Security

Defcon founder to advise the Department of Homeland Security

In an interesting turn of events, Jeff Moss (aka, the hacker "Dark Tangent") was sworn in as a member of the Homeland Security Advisory Council.

To realize the significance of this, you need to understand that it's the responsibility of the Homeland Security Advisory Council (HSAC) to:

"Provide advice and recommendations to the Secretary (Ms. Janet Napolitano) on matters related to homeland security. The Council is comprised of leaders from state and local government, first responder communities, the private sector, and academia."

Members of HSAC

It's not hard to to be impressed by the members of the HSAC, a group of esteemed experts with extensive law enforcement and emergency preparedness experience. Yet, I was the most inspired by one member who has slightly different qualifications:

Dark Tangent

Those unique qualifications happen to be:

"Founder and Director of Black Hat and DEFCON Computer Hacker Conferences. Prior to Black Hat, was the director at Secure Computing Corporation where he helped establish the Professional Services Department in the United States, Asia, and Australia. He has also worked for Ernst & Young, LLP in their Information System Security division."

Meet Jeff Moss, legendary for being able to straddle the entire color spectrum of hacker hats, as well as being very knowledgeable when it comes to IT security. Even nine years ago Jeff  had an unorthodox perspective regarding IT security as belied in an interview with Kim Zetter of PCWorld. I especially took note of his response to the question:

"How has the hacking community changed since you founded Def Con in 1993?"

I wonder if Jeff had any inkling back then as to what his response would come to mean:

"There are more hackers employed now. Now you look around at all your friends... and they're heads of security at big companies.

And the motivations for hacking have changed. When I was growing up, we were the first generation to really have computers, and it was a big deal to have one. Now we have the Nintendo generation who have always grown up with a computer, video games. There's nothing special about it to them."

I'm sure there will be some controversy about his background, especially when compared to the other members of the HSAC. Still, different viewpoints seem to be the mantra of President Obama's administration and I for one feel that's a good thing. Jeff Moss admits this himself in a June 5, 2009 interview with Elinor Mills of CNET:

"I know there is a newfound emphasis on cybersecurity and they're looking to diversify the members and to have alternative viewpoints," he said. "I think they needed a skeptical outsider's view because that has been missing."

Final thoughts

This moment is significant. Established government bodies are recognizing that IT security professionals need to have a say. From his comments, I think Mr. Moss understands the importance of this acknowledgment. I certainly wish him well as the IT security community needs a good spokesperson.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

86 comments
still_learntoo
still_learntoo

An acquaintance in the Secret Service mentioned that they seldom use the word "Hacker" They prefer to define someone that illegally enters your realm as a "Cracker"

Michael Kassner
Michael Kassner

Now we just have to convince the media to do that as well.

Michael Kassner
Michael Kassner

Dennis Fisher of ThreatPost's Digital Underground is interviewing Jeff Moss this afternoon and asking for questions: "DennisF will have Black Hat's own Jeff Moss on the Digital Underground later today. Questions for Jeff? Send em to @DennisF"

dale
dale

This guy is amoral. Read his response to questions. The question is do we think a person who has a sliding scale of morality should be given this position? Yes, we have politicians but with all due respect there made stupid by the blinding self center ego and are therefore rendered innocuous. It is what comes out of a "man" that defines him.

JCitizen
JCitizen

if he has a brain one, he will help his country and by that, himself.

Michael Kassner
Michael Kassner

I've been following Mr. Moss for a long time and I think he will help our community tremendously. Or at least as much as they will allow him.

JCitizen
JCitizen

or t least my perception over the years I've read on his activities.

bfpower
bfpower

There are a lot of factors to be balanced in the political world. You will notice not everyone on his team is a hacker. But is it a good thing to have a hacker involved? I think so. It's not like anyone else in DC is completely straight either. So yes on all counts. Yes, we need someone with his expertise and insight. Yes, he has a dark background, and yes, there is a possibility that his actions may be influenced by it. But yes, he's a good choice. We need that kind of thinking (in moderation) in the federal government. My two cents.

Michael Kassner
Michael Kassner

As I said earlier, I'm just happy that there is some recognition that IT security types need to part of the picture.

pgit
pgit

isn't over dark tangent, he's under a scanning, tunneling electron microscope. He'll be OK. What I worry about is what DHS will have him doing. Remember they are "spying" on everyone. (everyone who doesn't volunteer on facebook, anyway) Will one task be how to gain access to literally everyone's computer without them knowing, perhaps? I trust Moss, I don't trust government. So I guess I have to say now that he's part of it, I don't trust him anymore.

