• United States



Defcon, Aaron Barr and legal garbage

Jul 28, 20113 mins
Data and Information Security

Just about every year at Black Hat and Defcon, someone tries to stop certain talks with legal action. Usually, the side pushing the legal action comes off looking like a stinker, and rightfully so.

I felt that way in 2005 when Cisco Systems and Internet Security Systems (ISS) tried to stop Michael Lynn from revealing a security flaw in Cisco’s flagship router products. Lynn quit his job in defiance and gave the talk, anyway. Cisco would have looked better had it stood back, let the talk happen and then did everything possible to fix the flaw. Immediately after Lynn’s talk, the company could have supplied users with steps to blunt the threat while a fix was being created.

But it took the easier path and simply tried to squash the talk.

We’re coming up on Black Hat and Defcon 2011 and the same, tired legal crap is being used again to prevent what I see as an important discussion.

Former HBGary Federal CEO Aaron Barr was to join a Defcon panel discussion moderated by my old friend, Paul Roberts of Threatpost, called “‘Whoever Fights Monsters …’ Aaron Barr, Anonymous, and Ourselves.” Since the rise of hacktivism is making it harder to tell the good guys from the bad guys, this would have been a terrific exchange of views. Maybe we would have learned something about people’s motives and how best to conduct ourselves going forward.

But Barr won’t be there because HBGary Federal threatened to file an injunction against him.


I’m sure it will still be a good panel. I’ve seen Roberts moderate panels before and he always does a great job.

But Barr’s departure puts a big hole in the proceedings. He was the perfect panelist for the topic, given the boatloads of controversy over his role in the HBGary-Anonymous mess.

Here’s a bit of back story on that, as written by my Network World colleague Tim Greene:

The panel, “‘Whoever Fights Monsters …’ Aaron Barr, Anonymous, and Ourselves,” is billed by the conference as a discussion of the problems faced by those who try to expose attackers that work anonymously, such as Anonymous and LulzSec.

Barr threatened to expose Anonymous in February when he was CEO of HBGary Federal. In retaliation, the group attacked the company website and hacked its emails, posting more than 50,000 of them online. Barr resigned from the company.

The emails revealed some of HBGary Federal’s business dealings that were criticized as unethical.

In my opinion, companies that get spooked every time the late-July, early-August sun rises on Las Vegas make a big mistake by calling in the lawyers.

It’s better to let someone speak, then be ready with a strong counter-argument. Wouldn’t HBGary be better off dealing with all the criticism head on, which would include letting Barr speak?

After all, when you try to silence a discussion about what you might have done wrong, doesn’t that make you look worse?

That’s how it usually looks to me.

I’m not defending Barr. His reputation has been clouded by the whole HBGary-Anonymous affair. But it would have been useful to hear him speak.

Once again, because of legal games, we lose.

–Bill Brenner

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO’s Daily Dashboard gives you a