marathon, etc. In other words, we lost around 160 people to terror-related deaths every year.

      On the other hand, approximately 2.5 million Americans die every year. The largest killer by far is heart disease, which is extremely preventable. But we’re not required to give up our civil rights so the “meat and dairy terrorists” will stop killing people.

      We lose 70-90,000 people every year to diseases that they caught while at the hospital being treated for something else. This is caused in large part by doctors and nurses who are too harried to wash their hands or change their gloves, which are issues that are very amenable to surveillance. But we’re not required to give up our civil rights to make sure the “health-care terrorists” don’t kill us.

      We lose around 7500 people every year after they purchase the wrong kind of over-the-counter pain medicine every year. For some tiny fraction of what we pay the NSA every year to violate our rights, we could give everyone a cheap/free test to make sure that we don’t buy a form of aspirin to which we’re allergic. But the government doesn’t ask me to give up my rights to stop the “drug store terrorists.”

      In fact, your chances of dying by terror (whenever you happen to die) are around 1 out of 16,000. In other words, the idea that terror is enough of a problem to demand the violation of every citizen’s civil rights is laughable.

      • Looking at total deaths is not the way to look at it. You need to look at the many threats which were prevented, some by luck, some by stupidity on the part of the criminal, and some by investigation. You mentioned 9/11, the Oklahoma federal building bombing, and the Boston Marathon bombing. You need to add the shoe bomber, the underwear bomber, the Times Square bomber, the Portland bomber, and the many other bombers who failed in their quest to kill infidels. And there are many other people who post on jihadist websites and travel to far-off lands to protect their sect who have declared that they have the right to silence anyone who denigrates their sect. These people are exactly as ruthless as Bolsheviks.

        • Sorry, saucy, but I have to disagree with you and point out a major logical flaw in your argument: You cannot say any of those things would have happened AT ALL without these draconian measures leading up to it. Ironically a lot of people who become either terrorists or ‘terrorists’ or “terrorists” do so as a result of what they see as injustice in the world around them, combined with an overwhelming sense of powerlessness to do anything short of extremism to change anything. If you do not know the word “iatrogenic”, you may want to look it up.

          • Well I would just say alot of Countries, who are doing the same thing NSA does on even massive scales, because I believe its all of the EU, have made a huge diff.

            I mean terror attacks in Europe use to be common place in many countries, even in the UK. But in the past 5 years, we have had more in the USA! And in general you hear about more plots stopped then accomplished. I think this is due not only to internet communication collection data programs FROM EVERY SINGLE COUNTRY ON EARTH!!! but also because of better training for agents, cameras on more street corners, etc….

          • “Ironically a lot of people who become either terrorists or ‘terrorists’ or “terrorists” do so as a result of what they see as injustice in the world around them, combined with an overwhelming sense of powerlessness to do anything short of extremism to change anything.”

            Yes, this argument is often heard when discussing the motivations of terrorists: they did not have enough food to eat, they lived in a dump, etc. Well, riddle me this, Batman: if your hypothesis is true, then you need to explain why we have seen zero suicide bombings or other terrorist activities from Haiti, a country which is about as poor as it gets. Or for that matter, Brazil, which also has grinding poverty and a dangerous level of crime from gangs. Or Mexico, which is rapidly turning into a civil war or something very close to it.

            To slightly paraphrase one of the liberal world’s heroes, Bill Clinton: it’s Islam, stupid.

          • Iatrogenic: originating from a physician and/or a side effect of medical treatment or advice.

            Why is this word relevant to the discussion?

        • It’s not possible to count death statistics in the fashion you suggest becaue each of us only dies once. People who “almost died but didn’t because the shoe bomber was captured instead” will go on to have an actual cause of death. The people who were “almost killed” by the shoe bomber will actually die of a heart attack, cancer, or whatever does in fact kill them.

          Your approach assigns two deaths to people who “almost died of terror” and one death to everyone else.

          And how do we decide how many people were “almost killed by terror” in each incident? I’m guessing that you plan to let the government decide, and when the people who want to convince us that we need to be surveilled “for our own safety” are done massaging the statistics the Shoe Bomber “almost killed everyone on the plane, then the fiery wreckage would have landed on an elementary school “almost killing” a thousand students, for a total of 1300 deaths.”

          Your approach lacks anything resembling statistical rigor and would result in the government hyping non-existant death statistics in order to justify their destruction of our rights.