JCitizen
JCitizen

that he recognize this is the greatest nation on earth to practice as free a life style as possible; and that our greatest asset is intellectual power - that is not suppressed like other countries; and that to do service to it, does service to one's own self best interests!

michael.tindall
michael.tindall

I think Dark Tangent will likely distinguish himself in his new role, as did many of the former great hackers once they got busted or hired. More than any concern with DT's trustworthiness, I am glad to see that DHS is finally deciding to do SOMETHING different, as the previous strategy was obviously NOT working. I should think that this will be a great employment opportunity for several thousand of security experts, and that there should be some excitement within professional circles, if only for that reason.

Michael Kassner
Michael Kassner

As usual you bring up a good point that I've not really thought of. Well done.

Michael Kassner
Michael Kassner

I heard that Bruce was considered or was felt to be a better choice? Any thoughts on that?

seanferd
seanferd

that Moss was surprised that he was chosen for that very reason.

Michael Kassner
Michael Kassner

And if the press are quoting him correctly, he is deeply honored and humbled by the appointment. That's very cool as well.

bfpower
bfpower

I think Schneier would have been a similar pick to Moss - one whose background makes him an illogically logical choice. Schneier has excellent written communication skills, and has well-defined opinions. Moss has been rather successful in the corporate security and leadership sector, whereas Schneier's fame is largely evident through crypto and writing. Perhaps they thought that those experiences made Moss a better choice?

Michael Kassner
Michael Kassner

I haven't heard, but I suspect that Mr. Schneier is still in contract with BT. So that may be a factor as well.

Curious00000001
Curious00000001

He definitely would create a stir and a lot of things would change. I think because of how critical he is of the government and it's policies he wouldn't make it. He is undoubtedly a security genius but I think this would be too political a position for him.

Michael Kassner
Michael Kassner

I guess I have to agree that he has been a bit more radical and outspoken about .gov activity.

mtntrackr
mtntrackr

While it doesn't surprise me, I believe it is a really bad move. Underlying ethics and morals do not change just because the job title does. His background speaks for itself.

DHCDBD
DHCDBD

In Japanese 'Sensai' is roughly translated as 'One who has walked the path before me' or 'One who has gone before.' If you look over some of the editorials at attrition.org you will find the experts who have never walked the path being lambasted. All these experts who have never walked the path mostly do not know anything and are not able to a lot of creative thinking; it has been leached from them by their expertize. Like martial arts, if you want to be effective you must move away from the dojo and the pretty kata's into the real world where losing means dieing. You do not necessarily have to talk the talk, but you have to walk the walk! Here you are speaking of national security, losing means dieing. What do you want: someone who cannot walk the walk but has the alphabet soup behind his name, or someone who has walked the walk and knows how to handle many situations in his sleep and can creatively think about new situations? Me? If I were looking to secure a building I would hire a burglar to analyze the physical structure and entry paths and not some wanna be security expert. If the person has a criminal record, so what. If he has done his time, your depriving him of an opportunity to better himself and usefully contribute to society may drive him back into what he came from. Now you are stuck with the situation of the real expert facing the wanna be expert. Who do you think would win? Having a criminal record or being a REAL hacker, rather than a script kiddie, has nothing at all to do with national allegiance and security expertize. Allegiance and expertize are what the job is about. Get the best!

michael.brodock
michael.brodock

sometimes when you hire a thief, you just make it easier for him to get your goods... not saying that people can't mend their ways and do what is right, but that is not the path most take. The hard part is getting and keeping trust after it has been broken. I don't have any good answers on how you do that.

Michael Kassner
Michael Kassner

I'm not sure but would you think that he got vetted especially hard because of his background?

Michael Kassner
Michael Kassner

What options are there available for the IT czar they are thinking about appointing to a cabinet position?

Michael Kassner
Michael Kassner

As I've been saying I'm excited to have an IT security person on the council. I wish there were more. I'm also concerned that every other article I've read about the Jeff Moss appointment used the word hacker in the title. I didn't want to do that for all the reasons you mentioned.

steve.smith
steve.smith

Oh, my. Jeff has been convicted or suspected of "what", exactly? Oh, nothing? You know him and he's evil and steals stuff, though, right? Oh, you've never met the man? Hmm. But he calls himself a hacker, so he *probably* eats babies and listens in when you call your mom every Saturday night? Crikey. How about if Obama/Napolitano just picked a bunch of people from the ol' frat/sorority and gave them a nice .gov title? I had lunch with Richard Clark at Blackhat '07. Oh noes! Richard Clark is actually a hax0r terrorist, 'cuz he even gave speeches at BH/Defcon! Get a grip, people. Having people who know what they're talking about w.r.t. computer security is a Good Thing.

Curious00000001
Curious00000001

Honestly I think Bruce would be the best choice but don't think it would ever happen. We need someone that would throw up the bull$h!t flag about some of the ridiculous policies that are coming out and implement some realistic ones. I think with Bruce writing the policies with input from "advisors" like DT who are also used as ethical hackers to test that the policies are implemented and working as desired.

