Hat Doffed To Hackers
Newcastle Herald
Monday July 23, 2001
THE same day high-tech professionals wrapped up a meeting in Las Vegas on securing computers and networks, a convention opened nearby for hackers who spend countless hours trying to break into computers and networks.
It was no scheduling slip, nor was it an attempt to spark a showdown. Organisers and participants wanted a lot of mingling.
Call it getting to know the enemy.
`It's an opportunity to meet and greet a fairly broad spectrum of people, from the people who break systems all the way to the people who protect them,' said George Jelatis of Secure Computing Corp, a provider of access-control software and services for large companies.
Black Hat Briefings opened first followed by the hackers' Def Con a few blocks away.
The two conferences target different audiences, but they share a common heritage and organisers. Jeff Moss, who founded and organises both, said 60% cent of Black Hat attendees stayed for Def Con last year.
Created nine years ago for hackers to stay in touch, Def Con quickly gained a reputation as a wild underground affair that included a lot of partying, hacking games and contests to identify federal agents.
Although hackers and the professionals exchanged useful information on vulnerabilities and fixes, Def Con's notoriety was sometimes difficult to overcome.
`People were saying they couldn't get to Def Con because none of their bosses would ever sign off on it,' Moss said. `They said if we could do a real show, they could get money for that.'
So Moss launched the Black Hat Briefings five years ago for computer security professionals. The conference pays speakers, whether they are hackers, federal officials or corporate gurus. Conference goers pay more than $US1000 ($1986) each, compared with Def Con's admission fee of $US50 ($99).
Somebody once compared Black Hat with a university and Def Con with a fraternity party, he said. `That description has fit pretty well.'
Black Hat has grown with the frequency and cost of computer crimes. According to the Computer Security Institute and the FBI, 85% of 538 companies, universities and government agencies surveyed said their networks were breached last year.
The 186 respondents who quantified the damage put their losses at $US378million. Last year, 249 companies said they lost a total of $US266million.
The Black Hat program includes discussions on the latest advances in detecting intrusions and tracking down culprits, next-generation e-mail viruses and security for wireless networking.
But why would a hacker who discovers a security problem want to disclose it? Moss said there's the recognition ? not to mention the sense of doing a good deed that builds confidence in the high-tech infrastructure.
Still, he added, hackers are facing increasing pressure from their peers to keep their findings secret. There's also the problem of some wearing both white and black hats ? being the good guys and the bad.
`They see a social benefit to having insecure systems,' he said. `They say if you are out there making systems 100% secure, you're enabling governments and corporations to become more fascist.'
Despite pressure on hackers to clam up and the hard times for the high-tech industry, Moss expects an increase in attendance at the Black Hat meetings over last year.
`Security is like doctors and policemen ? you always have to have it,' he said. `It's not like the pool repair guy, where when times get tough, you don't really need him.'
On the Net:
Black Hat Briefings: http://www.blackhat.com Def Con: http://www.defcon.org
© 2001 Newcastle Herald
Share This