        • Even the other side hasn’t presented any strong evidence that their measures prevented many attacks. I think in a multiyear period one study showed about sixty something potentials. Most weren’t credible enough to investigate, some were ridiculous (using blowtorch to destroy bridge), some were set up by FBI “sting” operations that convinced people to go ahead with plans (wtf?) before arresting them, and the few real ones were caught by… hold your breath… good policework. You know, that method that existed before 9/11 and has traditionally put criminals behind bars.

          So, they’d like to say they’ve prevented so much yet they can’t prove it. Additionally, that ignores an entirely different aspect of the case:

          Our constitution and Bill of Rights are there to protect us against THEM. And *them* isn’t terrorists.

          The fact is that governments take on a life of their own. Look in a history book, including US history. You will see atrocity after atrocity, rampant imperialism, and suppression of people’s rights/needs by corrupt governments. The more power and the less accountability they have the worse off people were. Plenty of instances of this have happened here in past ten years as well. It’s a pattern that doesn’t go away because it’s the nature of human groups with power over other groups.

          So, I think many of us have valid concerns when the current government says we need to trade the democracy and Constitutional protections for secret police, massive secret spying, secret courts, having “privileges” rather than “rights”, secret torture flights, secret prison camps, secret executions of secretly declared “enemy combatants,” secret “oversight,” and so on so that they might (eventually) stop a phantom enemy that has killed fewer people than asprin.

          Call me skeptical.

    • Eric —

      Troll for the feds much? Your comment is utter rubbish.

      It is not the Feds responsibility to protect me. It is my responsibility to protect me.

      To pick the pockets of taxpaying people AND to spy on their communications using said dollars is the height of conceit and arrogance. Any one who is complicit with what is going on, fed employee or contractor deserves neither my compassion nor my understanding.

      Please crawl back under your rock.

    • UM, you do realize that the two “boys” that are pointed at for the Boston bombings where ON THE TERROR LIST, and the feds still did nothing about it, or stopped it. This whole, “we stopped X number of threats” … is BS. Give times, dates, names, situations… then I may believe you. But it’s the “I have a friend” excuse/white lie. If the boys were on the list and the data collecting that supposedly faltered all these other threats”, would have prevented it.

      I really felt safer BEFORE 9/11 than I do now. Remember folks, government was warned many times and in many ways that something was going to happen… and yet something DID happen on 9/11. I understand the government always gets “threats” but when you know the players you need to actually maybe look into it a bit.

      So, these politicians need to put down their copies of 1984 and quit using it as a manual. It was ment as a warning, not to be used as a manual to govern.

      • But your saying you dont’ want them to look into it? Either they do or they dont’ man. I really do believe 9-11 might not have happened if it was tried now. Make up your mind. In fact I think you need to spend some time in another country bud.

        I would even go as far to say that, besides cameras on street corners, the Titan Traffic Database and Interception Modernisation Programme(among others not public) is why the Terror attacks in Europe have significantly declined.

        Did you actually believe Snowden when he was trying to say Hong Kong is more free then USA and nobody spies on your internet traffic there? I bet you did… HAHAHA.

    • No, I don’t.

  9. “Our community operates in the spirit of openness, verified trust, and mutual respect.”

    I wouldn’t have guessed this.

    • Yeah, no kidding. Given that just about everyone uses a nom de guerre on the Internet and many people steal from others while justifying their actions as acceptable, one wonders what medication Jeff Moss is imbibing.

    • As long as they know and trust someone, yea, they do share ideas, tips and tricks. Usually takes time, not like you walk up to someone (even at that conference) and start spilling your info.

      Info is power.

      • Sometimes you just have to realize, that the reason certain programs are unpopular is because of a community that does not welcome newcomers.

        Just go to any IRC linux help chatrooms on freenode. Where 100s of people sit in empty dead rooms where noone talks for weeks on end sometimes. Then if you ask a question they act rude and arrogant and tell you to learn to read and use google. Its appalling.

        The arrogant and rude comments that most of society is too stupid to know how to learn linux, especially if they are American, becomes only a self fulfilling prophecy by selfish haters hiding knowledge from others for even more evil motives then any democratic Gov’t! The pc gaming industry has been dying for years for the same reasons. Many gaming communities, totally infested with malicious hackers, repeat the same rhetoric about learning curves as a reason for the unpopularity. When sports and programs in real life have 100x the learning curves. As if the only smart people in society are behind a pc all day. (being anonymous all the time means your a fake person never to be trusted and noone needs a computer program to prove that. Its delusional to think its not just common sense, and in reality society is not as stupid as these nerds arrogantly think.)