Michael Kassner
Michael Kassner

You for your choice? Can't remember if I did. I'd love to hear your thoughts on who would be a good candidate.

Curious00000001
Curious00000001

There is no doubt they thoroughly looked into every aspect of his life but the fact is just based on public knowledge about him a normal person would have been disqualified. This just goes to show that either 1: they recognize the need for someone that can think like a real true talent black hat, or 2: they are incredibly desperate. I suspect it is a combination of both.

mhbowman
mhbowman

Hackers are the type of people that want to know how things work, and to see if they can beat them. To prove that they're smarter than the so-called "experts". The feeling of superiority they get is a high that's much more important than money. So much so that the NEED to tell someone about their "perfect" crime is usually what gets them caught. From that perspective, Moss doesn't really have anything left to prove in this area. There can be no greater recognition than having this group of experts not only recognize him but effectively bow to his abilities by offering him a job. They are saying: "Regardless of your background, we NEED you." Besides, I'm sure someone of Moss's intelligence realizes that since he is now in the inner circle, he would most certainly be under a microscope if anything illegal took place.

Michael Kassner
Michael Kassner

If you look at the backgrounds, it seems to be really weighted to law enforcement types.

mhbowman
mhbowman

there aren't more IT security specialists of Moss's ability involved. Further, I think you would want a balanced group that had talents in multiple areas to be able to counter most any situation whether it was hacking, espionage, or some internal threat from one of our own. Finally, a system of checks and balances should be in place to protect us from effectively losing our inaliable rights as American citizens.

santeewelding
santeewelding

Excitement is not what I look for. More like, you looking hard over the top of your glasses.

Michael Kassner
Michael Kassner

I was trying to remain neutral, but in my mind I agree with your comment. I'm just excited that there is someone related to IT on the council. I didn't see any other member that did.

Curious00000001
Curious00000001

I think in this case it is simpler. Normally you start out with individuals that are supposedly trustworthy and do not pay special attention to their actions until they prove otherwise. In this case it is someone whose trust is questioned and you know you need to watch closely. I say give him free reign while listening and learning from his advice while never letting him out of your sights. Oh yeah don?t forget that he is probably smarter than you and if you turn your back on him or stubbornly resist his advice he will make you look like an @$$.

Michael Kassner
Michael Kassner

Jeff Moss mentioned that he would now have an advantage in that contest being in Washington more.

JCitizen
JCitizen

some IT security folks look to Defcon and Blackhat for research on how to avoid being pwned. Not everyone looks at this individual as a crook. Phreaking was an early stage of experimentation by curious novices at the start of the net. The only way you could judge your effectiveness was to get into trouble, back in those days. Kind of like juveniles with nothing interesting to do, pulling highjinks. However, I'm not familiar with his past.

DHCDBD
DHCDBD

Absolutely not! The Fed's attend not only to learn but to get to know some of the competition. In fact, one of the favored activities is the "Identify the Fed" game. Your hacker is part of a larger group and his knowledge is part of a larger community. Depriving the individual of this community would be to deprive him of a knowledge that would exceed hos own. As was said earlier, watch the individual and learn from him.

Michael Kassner
Michael Kassner

The flip side will occur as well, where the hacker community may view him differently as well.

tracy.walters
tracy.walters

Yes, he should. If he is going to work on the government side, he must. He, or a colleague can go gather information, but to be a speaker is to operate on the opposite side...if he were try to convince them to change their ways, he'd be ignored or jeered at, and not asked back. Most of the people at these conference revel in their black hat side...they enjoy being known as either operating illegally or using civil disobedience.

Michael Kassner
Michael Kassner

Defcon and BlackHat? Should he disassociate himself from those?

santeewelding
santeewelding

Engrossed in the smaller, he has no time to be smarter in the larger.

boxfiddler
boxfiddler

I'm glad you're on 'the other side of my screen', pointing out to me the things I miss, or don't notice due to my daily responsibilities. I think it's about time something like this happened at a 'high level', too. I'll be watching to see just how this goes... Thanks again, Michael! etu

Michael Kassner
Michael Kassner

So you need to tell me what you think. Is it a good thing to give an ex-hacker that kind of influence?

santeewelding
santeewelding

If you would do great good, master greater evil. How do you locate the former in any way other than the latter? Nor cleave to either.

JCitizen
JCitizen

santee is like reading the JKV sometimes; I really enjoy reading his posts.

Michael Kassner
Michael Kassner

I really like your comment, now I have to figure it out.

boxfiddler
boxfiddler

I think it's a good thing. I'm no 'geek', but I do see that there exists a category of people that are clueless as to just what and how much of that what can go wrong with being connected the way we are in our time. I tell my students about the 65,000+ communications ports on their computers and their eyes glaze over. To me, that's 65,000+ points of egress into my life. If he can get that across to the people who need to know, with a good level of shock value for those who might still not 'get it', more power to him.