Feds BANNED from DEF CON by founder (who is Obama's cyber-expert)

And presumably uninvites himself?

New hybrid storage solutions

DEF CON 21 Jeff Moss - the US government security advisor who founded the DEF CON hacking convention - has urged federal agents to stay away from the conference next month.

For the first time in the annual event's 20-year history, g-men and spooks have been made unwelcome. Exactly how effective the request will be remains to be seen.

Moss's anti-invitation was laid out in a note posted on the DEF CON website titled Feds, We Need Some Time Apart. And it reads like a text from someone who has realised an acquaintance they invite to a big blowout party every year has either been stealing from their stash or been especially mean to their other friends*:

For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory. Our community operates in the spirit of openness, verified trust, and mutual respect.

When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a "time-out" and not attend DEF CON this year.

This will give everybody time to think about how we got here, and what comes next.

The Dark Tangent

Moss, aka Dark Tangent, was appointed to the US government's Homeland Security Advisory Council by President Obama in 2009, and is chief security officer for internet overlord ICANN. He also founded the DEF CON and Black Hat computer security conferences, both regularly held in Las Vegas, Nevada.

It's presumed Moss's warning was in part sparked by recent revelations about the NSA and its monitoring of the world's internet connections - see the bootnote below. Feds are welcome to turn up to the top hacking conventions, provided they're transparent about it and can put up with a little ribbing from attendees. But perhaps in light of recent events, the presence of any g-men could spoil the atmosphere.

Among the security experts and hacker types who have reflected on the DEF CON blog post, some think the ban won't be enforced and the invitation is purely for show; others think it's a sensible move towards defusing potential antagonism that might otherwise spoil the whole event for everyone.

"I wonder if this means that the Feds will be escorted out of DEF CON, like those reporters who fail to register themselves as such," mulled Jeremiah Grossman, founder and CTO of WhiteHat Security, in a Twitter update.

Robert Graham of Errata Security has a characteristically thoughtful blog post supporting the cooling off move.

"A highly visible fed presence is likely to trigger conflict with people upset over Snowden-gate," Graham wrote. "From shouting matches, to physical violence, to 'hack the fed', something bad might occur. Or, simply attendees will choose to stay away. Any reasonable conference organizer, be they pro-fed or anti-fed, would want to reduce the likelihood of this conflict.

"The easiest way to do this is by reducing the number of feds at DEF CON, by asking them not to come. This is horribly unfair to them, of course, since they aren't the ones who would be starting these fights. But here's the thing: it's not a fed convention but a hacker party. The feds don't have a right to be there -- the hackers do. If bad behaving hackers are going to stir up trouble with innocent feds, it's still the feds who have to go."

Tor developer and longtime NSA critic Jacob Applebaum called on other conferences to follow suit. "I hope ‪#OHM2013‬ makes a statement similar to ‪#DefCon‬ - the feds and cops won't follow it but saying it sets expectations," he said in a Twitter update.

Applebaum's post is a reference to OHM2013: Observe. Hack. Make. which is due to take place between 31 July and 4 August in Amsterdam, the Netherlands.

BSides and Black Hat events will also be held in Vegas in the run-up to this year's DEF CON. Federal agents are welcome at both of these conferences, at least the time of writing. In fact the opening day keynote at Black Hat is due to be delivered by General Keith Alexander, the head of the NSA. DEF CON is due to start the day after, running from 1 to 4 August at the Rio Hotel and Casino.

Vegas promises to be action all the way over the next few weeks. ®


* For "stealing from their stash" read "tapping into their emails spools and browsing their web history via the PRISM programme". And for "been especially mean to their other friends", perhaps read "the controversial prosecution of Andrew 'weev' Auernheimer over the AT&T iPad hack case and/or the prosecution of Aaron Swartz in a separate case that some blame for the internet activist's suicide".

Secure remote control for conventional and virtual desktops

More from The Register

next story
Leak of '5 MEELLLION Gmail passwords' creates security flap
You should be OK if you're not using ANCIENT password
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Enigmail PGP plugin forgets to encrypt mail sent as blind copies
User now 'waiting for the bad guys come and get me with their water-boards'
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
prev story


Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.