        America is losing this information and propaganda war, and we will lose the cyber war too if we don’t wake up. We love you India!

        “We created the internet(and pioneered most hardware and software), and we should be the first ones to secure it” General Alexander at defcon last year.

        IMO, the internet is being abandoned by most Americans nowadays, because its getting that bad.

        • And just to add, instead of the old school white hats protecting fellow Americans now, they aid and abed Russian and Chinese criminals and Gov’ts exploiting their own people, like traitors.

        • Why doesn’t it surprise me that not only do you support oppressive government but you also hate Linux?

          Seriously you are precisely the kind of person that has utterly ruined this country (not that it had far to fall.)

          • People that don’t support my country have ruined it. Go out and vote, community organize and protest in the street or something. Use the system and rights that people have died for.

            But supporting islamic terrorists and malicious hackers and spreading false propaganda in an already dying internet, is not the way to a civilized society or freedom of information.

            I always put the word Malicious in front of the word hacker with respect to the linux people who term it differently…

  10. Most agencies aren’t allowing anyone to go to conferences in vegas any more (thanks GSA).

  11. Wow. So much for creating an environment where the sharing of ideas is encouraged. I understand the uncomfortableness this year’s meeting would bring. But, is shutting out one whole group really viewed as the best way to deal with this? I think this amounts to shooting the messengers. It’s the Congress that should be on the hot seat, not the Feds who are carrying out the law.

    • Yeah, don’t be mad at them, they’re just following orders, …

      Oh, wait, right, as a matter of legal doctrine, that’s no excuse for obedience to illegal or immoral requests from on-high.

      • So, I personally feel that we don’t know enough about why the gov.t have decided to do what they did and therefore can’t make the call as to whether it is immoral. Legality…. eh, that’s also a difficult one to call. Let me clarify (sorry, for the lengthy comment):

        Stealing is both illegal and immoral, no doubt. But stealing thousands of pounds of property from the house of two pensioners to fund a drug habit is morally significantly worse than stealing some bread from a national bakery chain to feed starving children. Morality has many grey areas and you really do need the information to make the call.

        Legality on the other hand has very many loopholes. I don’t know much American law (I’m a Brit), but I have observed that many American companies can (possibly do) avoid British tax laws by exploiting a loophole. If a British company “donates” or pays a subsidy equal to all their profits to a parent company, they don’t pay taxes, the parent company does (but as they are based outside the UK, the taxes don’t come to us). You can follow the law to the absolute letter and appear to be breaking it to anyone lacking knowledge of the *exact* letter of the law.

        I’m not saying that what the gov.t asked of its employees is right, because I simply don’t know. I am saying that the employees in question have more information, and therefore will have made the judgement most in keeping with their character. All you can do is assess the individual actions and compare it to what you know of their character to guess at the instructions given and the reasons behind them.

  12. All this – to me anyways – boils down to a few simple things. I am sure, if the Blackhats wanted the Feds out of the building, certain jump through hoops could be put in place to do so.

    Sure, spot a Fed – but what about other individulas that may be hired in order to blend in and take advantage of their cover maybe to learn about snips of things to come.

    If the Feds didn’t want to be spotted, I am sure they wuld not. Its sort of a waving of the flag, its a silent “were watching you” and “don’t forget we are still around”. It not only affects what is said but it may also be retained in thought once participants leave the conference.

    Nothing says the feds aren’t collecting faces, names and voice prints…. Looks like no Hackers will be recruited for work within the CIA, Secret Service , FBI or the NSA this year !!

    As far as NSA – Do you honestly think they are going to stop what they do? I doubt it. People have NO IDEA how many issues have been stopped in the USA and the world. I am sure the monitoring of things is mainly for just cause. Is there some political or personal vendetta involved with all of the NSA’s woes? I don’t know. It’s like anything else, it will be swept under the rug. Other countries that want to stir up dirt will probably have some polictical side effects if they continue the NSA bashings.

    You have to take the word of a potential traitor with a grain of salt. Sure some of what he says may be true. Is it exagerrated? Maybe. The press will inflate the truth until people believe it.

    Ah Phoooie. Not much is going to change – other than the way certain intellignce organizations operate…in the US and abroad. All of this is a “lessons learned” experience.

