There was some bridge-building, but a real rift remained on Saturday between US spy agencies and the world’s most infamous hacker gathering.
Scandalous revelations about sweeping online snooping by intelligence agents caused fury in the Def Con hacker community two years ago. That led founder Jeff Moss to call for a “cooling off period” during which “feds” avoided coming near the annual conference in Las Vegas.
The chill has given way to uneasy detente in which the door could be open to US spy or law enforcement agencies to take part in panels or presentations, if they are ready to be honest about what is going on and face hostile questioning by wary hackers.
“They could come back and explain themselves, but nobody has had the guts to do that yet,” Moss told AFP.
“I would say that we are in a ‘trust, but verify’ stage. If it is a national security thing, they need to have a real good story and be ready for hard questions.”
Deputy Secretary of Homeland Security Alejandro Mayorkas braved Def Con on Friday to give a presentation centered on the need to work together to fight cyber threats – a theme hit often by government agencies welcomed here prior to cyber spying scandals triggered by one-time intelligence contractor Edward Snowden and former US Army soldier Bradley Manning.
Whiskey and back doors
Mayorkas accepted the traditional shot of whiskey given to first-time Def Con speakers, but sidestepped a hacker’s request that he take a stand against building “back doors” for intelligence agencies to slip into encryption used to scramble email or other data traversing the Internet.
“I can not say ‘yes’ and I can not say ‘no’,” Mayorkas said, noting that it was the only time during his talk that the audience applauded. “I know what the problem is, and I don’t know what the solution is.”
The problem, he maintained, was tapping into digital communications that could expose threats by terrorists or others.
Moss said Mayorkas made the Def Con stage because DHS hasn’t been implicated in leaks about online spying. He noted that at last year’s Def Con, the Federal Trade Commission gave a presentation about zapping annoying ‘robo-calls’ and there was no drama.
The DHS also runs the Computer Emergency Readiness Team (CERT) that alerts companies to cyber threats.
The US Department of Defense research agency DARPA, which was involved in the creation of the Internet, is at Def Con to talk about a Cyber Grand Challenge that will pit computers against one another in a hacker version of the game Capture the Flag.
The final round of the Challenge will take place next year at Def Con, which has long had teams of human hackers playing the game, and boasts nearly $4 million in prize money.
Booting spies
“If the FBI or the NSA or the CIA wanted to try to give a speech, I think there would be some problems,” Moss said.
“If other agencies want to come and try to repair relations, I counsel them to really think through how they are going to repair trust.”
Moss had little doubt that members of intelligence groups from a variety of countries were at Def Con for either work or personal reasons, paying the $230 cash entry fee and walking in no questions asked.
“They are still here; you can see them,” Moss said.
“For a while, it was growing to be kind of cool to have them in the community, but they were never really open about what was going on.”
He said Def Con volunteers working as “goons” at the conference have booted out agents of foreign intelligence groups secretly recording goings on at the gathering.
“They have backpacks with small holes cut in them and they walk around recording everything,” Moss said.
“If we find them, we kick them out.”
