Gadgetory

I think what's changed in the last 20 years is we're at the the verge of the fulfillment of the promise of 20 years ago so 20 years ago people were saying computers are gonna be everywhere and they're gonna do everything and we're at a moment now where everything we do involves the internet and computers and we're just before the moment where everything we do will require in the Internet and computers that's kind of the David Brin transparent and society thing the idea that instead of worrying about one big brother that's got kind of centralized surveillance it's kind of everyone surveilling everybody all the time in the old days already had the computing power and the resources right it was a handful of entities now it's everywhere I mean the opportunities are more abundant so that has probably shifted the way some folks operate a little bit it's happening kind of whether we like it or not so I think our only real choice is to try to find ways to work with it and make it work out the nature of the computer security space the industry technology the impetus of computers have all drastically changed over the last 20 years where InfoSec used to be a problem that affected a tiny domain of human experience now InfoSec affects every corner of human experience when we started DEFCON there was no world wide web most people didn't have a home computer and the computers they did have were far less powerful than the phones in all of our pockets today I think DEFCON is what its gonna become it's a very large semi corporate event that has hackers comments got captured the flag there's a social engineering contest going on right now or there's someone sitting in isolation booth trying to call companies and get to secret information but on top of that you've got a lot of people who are much more corporate who want to see it who've heard about it and want to be there and the hackers put on the show for them and that's how you get 10,000 people here so I'm dead addict I'm a senior staff member at DEFCON and I've been senior staff member since DEFCON began and for the past decade or so I've been working the press team helping try to foster a better understanding of the hacker and security community to to the rest of the world it's a real community that is is built around some shared values and it's a community where people are really sort of being themselves in a way that you know may seem unusual to some folks but there's so many really wonderful people that I've met here people who they see an issue they see something that is wrong whether it's a bug or system and they want to solve that problem and a lot of tinkerers who want to see what things can be done in different ways of course I still say you know don't get on the the open Wi-Fi there's so people coming here who are hackers who have a hacker persona and also have a day job so they don't want those two to mix they don't want their employees to know they're here you've still got people who don't want to be identified there are people that use technology war criminal ends and the hacking community as a whole doesn't consider those people hackers so hacking is a way of thinking it's a way of perceiving the world looking at the world as a series of systems that work in a certain way but don't have to work that way on the one hand there has always been and will always be a total legitimate series of activities that are about exploration the acquisition of knowledge the discovery and eventual repair of security flaws and the intellectual exercise of understanding systems breaking them and putting them back together on the other hand I think that the opportunity to be a highly automated vandal has never existed in the way that it does today I come to DEFCON because there's a very interesting culture here it started out originally if ecology of let let's break things to now I think more like we know we can break things but how do we make things better the spirit of fight the man is very much alive and I think a big part of it is that the world is just becoming more and more corporate and I've seen a big change in Vegas Vegas is now culprit so I think that roots only adds to you know that mentality of the big man kind of getting richer people who break security obey definition rule breakers so you need rule breakers on the side the people building the systems or they're no good about a decade months ago every major corporation that was involved in software and hardware stated publicly we do not hire hackers we do not hire these people and the truth of the matter was I had friends in all of these places so they were either ignorant or lying but now all these same companies have active outreach programs they're recruiting at these events people here a lot of them grown up so back then it's it's all hackers here it's really more computer security professionals coming to hang out with hackers and you know hacking is almost the sideshow here this is much more legitimate the NSA is exhibiting at DEFCON you know in the beginning we as spot the Fed contest in this room this one right here is the talent our nation needs secure cyberspace and there's some issues that we have in cyberspace when you look at you folks understand cyber security you know that we can protect the networks and have civil liberties and privacy and you can help us get there far as intelligence community the FBI they started coming to Def Con a number of years ago and started parent panels and we have a meet the Fed panel and essentially what they do is recruit they look for the best of the people that come here to help government solve eight security problems you know there are some things that I'm working my way through to understand cyber security I want to walk through those with you and see what we can do together to help secure cyberspace I think he's here asking for help I think that that's an admission that they're having trouble solving problems so he's asking for your help but that's an admission that they have internally they had problems solving these issues I don't think there's anything wrong with that by the way he's looking for talent the NSA needs people who think like hackers where they call themselves hackers or not I don't care I mean then what's a towel determine 25 years to 30 years old it's gone through a lot of iterations it's been vilified it's been rehabilitated you know you got white hat black hat grey hat I don't even know what these terms mean anymore well personally I'm thrilled that the security community has grown as large as it has and I think it's crucial for the global infrastructure that the community continue to grow and continue to be embedded in large corporations helping with securing architectures and infrastructures it shows there's a growing interest in security research and in playing with technology like they view if you have a piece of technology what can you do it that's a really important aspect of technology feeling that you can own it that it doesn't run you you run it it's human behavior that nobody wants to be told that things are bad or things are broken so you kind of have to find the right level of how far you go at any given time and that's gonna be harder because technology is going to change faster we're going to see more and more complex infrastructures I think he's going to see more infrastructures that do not follow any standards or industry best practices so really applying the right level of expertise and the right level of pressure at the right time is is gonna continue to be an art but perhaps increasingly be one and I hope that deaf one can help the folks to exchange information or experience like where that Louisville is and how that works things that right now are really in the hands of just a few people are rapidly approaching the hands of people who are black either the emotional maturity or the sense of responsibility or the good sense overall to use that stuff wisely I also believe that end users shouldn't have to care about security they do have to care about security but I would really consider that a failing of the software and hardware industry of the computing industry that they they have to make very difficult decisions and have to buy third-party products to help protect them that don't work that well and that shouldn't be the case as a community in the software industry and as a security community we should be making technologies that that are secure by default because you know my mother is never going to be able to make the right decision