  13. IMO, To me the people who are naive and ignorant, or if your a $hacker=/FAKE, are the people who deny every single other country isn’t already doing this. Or denying the fact its more likely Chinese and Russian Gov’ts or criminal hackers are spying on you rather then the NSA, who actually doesn’t have nearly as much manpower or bandwith. We are talking probably 2/3rds of the ip4 addresses in the world at minimum are compromised.

    I also believe 9-11 would have never happened if this was in place before hand, even if it was an inside job like some conspiracy theorists suggest. If that was the case believe you me there would be many real hero whistleblowers, not traitors like snowden.

    The internet is a public highway, and we all knew eventually there would be cops and cameras everywhere. Its part of evolution. The next step is to teach everyone in society to protect themselves in public cyberspace. Like computer education starting in kindergarten next to reading and math. These other countries are leaving us in the dust.

  14. Just because Def-con asks the Feds to stay away, does that mean the feds will actually stay away this year?

    • George —

      No, I don’t believe they will. What Dark Tangent has done is planted a stanchion.

      “Your (fed) attendance is going to upset a large segment of the population that regularly attends Defcon. Please don’t come this year.”

      DefCon is a “private” conference and DT was well within his right to make this request. Will it be honored? I don’t believe so.

      Which is why, I am sad to say, that after looking forward to my sip of brain candy, which is DefCon, I have cancelled my plans to attend. Don’t want or need the hassle of people whos idea of freedom is diametrically opposed to mine.

      And for all the NSA fan-boys spewing your dreck here? Take it some place else. The emperor has no clothing on and we all know it.

      Now I just wish someone had the ballz to prosecute Holder and Clapper…

  15. Funny thing is, you trust both the defcons and the feds.

    epic fail.

  16. So what I really want to know about Edward Snowden is if he can still cast write in votes for Ron Paul from an airport in Russia? If there was one question I could ask him, that would be it.

  17. And in related news, the HBGary case continues to have inpact….

    Jailed Journalist Barrett Brown Faces 105 Years For Reporting on Hacked Private Intelligence Firms
    http://www.democracynow.org/2013/7/11/jailed_journalist_barrett_brown_faces_105

    Everyone – especially Brian – should view this interview: Link to the wrong thing as a journalist, go to jail…

    • The related article in The Nation…

      The Strange Case of Barrett Brown
      Amid the outrage over the NSA’s spying program, the jailing of journalist Barrett Brown points to a deeper and very troubling problem.
      http://www.thenation.com/article/174851/strange-case-barrett-brown

    • Wow too funny, i was spamming their facebook page like crazy last week telling them, as reporters, they should not associate with hackers or use them as a substitute for investigative journalism. They cannot be trusted.

      It seems the guy threatned FBI agents and linked to stolen credit card numbers? Thats pretty insane Rich.

      I still don’t understand how Democracy now never reports on cyber crime. Or why supposed “hackers” who know everything thats going on in the internet, never admit about cyber crime or foreign spies.

      I will say this Rich, I am not so sure Iran is hacking people like China and Russia, that the Gov’t somtimes implies. I can use my own judgment and realize most of the 100s of probes I get a day are from eastern europe and china and almost never from Iran.

      • oh and recently UK Government department of social security, and CECOM lol.

      • “most of the 100s of probes I get a day are from eastern europe and china and almost never from Iran.”

        Threat attribution is a lot more complicated than the next hop

        • Well I guess then i’m only talking about the countries so bold they don’t even try to hide it…or countries with such a reputation that those ips are used?

  18. I am in surprise to know such hacker game. How can hacker take part in this game?

  19. It’s just a “timeout”, next year will be business as usual.

    It would be nice, if people grew a conscience, but i guess we need a few more steps towards totalitarianism before our american friends wake up and see what they have become :/

  20. Def Con would never be able to deny feds or stop them from attending…etc..etc.. that makes this article = NULL. I am not sure why this was mentioned at all…that is a puzzle to me?

    Whatever jeff moss says (DEF CON owner and hacker-in-chief) is a moot point.

  21. The Utah Data Center/N.S.A./ Area 51/Room 641A/PRISM/Tempora

    The Federal Government will be there by way of their high tech surveillance of all the fiber internet and phone lines going in and out of Las Vegas

  22. @ Brian Krebs

    I think this DEFCON decision is foolish. (Unless, as RSH says, it’s about preventing fights which would be a decent idea for this year at least.)

