Security bods boycott DEF CON over closed door for feds
'Hey, if you're just here for interest, don't consider yourself a Fed!'
At least one group of researchers is pulling out of DEF CON in protest at the decision to tell federal agents to stay away from the annual hacking convention.
Jeff Moss, the US government security advisor who founded the DEF CON and BlackHat, urged federal agents to stay away from DEF CON in Vegas next month. G-Men were unwelcome because of the recent revelations about wholesale surveillance on US citizens by the NSA, Moss (AKA @TheDarkTangent) said in a post on the official DEF CON website.
"When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship," Moss said. "Therefore, I think it would be best for everyone involved if the feds call a 'time-out' and not attend DEF CON this year."
It's unclear how effective the request will be. Several people in the security community have questioned Moss's stance, given he's served on the US government's Homeland Security Advisory Council since 2009 and is chief security officer for internet overlord ICANN. Others dismiss the G-men exclusion request as showboating.
"Of course I think the whole ban the Feds at Defcon thing is just controversy to get media attention and more mainstream exposure :-)," said convicted hacker turned security consultant Kevin Mitnick, in a Twitter update.
Federal agents have been welcomed at DEF CON from the genesis of the long-running conference, with the main conditions being that they be open about their status and willing to put up with a certain amount of mickey taking from other attendees. Some security researchers such as Robert Graham of Errata Security, reckon the stay-away request is a sensible move towards defusing potential antagonism at this year's show.
However other security researchers argue that dialogue between hackers, security and representatives of federal agencies has become even more important in the wake of PRISM-gate. Turning DEFCON into a closed shop that excludes federal agents, or at least forces them to operate in stealth mode, is counterproductive - according to Secure Ideas. The security consultancy was due to present research into attacking SharePoint at DEF CON but has cancelled its own plans to appear at the show in response to the exclusion-of-federales request, as a blog post by Secure Ideas explains.
We do not want to make this a "political" move, and we do not make this decision based on their motivations. The issue we are struggling with, and the basis of our decision, is that we feel strongly that DEF CON has always presented a neutral ground that encouraged open communication among the community, despite the industry background and diversity of motives to attend. We believe the exclusion of the "feds" this year does the exact opposite at a critical time.
Instead of unveiling its research at DEF CON Secure Idea will present an updated version of its SharePoint talk (and release tools) at another as-yet-unconfirmed conference. ®
DEF CON organisers have posted a clarification update to its original post saying they're not banning anyone from attending, criticising the press for suggesting otherwise. Federal agents can still come to DEF CON on condition that this is to satisfy their personal interest in computer security, the post states.
"There is a lot of tension in the community right now and he was asking politely for feds to consider not attending this year," the post explains.
"If you are on your own dime pursuing your own personal interests in hacking and not assigned to be there working your federal Intel job, then don't consider yourself a Fed! We want motivated people to attend!"