Feeds

Feds BANNED from DEF CON by founder (who is Obama's cyber-expert)

And presumably uninvites himself?

The Power of One eBook: Top reasons to choose HP BladeSystem

DEF CON 21 Jeff Moss - the US government security advisor who founded the DEF CON hacking convention - has urged federal agents to stay away from the conference next month.

For the first time in the annual event's 20-year history, g-men and spooks have been made unwelcome. Exactly how effective the request will be remains to be seen.

Moss's anti-invitation was laid out in a note posted on the DEF CON website titled Feds, We Need Some Time Apart. And it reads like a text from someone who has realised an acquaintance they invite to a big blowout party every year has either been stealing from their stash or been especially mean to their other friends*:

For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory. Our community operates in the spirit of openness, verified trust, and mutual respect.

When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a "time-out" and not attend DEF CON this year.

This will give everybody time to think about how we got here, and what comes next.

The Dark Tangent

Moss, aka Dark Tangent, was appointed to the US government's Homeland Security Advisory Council by President Obama in 2009, and is chief security officer for internet overlord ICANN. He also founded the DEF CON and Black Hat computer security conferences, both regularly held in Las Vegas, Nevada.

It's presumed Moss's warning was in part sparked by recent revelations about the NSA and its monitoring of the world's internet connections - see the bootnote below. Feds are welcome to turn up to the top hacking conventions, provided they're transparent about it and can put up with a little ribbing from attendees. But perhaps in light of recent events, the presence of any g-men could spoil the atmosphere.

Among the security experts and hacker types who have reflected on the DEF CON blog post, some think the ban won't be enforced and the invitation is purely for show; others think it's a sensible move towards defusing potential antagonism that might otherwise spoil the whole event for everyone.

"I wonder if this means that the Feds will be escorted out of DEF CON, like those reporters who fail to register themselves as such," mulled Jeremiah Grossman, founder and CTO of WhiteHat Security, in a Twitter update.

Robert Graham of Errata Security has a characteristically thoughtful blog post supporting the cooling off move.

"A highly visible fed presence is likely to trigger conflict with people upset over Snowden-gate," Graham wrote. "From shouting matches, to physical violence, to 'hack the fed', something bad might occur. Or, simply attendees will choose to stay away. Any reasonable conference organizer, be they pro-fed or anti-fed, would want to reduce the likelihood of this conflict.

"The easiest way to do this is by reducing the number of feds at DEF CON, by asking them not to come. This is horribly unfair to them, of course, since they aren't the ones who would be starting these fights. But here's the thing: it's not a fed convention but a hacker party. The feds don't have a right to be there -- the hackers do. If bad behaving hackers are going to stir up trouble with innocent feds, it's still the feds who have to go."

Tor developer and longtime NSA critic Jacob Applebaum called on other conferences to follow suit. "I hope ‪#OHM2013‬ makes a statement similar to ‪#DefCon‬ - the feds and cops won't follow it but saying it sets expectations," he said in a Twitter update.

Applebaum's post is a reference to OHM2013: Observe. Hack. Make. which is due to take place between 31 July and 4 August in Amsterdam, the Netherlands.

BSides and Black Hat events will also be held in Vegas in the run-up to this year's DEF CON. Federal agents are welcome at both of these conferences, at least the time of writing. In fact the opening day keynote at Black Hat is due to be delivered by General Keith Alexander, the head of the NSA. DEF CON is due to start the day after, running from 1 to 4 August at the Rio Hotel and Casino.

Vegas promises to be action all the way over the next few weeks. ®

Bootnote

* For "stealing from their stash" read "tapping into their emails spools and browsing their web history via the PRISM programme". And for "been especially mean to their other friends", perhaps read "the controversial prosecution of Andrew 'weev' Auernheimer over the AT&T iPad hack case and/or the prosecution of Aaron Swartz in a separate case that some blame for the internet activist's suicide".

Designing a Defense for Mobile Applications

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.