    There many different kinds of people that attend DEFCON with different motivations. You have anti-government types, people in it for money, people who love tech/breakingstuff, people who are just curious, employers looking for talent, geeks who want another shot at the booth babes, and so on. We’ll ignore the geeks trying to get at the booth babes from here on out. However, the other people all getting together make the conference what it is today so their goals are important.

    So, would banning the feds have a negative impact on anyone? Well, the antigovernment and radical types won’t mind. I’m sure plenty will be there. Yet, the vast majority of the types of people I mentioned either won’t be bothered by feds or might actually want to meet them. Maybe they actually respect law enforcement. Maybe they just want to hear their perspective on various issues. Maybe they want a job. Maybe an anarchist type wants to try to hack their cell phone or steal their wallet. Many legitimate motives to run into feds. ;)

    The hate seems motivated by the spying problem which has a simple solution. That is for Americans to pressure politicians at the voting booth and with angry letters (not emails). They’ve successfully stopped problems that way before. Doing some “campaign contributions” of their own to push certain legislation might also be a practical, if distateful, idea. Adopting privacy tech too. There is one approach, though, that will have NO POSITIVE EFFECT on the situation: banning feds from DEFCON.

    That policy just separates the feds from the people furher and will cause quite a few *paying DEFCON attendees* to miss out on positive opportunities.

    Nick P
    Security engineer/researcher, civil liberty activist, and lifetime fed-fighter

    (Yeah, I hate their organizations but even a fed-fighter can admit meeting the individuals can be productive.)

    • @ Nick P

      Politicians have staff that read all mail, and if you complain about an issue they make note of it but generally ignore it if it’s angry; and it certainly won’t make its way to the eyes of your representative. If the system takes a turn towards citizens actually voting on issues and not our representatives I will give it a chance again, otherwise your solution will solve nothing.

      Original colonists used to set gov’t officials houses on fire if they f*cked up, and I think it sent a better message and made for more attentive representatives.

      • Seeing that SOPA and many others were stopped in their tracks (for a while) after much public protest I think there’s something about letters and petitions can work. Because it did many times. So, it’s worth it to (a) accomplish something or (b) prove it wont accomplish anything to justify another approach.

        Your other approach is entertaining and possibly effective. Reminds me of one I read about in a book recently: May’s “Assassination Politics.” A more civilized approach would be Iceland putting bankers and government people in jail, taking things back, and establishing new laws. I doubt Americans will have the brains or balls to do any of these.

        So, I particularly have a pessimistic outlook on the situation unless some kind of revolutionary spirit sweeps America, inspiring change. Not holding my breath.

      • Actually writing letters to your local Senator can sometimes help. For example my family has gotten help with even little things like problem with a son at school. Dogs who attacked an elderly neighbor….etc…..(From a republican senator and we are Democrats mind you)

        And voting is power dude. Why do you think Gerrymandering and voting rights is a big deal to all parties. Trayvon Martin and Edward Snowden are just distractions from the real issues…there to trap you into the mentality you have right now.

  23. ITT: Lots of NSA and FBI guys butthurt because the community thinks they are dirtbags.

  24. @Stefan, http://www.politico.com/story/2013/06/nsa-leak-keith-alexander-92971.html

    According to General Alexander they have stopped 50 terrorist attacks they were able to reveal to congress. 40 of which were overseas. 10 in the USA including one to blow up the stock exchange.

    But what they are still not talking about is how the Titan Traffic Database and Interception Modernisation Program, and Prism are all networked together. But we only know the names of these 3 programs because they were leaked, All countries have similar programs imo. Now you can say they are not accepted, but imo, like America, more then 60% of the people in society are ok with this. Think of cyberspace as a world environment. Where there are no rules and how barbaric people become, and you can understand why there is so many viruses and criminals and spies, and why most of my family and friends don’t go online or use a computer much nowadays, and what little they do is from their phones.

    My proof there is less terrorism in Europe is the news around the world. We went from hearing about a couple bombings every year including in Britain, to nothing. Now the news is about these revolutions in arab countries, that were started by women and young people with social networking, that we support and encourage.


Read previous post:
Who’s Behind The Styx-Crypt Exploit Pack?

Earlier this week I wrote about the Styx Pack, an extremely sophisticated and increasingly popular crimeware kit that is being...

Close