• United States




Hacker Cons And Misguided Notions

Aug 05, 20133 mins
IT LeadershipTechnology Industry

This week came to a close on a high note. After spending the week in Las Vegas attending Blackhat, Defcon and BSidesLV I was exhausted. I had a wonderful time meeting old friends and making new ones. I also managed to hand out my body weight in Akamai business cards. When the dust settled from the week it struck me that certain parties would never attend these conferences due to their misconceptions.

There is a subset of the security community who like to find fault with “hacker” conferences. The misguided myopic view that they hold is that these types of conferences encourage criminal behaviour. This could not be further from the truth. Education for the security community by the community is the purpose of conferences like Defcon and BSides. 

I have had certain folks tell me that conferences like the aforementioned are a co-mingling with the criminal fringe. The part that amazed me was that these individuals said this with a straight face. The only reason I didn’t burst out laughing was that I was completely stunned at their complete lack of understanding. To further illustrate this a friend was speaking with one such person who happened to hold multiple security designations from several organizations. They stared blankly when discussing what a cryptographic key was. The question came to mind, how to enlighten people like this?

I attended a security conference in the last year where there was a lock picking demonstration. The presenters went through the mechanics of how a lock works and how they can be defeated. At one point the speaker asked for volunteers to try out the demonstration locks that they provided. No one put their hand up. From behind me I heard someone quietly say, “Is this legal?”.

My hand shot up. I decided that I was going to start the ball rolling. I was able to open a five pin lock in moments (fist pump) and this piqued the curiousity of those sitting around me. The desire to learn was able to overcome the misguided notions of some of the folks sitting nearby. Soon people were trying out the locks and having fun with it. 

To borrow from the headlines of the day I’ll use Edward Snowden’s escapades to make my point. He had a security clearance. Let’s set aside for a moment the moral and ethical dilemma as that would be a ten part series all by itself. He had a level of trust that was placed in him. He was hired by a company to work for a client. He took information from that client. Does this make his company that trusted him at fault? Not really. It is orthogonal to the crime committed. If you train people on security and they choose to use it to a negative end that is a choice that they make of their own volition. It is time for people to put on the big kid pants and start taking accountability for their choices. Conferences such as Defcon and BSides are there to help teach and help folks to understand the attacks so that they can better defend or test and understand the consequences of their actions. 

For those of you who are unsure of these types of security conferences, know thyself. Break away and take a chance. You might learn a thing or two.  

Knowledge is a hammer. You can either use it to build or bludgeon. 

(Image used under CC from Lisa Brewster)


Dave Lewis has over two decades of industry experience. He has extensive experience in IT security operations and management. Currently, Dave is a Global Security Advocate for Akamai Technologies. He is the founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast.

The opinions expressed in this blog are those of Dave Lewis and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author