Security, Travel

I was a DEF CON Virgin

Last week I got to experience the DEF CON hacker’s conference in Las Vegas for the first time.  If you aren’t familiar with the conference, it is one of the world’s largest hacker conventions, and this year was its 25th annual convention.  DEF CON is considered an “underground” event because it is community driven and doesn’t have any major corporate sponsors, yet it attracts roughly 30,000 people such as computer security professionals, journalists, lawyers, federal government employees, security researchers, and students from all over the world.  You can read more about the event here:

https://en.wikipedia.org/wiki/DEF_CON

https://defcon.org/html/defcon-25/dc-25-index.html

I’ve attended over a hundred IT focused conferences in my life, but for some reason DEF CON never made my list.  I don’t know why I hadn’t attended before – I guess I never really “got” the community.  But this past year I read “Ghost in the Wires” by Kevin Mitnick and gained a much better understanding of what makes this community unique, so I decided to add DEF CON to my list. Continue reading

Security, Social Networking

Motivation to Change Your Password

In a previous post I explained what a botnet is and how criminals use them to attack certain targets on the Internet.   In that article, I equated those botnets to the battle droids used in Star Wars Episode I: The Phantom Menace.  In this article, I have an even more outlandish story to tell.  The main character of this story is Aaron Barr, CEO of Security firm HBGary .  He reminds me of the main character Tony Stark in the Iron Man movies.  Sometimes you love him, sometimes you hate him, and sometimes you just feel sorry for him.  While Tony Stark’s weakness was the shrapnel coursing through his veins, Aaron Barr’s weakness was his simple use of a single password between multiple online systems.

Aaron Barr thought he could track down the identity of hackers using social media.  He thought if he did this, it would generate a lot of publicity for his company.  In order to generate as much publicity as possible, he went after a hacker group called “Anonymous”.  It is believed that this group orchestrated an attack on credit card companies in retaliation for blocking Wikileaks funding channels.  The entire story can be read here, but suffice it to say, Aaron befriended some of the members of the group.  He followed through with his plan by giving them reason to trust him, but then turned on them and threatened to expose what he believed to be their true identities.  Aaron acted as a renegade in his investigation and even people within his own company were sometimes critical of his motives and actions .  For instance, the way in which he was identifying the hackers using social media was unproven and undocumented.  Aaron was unwilling to share details of how his system worked with anyone.  He either didn’t know who to trust, or didn’t have the data to backup his claims. Continue reading